View Full Version : Incredibar
russwilsonau
2012-09-29, 11:21
trying to remove Incredibar -- SB said it removed it but didn't -- when re-starting Ff 15.0.1 it returns when i open a new tab: MyStart Incredibar appears
hope I've got this right this time: sure you'll let me know if I haven't
the DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Russell at 19:40:26 on 2012-09-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.1012.66 [GMT 12:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Box Sync\UpdateService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~1\GFI\GFIBAC~1\GFIFInst.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIFSC~1.EXE
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\ThreatFire\TFService.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\conhost.exe
C:\Program Files\ThreatFire\TFUN.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page =
uSearch Bar =
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0E0Czy0AyByEyD0EtByCyB0E0DtCtC0EtN0D0TzutBtDtCtBtDyCtCyD&cr=1530279376
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {93a3111f-4f74-4ed8-895e-d9708497629e} - c:\program files\videodownloadconverter_4z\bar\1.bin\4zSrcAs.dll
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\freecorder 6\tbhelper.dll
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
TB: Freecorder 6: {6b34accf-1b63-4e1a-8633-461917c75544} - c:\program files\freecorder 6\tbcore3.dll
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\program files\microsoft office 15\root\office15\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\russell\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll/105
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7}\37071627B6630314C647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7}\4457E6564696E602C4962627162797021337470264C6F6F627 : DhcpNameServer = 10.10.10.1
TCP: Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7}\642554540294E4455425E454450213 : DhcpNameServer = 192.168.11.1 8.8.8.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\russell\appdata\roaming\mozilla\firefox\profiles\bylhdpoc.default\
FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com/
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitroie.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\videodownloadconverter_4z\bar\1.bin\NP4zStub.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\russell\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQKBEoZ6o&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 4e18d11e0000000000002eb70d3f194a
FF - user.js: extensions.incredibar_i.instlDay - 15607
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:07:47
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQKBEoZ6o
FF - user.js: extensions.incredibar_i.upn2n - 92543635926693664
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
============= SERVICES / DRIVERS ===============
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-5-20 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-5-20 69392]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-17 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-17 355632]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-17 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-17 58680]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-10-22 25248]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2012-8-4 27760]
R3 igddim32;igddim32;c:\windows\system32\drivers\igddim32.sys [2012-4-20 1344512]
R3 igdkmd32;igdkmd32;c:\windows\system32\drivers\igdkmd32.sys [2012-4-20 419328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-28 22856]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-12-21 197224]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-12-21 394856]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-5-20 33552]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-10-22 35488]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-10-22 290976]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-10-22 97440]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-10-22 147616]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-10-22 60064]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-10-22 263968]
S3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-10-22 445088]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-28 40776]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-09-28 17:31:54 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{78b2374f-2b17-4b23-b40c-f61cff0d9315}\offreg.dll
2012-09-28 15:43:20 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{78b2374f-2b17-4b23-b40c-f61cff0d9315}\mpengine.dll
2012-09-28 07:03:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-28 07:03:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-28 04:15:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-28 04:12:52 -------- d-----w- c:\users\russell\appdata\roaming\Malwarebytes
2012-09-28 04:12:10 -------- d-----w- c:\programdata\Malwarebytes
2012-09-28 04:12:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 04:12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-26 08:03:11 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-26 00:54:09 -------- d-----w- c:\program files\CCleaner
2012-09-25 14:15:58 -------- d-----w- c:\users\russell\appdata\roaming\CX
2012-09-25 14:14:37 -------- d-----w- c:\users\russell\appdata\local\CX
2012-09-24 11:09:26 -------- d-----w- c:\program files\Perion
2012-09-23 14:39:22 -------- d-----w- c:\program files\Mr Smoozles Goes Nutso
2012-09-23 12:29:25 -------- d-----w- c:\program files\GOG.com
2012-09-23 06:15:50 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-23 06:12:28 -------- d-----w- c:\program files\iPod
2012-09-23 06:12:07 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-23 06:12:07 -------- d-----w- c:\program files\iTunes
2012-09-21 23:41:24 0 ----a-w- c:\windows\system32\sho5B78.tmp
2012-09-21 23:35:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-21 23:35:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-09-21 23:35:02 140936 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-09-21 23:35:01 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-09-17 01:19:26 -------- d-----w- c:\program files\Sigma Team
2012-09-17 01:07:36 -------- d-----w- C:\Counter-Strike 2D
2012-09-16 22:57:04 -------- d-----w- c:\program files\Cave Story Deluxe
2012-09-16 14:34:27 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2012-09-16 14:34:25 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-09-16 14:34:24 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2012-09-16 14:34:23 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2012-09-16 14:33:47 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-09-16 10:31:58 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-09-16 10:31:22 -------- d-----w- c:\users\russell\appdata\local\Punkbuster
2012-09-16 10:30:00 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2012-09-15 03:54:15 -------- d-sh--w- C:\found.002
2012-09-13 08:12:25 -------- d-----r- c:\program files\Skype
2012-09-12 20:39:00 0 ----a-w- c:\windows\system32\sho4144.tmp
2012-09-12 04:03:39 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 04:03:38 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 04:03:37 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 04:03:31 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 04:03:29 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 04:03:23 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 03:49:35 -------- d-----w- C:\09470b656efc966851db
2012-09-09 00:33:48 15632352 ----a-w- c:\program files\mozilla firefox\xul.dll
2012-09-09 00:33:47 19424 ----a-w- c:\program files\mozilla firefox\xpcom.dll
2012-09-09 00:33:46 270304 ----a-w- c:\program files\mozilla firefox\updater.exe
2012-09-09 00:33:41 883896 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2012-09-09 00:33:41 145376 ----a-w- c:\program files\mozilla firefox\ssl3.dll
2012-09-09 00:33:40 155104 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2012-09-09 00:33:39 91104 ----a-w- c:\program files\mozilla firefox\smime3.dll
2012-09-09 00:33:29 15672645 ----a-w- c:\program files\mozilla firefox\protext\texmakerx\texmakerx21_win32-install.exe
2012-09-09 00:33:27 131584 ----a-w- c:\program files\mozilla firefox\protext\Setup.exe
2012-09-09 00:33:24 2149888 ----a-w- c:\program files\mozilla firefox\protext\python26.dll
2012-09-09 00:32:08 5779456 ----a-w- c:\program files\mozilla firefox\protext\miktex\tm\packages\setup-2.9.3959.exe
2012-09-09 00:25:23 5779456 ----a-w- c:\program files\mozilla firefox\protext\miktex\setup\setup-2.9.3959.exe
2012-09-09 00:25:21 655872 ----a-w- c:\program files\mozilla firefox\protext\microsoft.vc90.crt\msvcr90.dll
2012-09-09 00:25:19 568832 ----a-w- c:\program files\mozilla firefox\protext\microsoft.vc90.crt\msvcp90.dll
2012-09-09 00:25:18 224768 ----a-w- c:\program files\mozilla firefox\protext\microsoft.vc90.crt\msvcm90.dll
2012-09-09 00:25:10 1502208 ----a-w- c:\program files\mozilla firefox\protext\gsv\gsv49w32.exe
2012-09-09 00:25:08 2188288 ----a-w- c:\program files\mozilla firefox\protext\gsv\gsv491w64.exe
2012-09-09 00:25:06 2042368 ----a-w- c:\program files\mozilla firefox\protext\gsv\gsv491w32.exe
2012-09-09 00:25:03 12592939 ----a-w- c:\program files\mozilla firefox\protext\gsv\gs902w64.exe
2012-09-08 08:27:38 -------- d--h--w- C:\.cache
2012-09-08 08:23:09 -------- d-----r- c:\users\russell\MegaCloud
2012-09-08 08:22:37 -------- d-----w- c:\users\russell\appdata\roaming\MegaCloudBackup
2012-09-08 08:20:14 -------- d-----w- c:\users\russell\appdata\roaming\MegaCloud
2012-09-08 08:17:11 -------- d-----w- c:\programdata\Web Installer
2012-09-08 05:51:55 -------- d-----w- c:\users\russell\appdata\roaming\Box Sync
2012-09-08 05:51:31 -------- d-----w- c:\users\russell\appdata\roaming\Box Desktop
2012-09-08 05:41:06 -------- d-----w- c:\program files\Box Sync
2012-09-08 05:27:22 -------- d-----w- c:\users\russell\appdata\local\Box Sync
2012-09-08 01:18:22 -------- d-----w- c:\users\russell\appdata\local\SugarSync
2012-09-08 01:16:45 -------- d-----w- c:\program files\SugarSync
2012-09-07 21:36:25 -------- d-----w- c:\users\russell\appdata\local\Tracker Software
2012-09-07 13:32:03 -------- d-----w- c:\users\russell\docear_workspace
2012-09-07 13:29:01 -------- d-----w- c:\users\russell\appdata\roaming\Docear
2012-09-07 12:44:04 -------- d-----w- c:\program files\Docear
2012-09-07 12:16:13 -------- d-----w- c:\program files\Tracker Software
2012-09-01 19:00:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-30 11:21:11 -------- d-----w- c:\program files\LibreOffice 3.6
.
==================== Find3M ====================
.
2012-09-01 19:38:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-01 19:38:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-01 18:59:57 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-01 18:59:56 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 03:58:36 405152 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-08-21 16:48:32 737280 ----a-w- c:\windows\iun6002.exe
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13:14 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13:14 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 01:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-15 15:58:49 0 ----a-w- c:\windows\system32\sho6E5C.tmp
2012-08-07 18:54:04 0 ----a-w- c:\windows\system32\sho864F.tmp
2012-07-31 20:46:53 0 ----a-w- c:\windows\system32\sho145B.tmp
2012-07-28 09:32:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-28 09:32:23 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-26 02:39:12 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-07-26 02:39:10 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-07-23 07:20:25 0 ----a-w- c:\windows\system32\sho5CFC.tmp
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 00:27:53 2216480 ------w- c:\windows\wweb32.dll
2012-07-06 19:23:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-06 05:34:14 0 ----a-w- c:\windows\system32\shoBAB9.tmp
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
.
============= FINISH: 19:48:53.31 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
russwilsonau
2012-10-05, 12:29
attached: Malwarebytes txt report file
please advise further -- problem persists
but neither SB not MWB report any problems
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.10.04.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Russell :: RUSSELL-HP [administrator]
Protection: Disabled
5/10/2012 5:30:34 p.m.
mbam-log-2012-10-05 (17-30-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207327
Time elapsed: 9 minute(s), 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Hi,
No need to post what I have posted and if you can copy and paste the logs asked for into this thread in lew of attaching them
Go into your Programs and Features tab inside the control panel and uninstall any referernce to incredibar.
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
russwilsonau
2012-10-07, 11:30
OTL logfile created on: 7/10/2012 8:40:34 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Russell\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy
1012.30 Mb Total Physical Memory | 93.00 Mb Available Physical Memory | 9.19% Memory free
1.99 Gb Paging File | 0.79 Gb Available in Paging File | 39.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.95 Gb Total Space | 154.78 Gb Free Space | 54.51% Space Free | Partition Type: NTFS
Drive D: | 13.84 Gb Total Space | 1.55 Gb Free Space | 11.18% Space Free | Partition Type: NTFS
Drive E: | 99.00 Mb Total Space | 87.44 Mb Free Space | 88.33% Space Free | Partition Type: FAT32
Computer Name: RUSSELL-HP | User Name: Russell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Russell\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Box Sync\UpdateService.exe (Box, Inc.)
PRC - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Program Files\GFI\GFI BackUp Freeware\GFIFInst.exe (GFI Software Ltd.)
PRC - C:\Program Files\GFI\GFI BackUp Freeware\GFIFSched.exe (GFI Software Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
PRC - C:\Program Files\IDT\WDM\AESTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ae1551d0edae77ab6ccc6b5dc3a90919\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c9bf903caf3cdbad651e4254c8fc78ab\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f489585d6cb29313a05dceac6ee1cde1\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f37a9277a565b368c4358befdce25080\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\6b97ba148f663f114bcbbfae7a2752e9\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7edca5be5fb91df4d5eb66097437f546\mscorlib.ni.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
========== Services (SafeList) ==========
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (#UpdateService) -- C:\Program Files\Box Sync\UpdateService.exe (Box, Inc.)
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (BingDesktopUpdate) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (GFIBckFAtt) -- C:\Program Files\GFI\GFI BackUp Freeware\GFIFInst.exe (GFI Software Ltd.)
SRV - (GFIBckFSched) -- C:\Program Files\GFI\GFI BackUp Freeware\GFIFSched.exe (GFI Software Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ThreatFire) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSrv.exe (Andrea Electronics Corporation)
========== Driver Services (SafeList) ==========
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (igddim32) -- C:\Windows\System32\drivers\igddim32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros)
DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros)
DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros)
DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros)
DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros)
DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros)
DRV - (btath_avdt) -- C:\Windows\System32\drivers\btath_avdt.sys (Atheros)
DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (clwvd) -- C:\Windows\System32\drivers\clwvd.sys (CyberLink Corporation)
DRV - (TfSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys (PC Tools)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/116
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0E0Czy0AyByEyD0EtByCyB0E0DtCtC0EtN0D0TzutBtDtCtBtDyCtCyD&cr=1530279376
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKLM\..\URLSearchHook: {81fae9c9-cfbd-4cb3-8322-412e72f55f65} - No CLSID value found
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{1EB53970-B557-5025-3244-737B4FF514AF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0E0Czy0AyByEyD0EtByCyB0E0DtCtC0EtN0D0TzutBtDtCtBtDyCtCyD&cr=1530279376
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\.DEFAULT\..\URLSearchHook: {D0CF9C3B-2C4F-4C99-ACED-3CDF9AEEFF7E} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {D0CF9C3B-2C4F-4C99-ACED-3CDF9AEEFF7E} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.msn.com/?pc=BDT3&ocid=bdtdhp
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/116
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {81fae9c9-cfbd-4cb3-8322-412e72f55f65} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {93a3111f-4f74-4ed8-895e-d9708497629e} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Freecorder 6\tbhelper.dll ()
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes,Backup.Old.DefaultScope = {9655317D-B950-475F-9450-73A32684CFEC}
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{1EB53970-B557-5025-3244-737B4FF514AF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7ITVB_enNZ475
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{4306E828-4997-4C8E-9FE4-9E46CC3276E4}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://au.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: save-as-pdf-ff@pdfcrowd.com:1.5
FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: tabutilslite@ithinc.cn:1.1.5
FF - prefs.js..extensions.enabledAddons: zotero@chnm.gmu.edu:3.0.8
FF - prefs.js..extensions.enabledAddons: zoteroOpenOfficeIntegration@zotero.org:3.5.3
FF - prefs.js..extensions.enabledAddons: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:2.0.6
FF - prefs.js..extensions.enabledAddons: {ada4b710-8346-4b82-8199-5de2b400a6ae}:2.0.1
FF - prefs.js..extensions.enabledAddons: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.7.5
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: {d37dc5d0-431d-44e5-8c91-49419370caa1}:3.1.26
FF - prefs.js..extensions.enabledAddons: zotfile@columbia.edu:2.2.1
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\LibreOffice 3.4\program File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Russell\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Russell\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin [2012/09/28 18:41:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/27 23:47:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 13:34:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/24 19:22:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles/xfb27j5f.default\extensions\superfish@superfish.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files\WordWeb\WCaptureMoz [2012/02/27 19:17:18 | 000,000,000 | ---D | M]
[2012/08/03 07:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Extensions
[2012/10/05 14:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions
[2012/08/26 03:57:18 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/09/18 18:03:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/20 13:35:40 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012/10/03 08:37:27 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\foxmarks@kei.com
[2012/08/03 08:00:26 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\support@lastpass.com
[2012/08/03 07:28:39 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\zotero@chnm.gmu.edu
[2012/08/03 07:45:37 | 000,000,000 | ---D | M] (Zotero LibreOffice Integration) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\zoteroOpenOfficeIntegration@zotero.org
[2012/08/03 08:00:22 | 000,057,194 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\save-as-pdf-ff@pdfcrowd.com.xpi
[2012/08/26 03:57:11 | 000,024,946 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\tabutilslite@ithinc.cn.xpi
[2012/09/26 17:08:59 | 000,406,180 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\zotfile@columbia.edu.xpi
[2012/08/03 08:00:26 | 000,527,037 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi
[2012/09/13 09:10:43 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/08/03 08:00:27 | 000,324,289 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
[2012/08/11 00:32:56 | 000,000,822 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\xpi-details.xsl
[2012/09/09 13:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/09 13:34:36 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/10 15:52:26 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/03 03:09:47 | 000,002,361 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/09/04 11:36:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/15 23:57:58 | 000,001,478 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\emclient_igeared.xml
[2012/09/04 11:36:54 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.co.nz/
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb178/?loc=IB_DS&search={searchTerms}&a=6PQKBEoZ6o&i=26
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.co.nz/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak
CHR - Extension: YouTube = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Proxy SwitchySharp = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\1.9.48_0\
CHR - Extension: SaveFrom.net helper lite = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gekjjfhbnbhfgmnmkocnnfapjpdcpbok\1.47_0\
CHR - Extension: LastPass = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.10_0\
CHR - Extension: No name found = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Search for YouTube Videos = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kabfoagjjgbakjgadhcpoleecfkmhpjm\0.1.0.6_0\
CHR - Extension: Save as PDF = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc\1.6_0\
CHR - Extension: Incredible StartPage - Productive Start Page for Chrome! = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.5.2_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Gmail = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/11 10:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\Toolbar\WebBrowser: (Freecorder 6) - {6B34ACCF-1B63-4E1A-8633-461917C75544} - C:\Program Files\Freecorder 6\tbcore3.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 10:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/10/07 09:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012/10/07 01:53:17 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\EMAIL IDs
[2012/10/07 00:21:44 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\MEDITATION -- SELF-COMPASSION
[2012/10/06 11:50:53 | 000,000,000 | ---D | C] -- C:\8e07ef0f1fb298627a7ae926aaec3f
[2012/09/29 20:38:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/09/29 20:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/09/29 20:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/09/28 20:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/09/28 20:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/09/28 20:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/09/28 17:12:52 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Malwarebytes
[2012/09/28 17:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/28 17:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/28 17:12:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/28 17:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/26 21:03:11 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012/09/26 13:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/26 13:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/26 03:15:58 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\CX
[2012/09/26 03:15:11 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CX
[2012/09/26 03:14:37 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\CX
[2012/09/25 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012/09/24 03:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr Smoozles Goes Nutso
[2012/09/24 03:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mr Smoozles Goes Nutso
[2012/09/24 01:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2012/09/24 01:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com
[2012/09/23 19:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/23 19:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/23 19:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/23 19:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/22 12:35:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/22 12:34:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/22 12:34:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/22 12:34:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/22 12:34:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/22 12:34:50 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/22 12:34:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/22 12:34:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/20 22:57:10 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\MSSAT TRUST OTAGO
[2012/09/17 14:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigma Team
[2012/09/17 14:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sigma Team
[2012/09/17 14:07:36 | 000,000,000 | ---D | C] -- C:\Counter-Strike 2D
[2012/09/17 11:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cave Story Deluxe
[2012/09/17 11:57:56 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cave Story Deluxe
[2012/09/17 11:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Cave Story Deluxe
[2012/09/17 03:34:27 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2012/09/17 03:34:25 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2012/09/17 03:34:24 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2012/09/17 03:34:23 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2012/09/17 03:34:22 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2012/09/17 03:34:22 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2012/09/17 03:34:21 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2012/09/17 03:33:54 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2012/09/17 03:33:53 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2012/09/17 03:33:53 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2012/09/17 03:33:52 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2012/09/17 03:33:50 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2012/09/17 03:33:48 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2012/09/17 03:33:47 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2012/09/17 03:33:45 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2012/09/17 03:33:43 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2012/09/16 23:31:22 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Punkbuster
[2012/09/16 23:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Wolfenstein - Enemy Territory
[2012/09/15 16:54:15 | 000,000,000 | -HSD | C] -- C:\found.002
[2012/09/13 21:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/13 21:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/13 21:12:25 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/09/12 17:03:38 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/12 17:03:37 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/12 17:03:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/12 17:03:23 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/12 16:49:35 | 000,000,000 | ---D | C] -- C:\09470b656efc966851db
[2012/09/09 13:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/08 21:27:38 | 000,000,000 | -H-D | C] -- C:\.cache
[2012/09/08 21:23:09 | 000,000,000 | R--D | C] -- C:\Users\Russell\MegaCloud
[2012/09/08 21:22:45 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MegaCloud Backup
[2012/09/08 21:22:37 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\MegaCloudBackup
[2012/09/08 21:20:35 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MegaCloud
[2012/09/08 21:20:14 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\MegaCloud
[2012/09/08 21:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Web Installer
[2012/09/08 18:54:50 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\My Box Files
[2012/09/08 18:51:55 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Box Sync
[2012/09/08 18:51:31 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Box Desktop
[2012/09/08 18:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
[2012/09/08 18:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\Box Sync
[2012/09/08 18:27:22 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Box Sync
[2012/09/08 14:22:01 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\SUGARSYNC
[2012/09/08 14:21:26 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\Magic Briefcase
[2012/09/08 14:18:22 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\SugarSync
[2012/09/08 14:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\SugarSync
[2012/09/08 10:36:25 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Tracker Software
[2012/09/08 02:32:03 | 000,000,000 | ---D | C] -- C:\Users\Russell\docear_workspace
[2012/09/08 02:29:01 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Docear
[2012/09/08 01:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Docear
[2012/09/08 01:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Docear
[2012/09/08 01:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
[2012/09/08 01:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[18 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/10/07 20:36:08 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 20:36:07 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 20:27:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/07 20:27:19 | 796,102,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/07 18:34:15 | 000,501,657 | ---- | M] () -- C:\Users\Russell\Desktop\Anger and depression.maff
[2012/10/07 18:29:35 | 000,413,469 | ---- | M] () -- C:\Users\Russell\Desktop\Busch 2009 Anger and depression.PDF
[2012/10/07 05:21:28 | 000,053,624 | ---- | M] () -- C:\Users\Russell\Desktop\Spermon 2012 Complex Posttraumatic Stress Disorder -- Voices.maff
[2012/10/06 12:20:39 | 000,153,870 | ---- | M] () -- C:\Users\Russell\Desktop\Most Psychotropic Meds Increase Driving Risk.maff
[2012/10/06 06:02:54 | 000,126,494 | ---- | M] () -- C:\Users\Russell\Desktop\Neuropathy_Treatment.pdf
[2012/10/04 15:28:51 | 000,000,013 | ---- | M] () -- C:\Windows\System32\WinSys32.crc
[2012/10/02 12:01:56 | 000,665,232 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/02 12:01:56 | 000,125,678 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/25 00:07:50 | 000,000,712 | ---- | M] () -- C:\user.js
[2012/09/16 21:47:00 | 000,001,947 | ---- | M] () -- C:\Users\Russell\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2012/09/13 23:52:19 | 000,002,060 | ---- | M] () -- C:\Users\Russell\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/09/08 21:21:48 | 000,001,870 | ---- | M] () -- C:\Users\Russell\Application Data\Microsoft\Internet Explorer\Quick Launch\MegaCloud.lnk
[18 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/10/07 18:33:43 | 000,501,657 | ---- | C] () -- C:\Users\Russell\Desktop\Anger and depression.maff
[2012/10/07 18:31:32 | 000,413,469 | ---- | C] () -- C:\Users\Russell\Desktop\Busch 2009 Anger and depression.PDF
[2012/10/07 05:21:11 | 000,053,624 | ---- | C] () -- C:\Users\Russell\Desktop\Spermon 2012 Complex Posttraumatic Stress Disorder -- Voices.maff
[2012/10/06 12:20:18 | 000,153,870 | ---- | C] () -- C:\Users\Russell\Desktop\Most Psychotropic Meds Increase Driving Risk.maff
[2012/10/06 06:02:07 | 000,126,494 | ---- | C] () -- C:\Users\Russell\Desktop\Neuropathy_Treatment.pdf
[2012/09/16 23:31:58 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/09/08 21:21:48 | 000,001,870 | ---- | C] () -- C:\Users\Russell\Application Data\Microsoft\Internet Explorer\Quick Launch\MegaCloud.lnk
[2012/09/08 14:18:07 | 000,001,872 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SugarSync Manager.lnk
[2012/08/25 10:31:42 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012/08/24 14:02:51 | 000,001,729 | ---- | C] () -- C:\Users\Russell\AppData\Local\recently-used.xbel
[2012/07/29 19:16:38 | 000,000,061 | ---- | C] () -- C:\ProgramData\DoremisoftSWFSetting.ini
[2012/06/21 06:30:48 | 000,093,696 | ---- | C] () -- C:\Windows\System32\lua5.1a.dll
[2012/06/15 22:34:02 | 000,302,425 | ---- | C] () -- C:\Users\Russell\AppData\Local\funmoods-speeddial.crx
[2012/05/10 00:38:50 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2012/05/08 00:43:43 | 000,001,089 | ---- | C] () -- C:\Users\Russell\Documents - Shortcut.lnk
[2012/05/07 13:48:05 | 000,042,120 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2012/04/20 23:30:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/03/18 22:00:51 | 000,000,000 | ---- | C] () -- C:\Users\Russell\hsqlprefs.dat
[2012/03/14 18:56:02 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2012/03/01 23:57:34 | 000,000,165 | ---- | C] () -- C:\Users\Russell\.gtkrc-2.0
[2012/02/27 19:17:40 | 002,216,480 | ---- | C] () -- C:\Windows\wweb32.dll
[2012/02/23 00:31:43 | 000,011,776 | ---- | C] () -- C:\Users\Russell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 01:44:00 | 000,003,504 | ---- | C] () -- C:\Users\Russell\Financial Accounts.gnucash
[2012/02/14 23:08:04 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/02/05 03:29:28 | 000,000,224 | ---- | C] () -- C:\Users\Russell\.languagetool-ooo.cfg
[2012/02/02 23:23:25 | 000,899,072 | ---- | C] () -- C:\Users\Russell\AppData\Roaming\SharedSettings.ccs
[2011/12/21 22:42:09 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/12/14 11:57:16 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/12/12 03:22:22 | 000,000,101 | ---- | C] () -- C:\Windows\System32\ud-boot-time.ini
[2011/10/22 22:24:58 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin
[2011/09/15 16:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/09/07 09:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/03/29 21:00:00 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/03/25 08:35:18 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/02 23:43:46 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
========== ZeroAccess Check ==========
[2012/08/11 00:32:56 | 000,000,596 | ---- | M] () -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/14 17:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 17:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 10:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 14:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/04/18 04:27:57 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\.calligra
[2012/05/27 14:48:23 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\.gephi
[2012/07/28 13:06:35 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AnvSoft
[2012/10/05 22:18:16 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Applian FLV and Media Player
[2012/03/06 10:32:13 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Ashampoo
[2012/07/29 05:10:41 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AVCWare
[2012/05/16 14:47:51 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AVG
[2012/02/02 17:21:16 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Blio
[2012/09/08 18:54:50 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Box Desktop
[2012/09/09 23:55:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Box Sync
[2012/02/13 06:07:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\calibre
[2012/08/04 03:21:52 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CBS Interactive
[2012/02/05 15:41:23 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Cocoon Software
[2012/10/04 15:25:35 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CoffeeCup Software
[2012/05/20 17:48:43 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\ColorCop
[2012/09/26 03:15:58 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CX
[2012/02/14 21:15:38 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DAZ 3D
[2012/09/08 02:35:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Docear
[2012/08/04 05:05:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Downloaded Installations
[2012/09/08 18:02:55 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Dropbox
[2012/08/30 02:11:01 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DVDVideoSoft
[2012/08/29 01:34:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/02/04 02:13:30 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\E-Z Contact Book
[2012/06/19 23:12:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Eltima Software
[2012/08/20 00:43:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\eM Client
[2012/03/21 20:03:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\eM Client for SoftMaker
[2012/05/16 02:09:12 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\enchant
[2012/05/27 21:46:26 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\EndNote
[2012/06/25 18:07:07 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FileOpen
[2012/10/03 22:43:26 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FileZilla
[2012/08/04 07:27:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Foxit
[2012/06/16 19:51:33 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Foxit Software
[2012/08/08 06:57:37 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Free Sound Recorder
[2012/02/07 07:27:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FreeCommander
[2012/08/08 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Audio
[2012/08/08 08:47:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Converter
[2012/08/08 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Screen
[2012/08/08 08:48:07 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Video
[2012/02/03 23:44:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FreeFLVConverter
[2012/08/13 07:27:27 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FTPSynchronize
[2012/09/13 23:54:11 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\GlarySoft
[2012/04/29 10:49:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\gtk-2.0
[2012/05/27 15:29:02 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\HistCite
[2012/05/15 13:28:06 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\inkscape
[2012/03/03 23:11:37 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\IObit
[2012/05/17 09:41:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\IrfanView
[2012/05/31 05:01:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\JabRef 2.8
[2012/10/07 02:25:41 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Jarte
[2012/07/28 14:57:39 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\KompoZer
[2012/07/28 15:50:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\kompozer.net
[2012/02/02 17:55:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\LibreOffice
[2012/05/25 03:38:20 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\LyX2.0
[2012/10/06 20:41:35 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\MegaCloud
[2012/09/09 23:20:54 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\MegaCloudBackup
[2012/07/29 07:46:20 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Moyea
[2012/10/07 02:01:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Nitro PDF
[2012/04/18 12:23:41 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\onOne Software
[2012/07/04 08:52:39 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\OpenCandy
[2012/05/19 02:07:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\OpenOffice.org
[2012/07/29 00:35:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Opera
[2012/07/04 08:57:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Paltalk
[2012/05/20 23:08:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\picpick
[2012/02/15 05:43:06 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\postgresql
[2012/05/28 02:01:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Publish or Perish
[2012/02/07 22:06:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Quantisle
[2012/08/04 04:17:17 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RapidTyping
[2012/07/28 14:51:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RecoolTec
[2012/04/17 15:54:04 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RegistryKeys
[2012/08/13 00:55:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RiseFly
[2012/06/25 16:28:27 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Smart PDF Converter Pro
[2012/07/17 13:55:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\SoftGrid Client
[2012/03/21 20:42:01 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\SoftMaker
[2012/02/02 16:41:42 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Synaptics
[2012/08/13 01:43:49 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Sync App Settings
[2012/08/11 00:05:26 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Thunderbird
[2012/03/14 06:42:58 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Titler
[2012/02/02 18:09:58 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\TP
[2012/05/05 19:15:14 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\uTorrent
[2012/07/28 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\VIP Video Converter
[2012/02/03 19:21:42 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Windows Live Writer
[2012/07/28 14:12:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/07/29 05:35:51 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Xilisoft
[2012/02/03 00:55:24 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Zotero
[2012/03/16 15:07:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\ZScreen
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4
< End of report >
russwilsonau
2012-10-07, 11:33
OTL Extras logfile created on: 7/10/2012 8:40:34 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Russell\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy
1012.30 Mb Total Physical Memory | 93.00 Mb Available Physical Memory | 9.19% Memory free
1.99 Gb Paging File | 0.79 Gb Available in Paging File | 39.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.95 Gb Total Space | 154.78 Gb Free Space | 54.51% Space Free | Partition Type: NTFS
Drive D: | 13.84 Gb Total Space | 1.55 Gb Free Space | 11.18% Space Free | Partition Type: NTFS
Drive E: | 99.00 Mb Total Space | 87.44 Mb Free Space | 88.33% Space Free | Partition Type: FAT32
Computer Name: RUSSELL-HP | User Name: Russell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D574239-F5E9-457F-971F-4D6B1A522642}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0DA39A31-D545-4EAB-B163-650570D3526A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1A1AE848-3CAA-4ED0-8363-DDC6C27F1E39}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28351781-E972-4BEE-AAB8-174CF85CC889}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2FA112C4-5E5D-4932-BB63-53E666C2B379}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{5B3EB09F-5045-4915-89E4-EFC76C4F6CEC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{607595E8-8062-4BB1-8086-97FD001DF58D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A37EAB57-E16B-436C-839A-FA3F2157F4EB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7B6F770-0C50-4230-9E9E-2080E55E4F92}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D3C0C5E9-50EA-4D4E-B69E-F5FD79197DB4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDBF0956-3DC6-49C8-90B6-5FAAA3CA2027}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F144D439-194E-42CD-98E5-75B55C3ADD87}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F79E1714-8BA5-4B45-9717-4A532F970489}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FEA7B8D1-EA33-461A-8929-DD92505894E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CF31DF-17D6-4424-BDEC-0545E3B71D20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0B52B059-6361-4854-8F33-982A342E0703}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gnucash.exe |
"{163186A5-406F-4A6C-AAE2-13BF81156039}" = protocol=17 | dir=in | app=c:\users\russell\appdata\roaming\dropbox\bin\dropbox.exe |
"{2ED5C7A1-20D3-47CE-A125-B113CC4E14DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3BD07616-692A-4D64-A3C5-B0EB6CEFBCFC}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe |
"{3C357F8F-F0E7-4045-B53E-4C4BABA4B37F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{471B0CF0-AE6C-4F54-A31C-3BA8A008BA9D}" = protocol=6 | dir=out | app=system |
"{56781A6F-F112-4B02-8398-5A5158C509EA}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{57070553-CCCE-4CB4-BA9B-8BBF382A5686}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E1B1A1A-0573-4AC7-A5E9-D2A763E9AFAE}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{70687391-A921-4D13-9CF9-264B0CDE94C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{761DCD48-FEB4-4846-931F-1087C2734CF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8047008B-E0BE-4571-A33F-4F4FE133EF64}" = protocol=6 | dir=in | app=c:\users\russell\appdata\roaming\dropbox\bin\dropbox.exe |
"{8108117A-7C34-4F1C-A15B-E24C08041DB8}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{82391835-2DCE-44DB-8284-0C4984CF9BFC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{843D8CAD-EF94-4B98-AC3C-B26EFA521C92}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{91C8CF7B-04C9-494A-A9D9-B2BABF0E8138}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A4690E8-C5CD-4598-A687-440A54DE8EFF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AFCD5E69-AE8D-40CF-BFA2-79197EF57C3D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AFE69B11-E07F-44B9-B6F2-6987F71AFF27}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B3C21527-D811-4C5B-9CD3-F1580D658C24}" = protocol=6 | dir=in | app=c:\users\russell\appdata\local\microsoft\skydrive\skydrive.exe |
"{BB1E92D2-2ADB-428C-997B-1E121A32BAC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C770CAD6-9FD6-4622-AD95-526EF2FC990B}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gnucash.exe |
"{D07DA48C-F372-435D-B872-3FFDB06DEC7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D539B881-AC1C-4742-8558-B8E9C95DD5CD}" = protocol=17 | dir=in | app=c:\users\russell\appdata\local\microsoft\skydrive\skydrive.exe |
"{E25EC379-236A-4296-A3E1-21B0AA82990E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ECBDBDC1-7A36-4E99-859F-1BD66E4F211F}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe |
"{FD9B1DB8-CA11-4815-81F8-A0C1DD1B9D0A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1C637BAE-A69E-4DCD-8E70-4317BC7D3396}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{341FD0DB-3033-4335-98AB-AA5CF62863F5}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{3812CB32-29B2-4354-BE55-D13F95BB18E6}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{499C5504-6C36-44F0-BB25-CF4CC5AF6E42}C:\users\russell\appdata\local\aptana studio 3\aptanastudio3.exe" = protocol=6 | dir=in | app=c:\users\russell\appdata\local\aptana studio 3\aptanastudio3.exe |
"TCP Query User{64F54C13-CB19-4584-A583-DF62F6E4DD79}C:\users\russell\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\russell\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{79212712-319F-46D8-BFD2-1FB1DF50078A}C:\program files\daz 3d\brycelightning7\lightning.exe" = protocol=6 | dir=in | app=c:\program files\daz 3d\brycelightning7\lightning.exe |
"TCP Query User{8828BF10-0FCC-4E75-ADAA-273C4D47D443}C:\program files\coffeecup software\direct ftp\directftp.exe" = protocol=6 | dir=in | app=c:\program files\coffeecup software\direct ftp\directftp.exe |
"TCP Query User{8CED79F7-B956-43D1-8792-2637CE279001}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{B76AEEE5-7007-4264-A786-B79F35A4C6B9}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{C2155265-7429-466F-92C4-AEACA4029572}C:\program files\onone software\perfect effects free\perfecteffects.exe" = protocol=6 | dir=in | app=c:\program files\onone software\perfect effects free\perfecteffects.exe |
"TCP Query User{CA01DA1C-4D5C-4B2A-9780-8F433B28E82C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{DCD8D1FB-171A-4480-B6C0-A82E867F0380}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{E186ADD0-77B3-45E5-9D79-41D6A7A8AF96}C:\users\russell\appdata\local\aptana studio 3\aptanastudio3.exe" = protocol=6 | dir=in | app=c:\users\russell\appdata\local\aptana studio 3\aptanastudio3.exe |
"UDP Query User{0DF3BE3A-F4A4-4EB0-84ED-81FABE2EA08F}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{2680ED4C-EFE5-4FAB-BACD-B08EA18EBF0B}C:\program files\onone software\perfect effects free\perfecteffects.exe" = protocol=17 | dir=in | app=c:\program files\onone software\perfect effects free\perfecteffects.exe |
"UDP Query User{29CCA711-6FAB-43CF-B3B3-1813B91EF9A8}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{39BAA35A-3EF5-4F8B-B221-E6633E7C2AE3}C:\program files\coffeecup software\direct ftp\directftp.exe" = protocol=17 | dir=in | app=c:\program files\coffeecup software\direct ftp\directftp.exe |
"UDP Query User{40576483-9AB5-4436-B9CE-D8A1EF2B0AF6}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{4A343C0D-02B7-422D-8D91-5471C782E742}C:\program files\daz 3d\brycelightning7\lightning.exe" = protocol=17 | dir=in | app=c:\program files\daz 3d\brycelightning7\lightning.exe |
"UDP Query User{556DA3DC-9F6C-4B18-A05F-8A24C509498D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{7CFC5DC9-FBEF-46C8-85AF-CB0D68ECC333}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{8036DA6D-D8EE-4EA6-B815-3E5F7196AC26}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{970C2F08-87BA-4606-8BCE-6C6DCEE341E3}C:\users\russell\appdata\local\aptana studio 3\aptanastudio3.exe" = protocol=17 | dir=in | app=c:\users\russell\appdata\local\aptana studio 3\aptanastudio3.exe |
"UDP Query User{C2DC9C7A-8D9F-415F-AA14-26B16893326A}C:\users\russell\appdata\local\aptana studio 3\aptanastudio3.exe" = protocol=17 | dir=in | app=c:\users\russell\appdata\local\aptana studio 3\aptanastudio3.exe |
"UDP Query User{CAD3DDD8-3D9F-40A5-863E-AC9634F410C2}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{DF8AE8FA-F6B2-4B58-89F9-5BB07A042E85}C:\users\russell\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\russell\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Atheros Bluetooth Suite
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B90DADD-3136-45C9-B913-1DAEBDE8A585}" = Nitro Reader 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2300A0B6-11F7-4CB9-811F-055919BF5D59}" = LibreOffice 3.6 Help Pack (English)
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DB8743E-A513-4AE5-A617-BD42D0653969}" = HP Launch Box
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{30C7F6E8-D7DF-4162-BFE0-72796148D589}_is1" = Moyea SWF to MPEG Converter version 4.0.0.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC3AD66-3B4C-4122-805F-C03E8A680583}" = HP Security Assistant
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62A211E4-CE6F-4EEB-AACC-7EF75335413F}_is1" = Mr Smoozles Goes Nutso version 1.6
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66209054-3985-4125-B0CB-C69F75D2F0D9}" = Amazon Cloud Drive
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}" = Microsoft Small Basic v1.0
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85DE30D0-AEC8-4799-A56A-14267C421A76}" = CoffeeCup Web Form Builder Lite
"{860C8A24-AA98-476C-90D3-5046C0787987}" = HP Documentation
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88741A14-4C9D-469F-BA36-8FDF6037BB68}" = CoffeeCup Direct FTP
"{89C0BD38-4496-4721-9381-2BE0F2AC80F6}" = GI Contact Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC9F4D8-D938-412B-B67D-A28FA7BDB8AA}" = Jing
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED5BF38-B9BF-4F2D-AF42-9037574A254F}_is1" = Moyea Free Flash Downloader version 1.3.0.0
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99AF0582-482B-4E5E-BB11-675354BF5E77}_is1" = Qiqqa
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}" = Bing Bar
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B3EBF7DE-2A5B-4E10-9438-931EE6B22C05}" = eM Client
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5BF7B43-E13D-4A76-9F8F-E933817131EC}" = calibre
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B8D92680-34AC-4B76-8D95-7E95B11B5121}" = Perfect Effects 3 Free
"{BCE2B68D-8543-4ED6-8BF8-DB125A11A929}" = ESU for Microsoft Windows 7 SP1
"{BEF91C17-A5F9-4CF6-9624-873542421EC7}_is1" = Resource Scheduler version 1.1
"{C2F438B6-7010-453B-93EC-B2FC053AA97B}" = LibreOffice 3.6
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDE1F7BF-9B4B-44AB-9788-A9EBF9453F13}" = Harzing's Publish or Perish 3.6.4520
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3ECCDC8-B7ED-4BFA-BAEB-9778E3804FA2}" = Box Sync
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE718DF0-3874-4873-9BC3-3A94944C916E}_is1" = Wondershare PDF to Word (Build 3.6.0)
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF9DAE00-F582-42F6-9537-B5F1F6858AE1}" = HP Software Framework
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EACCC042-848D-4166-9D97-B13D1D108722}" = Google Drive
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0222-0618-0114-4896" = Review Manager 5.1.7
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Allway Sync_is1" = Allway Sync version 12.2.3
"Amaya" = Amaya
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"Aptana Studio 3" = Aptana Studio 3
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v10.0.15
"Ask Toolbar_is1" = Foxit Toolbar
"Audacity_is1" = Audacity 2.0
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Bryce Lightning 7.0 7.1.0.109" = Bryce Lightning 7.0
"Cave Story Deluxe" = Cave Story Deluxe
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Docear" = Docear
"ERUNT_is1" = ERUNT 1.1j
"eSpeak_is1" = eSpeak version 1.46.02
"FileZilla Client" = FileZilla Client 3.5.3
"Foxit Reader_is1" = Foxit Reader
"Free CSS Toolbox_is1" = Free CSS Toolbox 1.2
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Free HTML5 Video Player and Converter_is1" = Free HTML5 Video Player and Converter version 5.0.17.824
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.26.825
"Free Video Dub_is1" = Free Video Dub version 2.0.14.825
"Free YouTube Download_is1" = Free YouTube Download version 3.1.34.825
"FreeCommander_is1" = FreeCommander 2009.02b
"Freecorder 6" = Freecorder 6
"Freecorder 6 Add-on for Firefox" = Freecorder 6 Add-on for Firefox
"Freecorder 6 Applications" = Freecorder 6 Applications (6.0.0.40)
"Freecorder_1.0" = Freecorder 2.3 (with Skype Call Recording)
"GFI BackUp Freeware" = GFI BackUp Freeware
"GIMP-2_is1" = GIMP 2.8.2
"GnuCash_is1" = GnuCash 2.4.11
"HTMLKit_is1" = HTML-Kit 292
"HyperCam 2" = HyperCam 2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"IrfanView" = IrfanView (remove only)
"Jarte_is1" = Jarte 4.5
"Kiran's Typing Tutor_is1" = Kiran's Typing Tutor 1.0
"LimeSurvey on XAMPP_is1" = LimeSurvey v1.92 on XAMPP
"Lynx_is1" = Lynx 2.8.7rel.1
"LyX20" = LyX 2.0.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mendeley Desktop" = Mendeley Desktop 1.5.2
"MicrOsiris_is1" = MicrOsiris 17.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"Mozilla Thunderbird 15.0.1 (x86 en-US)" = Mozilla Thunderbird 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PalTalk8.2" = Paltalk Messenger
"PhotoStage" = PhotoStage Slideshow Producer
"RapidTyping" = RapidTyping
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SMRecorder" = SMRecorder 1.2.4
"Stamina" = Stamina 2.5
"SugarSync" = SugarSync Manager
"SynTPDeinstKey" = Synaptics TouchPad Driver
"Theseus - Return of the Hero_is1" = Theseus - Return of the Hero v 1.2
"Tyrian 2000_is1" = Tyrian 2000
"UltraDefrag" = Ultra Defragmenter
"VideoDownloadConverter_4zbar Uninstall" = VideoDownloadConverter Toolbar
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.0.3
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WordWeb" = WordWeb
"WTA-176614f2-9295-4f2a-91de-ae797e8ad6a8" = Insaniquarium Deluxe
"Zotero Standalone 3.0.8 (x86 en-US)" = Zotero Standalone 3.0.8 (x86 en-US)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"14d4807920ca8445" = TableMaker for Psychological Evaluation Reports
"2D857E8472D5CE6389E3ABD8FDE97BC8130D96A3" = Atheros Outlook Addin 2010
"CNET TechTracker" = CNET TechTracker
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"CX" = CX
"Dropbox" = Dropbox
"Gnumeric" = Gnumeric Spreadsheet 1.10.16-20110616
"Google Chrome" = Google Chrome
"MegaCloud" = MegaCloud
"QUICKMEDIACONVERTER" = Quick Media Converter
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/10/2012 2:26:23 p.m. | Computer Name = Russell-HP | Source = WinMgmt | ID = 10
Description =
Error - 6/10/2012 2:26:31 p.m. | Computer Name = Russell-HP | Source = CVHSVC | ID = 100
Description = Information only. The action cannot be completed. Try the action again.
If the problem continues, contact Microsoft Product Support.
Error - 6/10/2012 2:38:28 p.m. | Computer Name = Russell-HP | Source = WinMgmt | ID = 10
Description =
Error - 6/10/2012 2:42:11 p.m. | Computer Name = Russell-HP | Source = WinMgmt | ID = 10
Description =
Error - 6/10/2012 2:50:26 p.m. | Computer Name = Russell-HP | Source = VSS | ID = 8193
Description =
Error - 6/10/2012 3:20:51 p.m. | Computer Name = Russell-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 6/10/2012 3:20:52 p.m. | Computer Name = Russell-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 135908
Error - 6/10/2012 3:20:52 p.m. | Computer Name = Russell-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 135908
Error - 7/10/2012 2:00:25 a.m. | Computer Name = Russell-HP | Source = Windows Backup | ID = 4103
Description =
Error - 7/10/2012 3:28:09 a.m. | Computer Name = Russell-HP | Source = WinMgmt | ID = 10
Description =
[ Hewlett-Packard Events ]
Error - 8/06/2012 12:55:51 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 8/06/2012 12:59:47 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 8/06/2012 1:00:35 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 8/06/2012 1:03:02 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 8/06/2012 1:03:52 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 8/06/2012 1:11:27 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 8/06/2012 1:13:49 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 8/06/2012 1:14:29 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 8/06/2012 1:14:45 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 8/06/2012 1:19:32 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =
[ HP Connection Manager Events ]
Error - 4/02/2012 2:33:55 a.m. | Computer Name = Russell-HP | Source = hpMobile | ID = 5
Description = 2012/02/04 19:33:55.260|0000137C|Error |[HP.Mobile]Wimax::.ctor{}|Retrieving
the COM class factory for component with CLSID {DCF1FC65-DA3B-404B-B4CC-BF8669E4947C}
failed due to the following error: 80040154.
Error - 4/02/2012 2:33:55 a.m. | Computer Name = Russell-HP | Source = hpMobile | ID = 5
Description = 2012/02/04 19:33:55.260|0000137C|Error |[HP.Mobile]DeviceException::ShowError{void(HP.Mobile.Devices.Device,System.Exception)}|WiMAX:
The device returned an error (Retrieving the COM class factory for component with
CLSID {DCF1FC65-DA3B-404B-B4CC-BF8669E4947C} failed due to the following error:
80040154.)
Error - 4/02/2012 2:33:55 a.m. | Computer Name = Russell-HP | Source = hpMobile | ID = 5
Description = 2012/02/04 19:33:55.275|0000137C|Error |[HP.Mobile]Wlan::.ctor{}|Retrieving
the COM class factory for component with CLSID {000098D5-6857-477B-B1D2-8B04CD9EB234}
failed due to the following error: 80040154.
Error - 4/02/2012 2:33:55 a.m. | Computer Name = Russell-HP | Source = hpMobile | ID = 5
Description = 2012/02/04 19:33:55.291|0000137C|Error |[HP.Mobile]DeviceException::ShowError{void(HP.Mobile.Devices.Device,System.Exception)}|Wi-Fi
(Wireless LAN): The device returned an error (Retrieving the COM class factory
for component with CLSID {000098D5-6857-477B-B1D2-8B04CD9EB234} failed due to the
following error: 80040154.)
Error - 4/02/2012 2:33:55 a.m. | Computer Name = Russell-HP | Source = hpMobile | ID = 5
Description = 2012/02/04 19:33:55.307|0000137C|Error |[HP.Mobile]Bluetooth::.ctor{}|Retrieving
the COM class factory for component with CLSID {2A8DDB1F-EE72-4FB7-A2F8-7B1530D94850}
failed due to the following error: 80040154.
Error - 4/02/2012 2:33:55 a.m. | Computer Name = Russell-HP | Source = hpMobile | ID = 5
Description = 2012/02/04 19:33:55.307|0000137C|Error |[HP.Mobile]DeviceException::ShowError{void(HP.Mobile.Devices.Device,System.Exception)}|Bluetooth®:
The device returned an error (Retrieving the COM class factory for component with
CLSID {2A8DDB1F-EE72-4FB7-A2F8-7B1530D94850} failed due to the following error:
80040154.)
Error - 4/02/2012 2:39:20 a.m. | Computer Name = Russell-HP | Source = HPConnectionManager | ID = 5
Description = 2012/02/04 19:39:20.175|00000E34|Error |App::ExitIfServiceIsNotInstalled{void()}|Application
is exiting because the service is not installed
Error - 4/02/2012 10:10:15 a.m. | Computer Name = Russell-HP | Source = HPConnectionManager | ID = 5
Description = 2012/02/05 03:10:15.948|0000155C|Error |App::ExitIfServiceIsNotInstalled{void()}|Application
is exiting because the service is not installed
Error - 4/02/2012 12:48:45 p.m. | Computer Name = Russell-HP | Source = HPConnectionManager | ID = 5
Description = 2012/02/05 05:48:45.791|0000134C|Error |App::ExitIfServiceIsNotInstalled{void()}|Application
is exiting because the service is not installed
Error - 4/02/2012 11:27:43 p.m. | Computer Name = Russell-HP | Source = HPConnectionManager | ID = 5
Description = 2012/02/05 16:27:43.256|000010A8|Error |App::ExitIfServiceIsNotInstalled{void()}|Application
is exiting because the service is not installed
[ HP Software Framework Events ]
Error - 8/01/2012 12:33:09 a.m. | Computer Name = GR961DHE5I9FE | Source = CaslWmi | ID = 5
Description = 2012/01/07 20:33:09.220|00000FB0|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
[ System Events ]
Error - 7/10/2012 3:28:58 a.m. | Computer Name = Russell-HP | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535
Error - 7/10/2012 3:28:58 a.m. | Computer Name = Russell-HP | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535
Error - 7/10/2012 3:28:58 a.m. | Computer Name = Russell-HP | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535
Error - 7/10/2012 3:42:41 a.m. | Computer Name = Russell-HP | Source = PNRPSvc | ID = 102
Description =
Error - 7/10/2012 3:42:42 a.m. | Computer Name = Russell-HP | Source = PNRPSvc | ID = 102
Description =
Error - 7/10/2012 3:42:41 a.m. | Computer Name = Russell-HP | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535
Error - 7/10/2012 3:42:41 a.m. | Computer Name = Russell-HP | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535
Error - 7/10/2012 3:42:42 a.m. | Computer Name = Russell-HP | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535
Error - 7/10/2012 3:42:42 a.m. | Computer Name = Russell-HP | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535
Error - 7/10/2012 4:12:29 a.m. | Computer Name = Russell-HP | Source = BROWSER | ID = 8032
Description =
< End of report >
Hi,
Tracker Software <--Is this something you installed and know about ?
Was incredibar in your lists of Programs and Features ?
Is this a company computer ?
russwilsonau
2012-10-08, 13:30
did not knowingly install Tracker Software (until it's something CNET installed to track updates of other software I've installed - can't remember name of that software)
tried to uninstall Incredibar -- did so with CCleaner but now
despite checks with CCleaner, Advanced System Care, SB, MalwareBytes, it's not showing up as an installed program, but my Firefox newtab button keeps on bringing it up "MyStart Incredibar ..." etc --- see attached screen capture -- not showing but there's an advertisement that appears in the lower portion of the screen -- in this case for a US Green Card -- obviously it checks what country the user is in -- I'm in New Zealand
this is NOT a company computer -- despite the occasional computer designation Russell-HP if you see that -- but it is an HP model computer
but thanks for all the attention -- Incredibar is sure a problem these days -- given how much internet discussion there is of it
Hi,
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iro...&cr=1530279376
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKLM\..\URLSearchHook: {81fae9c9-cfbd-4cb3-8322-412e72f55f65} - No CLSID value found
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0E0Czy0AyByEyD0EtByCyB0E0DtCtC0EtN0D0TzutBtDtCtBtDyCtCyD&cr=1530279376
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {81fae9c9-cfbd-4cb3-8322-412e72f55f65} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {93a3111f-4f74-4ed8-895e-d9708497629e} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Freecorder 6\tbhelper.dll ()
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes,Backup.Old.DefaultScope = {9655317D-B950-475F-9450-73A32684CFEC}
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb178/?loc=IB_DS&search={searchTerms}&a=6PQKBEoZ6o&i=26
[2012/06/15 22:34:02 | 000,302,425 | ---- | C] () -- C:\Users\Russell\AppData\Local\funmoods-speeddial.crx
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then run a new scan and post a new log please
russwilsonau
2012-10-08, 16:37
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{81fae9c9-cfbd-4cb3-8322-412e72f55f65} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81fae9c9-cfbd-4cb3-8322-412e72f55f65}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_USERS\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
Registry value HKEY_USERS\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Registry value HKEY_USERS\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81fae9c9-cfbd-4cb3-8322-412e72f55f65} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81fae9c9-cfbd-4cb3-8322-412e72f55f65}\ not found.
Registry value HKEY_USERS\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry value HKEY_USERS\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CA3EB689-8F09-4026-AA10-B9534C691CE0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ deleted successfully.
C:\Program Files\Freecorder 6\tbhelper.dll moved successfully.
HKEY_USERS\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
C:\Users\Russell\AppData\Local\funmoods-speeddial.crx moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Russell\Downloads\OTL\cmd.bat deleted successfully.
C:\Users\Russell\Downloads\OTL\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Russell
->Temp folder emptied: 8390443 bytes
->Temporary Internet Files folder emptied: 1883352 bytes
->Java cache emptied: 66961966 bytes
->FireFox cache emptied: 123947210 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 4265 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1109830 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 371860352 bytes
Total Files Cleaned = 548.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10092012_022310
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Firefox::
Firefox::
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQKBEoZ6o&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 4e18d11e0000000000002eb70d3f194a
FF - user.js: extensions.incredibar_i.instlDay - 15607
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:07:47
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQKBEoZ6o
FF - user.js: extensions.incredibar_i.upn2n - 92543635926693664
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix . After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
russwilsonau
2012-10-08, 21:06
sorry, "suspended" responding yesterday due to late hour of working -- please don't respond until after I've finished running the programs but to keep you up to date here's output of otl.txt --- no extras.txt this time?
wish I knew what I was doing -- now I'll download combo fix
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
OTL logfile created on: 9/10/2012 2:40:02 a.m. - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Russell\Downloads\OTL
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy
1012.30 Mb Total Physical Memory | 284.09 Mb Available Physical Memory | 28.06% Memory free
1.99 Gb Paging File | 0.77 Gb Available in Paging File | 38.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.95 Gb Total Space | 154.33 Gb Free Space | 54.35% Space Free | Partition Type: NTFS
Drive D: | 13.84 Gb Total Space | 1.55 Gb Free Space | 11.18% Space Free | Partition Type: NTFS
Drive E: | 99.00 Mb Total Space | 87.44 Mb Free Space | 88.33% Space Free | Partition Type: FAT32
Computer Name: RUSSELL-HP | User Name: Russell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Russell\Downloads\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Box Sync\UpdateService.exe (Box, Inc.)
PRC - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Program Files\GFI\GFI BackUp Freeware\GFIFInst.exe (GFI Software Ltd.)
PRC - C:\Program Files\GFI\GFI BackUp Freeware\GFIFSched.exe (GFI Software Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
PRC - C:\Program Files\IDT\WDM\AESTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f489585d6cb29313a05dceac6ee1cde1\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f37a9277a565b368c4358befdce25080\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\6b97ba148f663f114bcbbfae7a2752e9\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7edca5be5fb91df4d5eb66097437f546\mscorlib.ni.dll ()
========== Services (SafeList) ==========
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (#UpdateService) -- C:\Program Files\Box Sync\UpdateService.exe (Box, Inc.)
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (BingDesktopUpdate) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (GFIBckFAtt) -- C:\Program Files\GFI\GFI BackUp Freeware\GFIFInst.exe (GFI Software Ltd.)
SRV - (GFIBckFSched) -- C:\Program Files\GFI\GFI BackUp Freeware\GFIFSched.exe (GFI Software Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ThreatFire) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSrv.exe (Andrea Electronics Corporation)
========== Driver Services (SafeList) ==========
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (igddim32) -- C:\Windows\System32\drivers\igddim32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros)
DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros)
DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros)
DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros)
DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros)
DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros)
DRV - (btath_avdt) -- C:\Windows\System32\drivers\btath_avdt.sys (Atheros)
DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (clwvd) -- C:\Windows\System32\drivers\clwvd.sys (CyberLink Corporation)
DRV - (TfSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys (PC Tools)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/116
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{1EB53970-B557-5025-3244-737B4FF514AF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\.DEFAULT\..\URLSearchHook: {D0CF9C3B-2C4F-4C99-ACED-3CDF9AEEFF7E} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {D0CF9C3B-2C4F-4C99-ACED-3CDF9AEEFF7E} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.msn.com/?pc=BDT3&ocid=bdtdhp
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/116
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes,Backup.Old.DefaultScope = {9655317D-B950-475F-9450-73A32684CFEC}
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{1EB53970-B557-5025-3244-737B4FF514AF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7ITVB_enNZ475
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{4306E828-4997-4C8E-9FE4-9E46CC3276E4}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://au.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: save-as-pdf-ff@pdfcrowd.com:1.5
FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: tabutilslite@ithinc.cn:1.1.5
FF - prefs.js..extensions.enabledAddons: zotero@chnm.gmu.edu:3.0.8
FF - prefs.js..extensions.enabledAddons: zoteroOpenOfficeIntegration@zotero.org:3.5.3
FF - prefs.js..extensions.enabledAddons: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:2.0.6
FF - prefs.js..extensions.enabledAddons: {ada4b710-8346-4b82-8199-5de2b400a6ae}:2.0.1
FF - prefs.js..extensions.enabledAddons: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.7.5
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: {d37dc5d0-431d-44e5-8c91-49419370caa1}:3.1.26
FF - prefs.js..extensions.enabledAddons: zotfile@columbia.edu:2.2.1
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\LibreOffice 3.4\program File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Russell\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Russell\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin [2012/09/28 18:41:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/27 23:47:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 13:34:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/24 19:22:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles/xfb27j5f.default\extensions\superfish@superfish.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files\WordWeb\WCaptureMoz [2012/02/27 19:17:18 | 000,000,000 | ---D | M]
[2012/08/03 07:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Extensions
[2012/10/05 14:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions
[2012/08/26 03:57:18 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/09/18 18:03:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/20 13:35:40 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012/10/03 08:37:27 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\foxmarks@kei.com
[2012/08/03 08:00:26 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\support@lastpass.com
[2012/08/03 07:28:39 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\zotero@chnm.gmu.edu
[2012/08/03 07:45:37 | 000,000,000 | ---D | M] (Zotero LibreOffice Integration) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\zoteroOpenOfficeIntegration@zotero.org
[2012/08/03 08:00:22 | 000,057,194 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\save-as-pdf-ff@pdfcrowd.com.xpi
[2012/08/26 03:57:11 | 000,024,946 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\tabutilslite@ithinc.cn.xpi
[2012/09/26 17:08:59 | 000,406,180 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\zotfile@columbia.edu.xpi
[2012/08/03 08:00:26 | 000,527,037 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi
[2012/09/13 09:10:43 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/08/03 08:00:27 | 000,324,289 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
[2012/08/11 00:32:56 | 000,000,822 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\xpi-details.xsl
[2012/09/09 13:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/09 13:34:36 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/10 15:52:26 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/03 03:09:47 | 000,002,361 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/09/04 11:36:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/15 23:57:58 | 000,001,478 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\emclient_igeared.xml
[2012/09/04 11:36:54 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.co.nz/
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb178/?loc=IB_DS&search={searchTerms}&a=6PQKBEoZ6o&i=26
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.co.nz/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak
CHR - Extension: YouTube = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Proxy SwitchySharp = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\1.9.48_0\
CHR - Extension: SaveFrom.net helper lite = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gekjjfhbnbhfgmnmkocnnfapjpdcpbok\1.47_0\
CHR - Extension: LastPass = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.10_0\
CHR - Extension: No name found = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Search for YouTube Videos = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kabfoagjjgbakjgadhcpoleecfkmhpjm\0.1.0.6_0\
CHR - Extension: Save as PDF = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc\1.6_0\
CHR - Extension: Incredible StartPage - Productive Start Page for Chrome! = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.5.2_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Gmail = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/10/09 02:24:09 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\Toolbar\WebBrowser: (Freecorder 6) - {6B34ACCF-1B63-4E1A-8633-461917C75544} - C:\Program Files\Freecorder 6\tbcore3.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 10:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/10/09 02:23:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/08 20:13:14 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\GAD
[2012/10/07 09:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012/10/07 01:53:17 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\EMAIL IDs
[2012/10/07 00:21:44 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\MEDITATION -- SELF-COMPASSION
[2012/10/06 11:50:53 | 000,000,000 | ---D | C] -- C:\8e07ef0f1fb298627a7ae926aaec3f
[2012/09/29 20:38:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/09/29 20:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/09/29 20:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/09/28 20:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/09/28 20:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/09/28 20:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/09/28 17:12:52 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Malwarebytes
[2012/09/28 17:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/28 17:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/28 17:12:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/28 17:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/26 21:03:11 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012/09/26 13:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/26 13:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/26 03:15:58 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\CX
[2012/09/26 03:15:11 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CX
[2012/09/26 03:14:37 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\CX
[2012/09/25 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012/09/24 03:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr Smoozles Goes Nutso
[2012/09/24 03:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mr Smoozles Goes Nutso
[2012/09/24 01:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2012/09/24 01:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com
[2012/09/23 19:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/23 19:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/23 19:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/23 19:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/22 12:35:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/22 12:34:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/22 12:34:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/22 12:34:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/22 12:34:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/22 12:34:50 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/22 12:34:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/22 12:34:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/20 22:57:10 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\MSSAT TRUST OTAGO
[2012/09/17 14:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigma Team
[2012/09/17 14:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sigma Team
[2012/09/17 14:07:36 | 000,000,000 | ---D | C] -- C:\Counter-Strike 2D
[2012/09/17 11:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cave Story Deluxe
[2012/09/17 11:57:56 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cave Story Deluxe
[2012/09/17 11:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Cave Story Deluxe
[2012/09/17 03:34:27 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2012/09/17 03:34:25 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2012/09/17 03:34:24 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2012/09/17 03:34:23 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2012/09/17 03:34:22 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2012/09/17 03:34:22 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2012/09/17 03:34:21 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2012/09/17 03:33:54 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2012/09/17 03:33:53 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2012/09/17 03:33:53 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2012/09/17 03:33:52 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2012/09/17 03:33:50 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2012/09/17 03:33:48 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2012/09/17 03:33:47 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2012/09/17 03:33:45 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2012/09/17 03:33:43 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2012/09/16 23:31:22 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Punkbuster
[2012/09/16 23:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Wolfenstein - Enemy Territory
[2012/09/15 16:54:15 | 000,000,000 | -HSD | C] -- C:\found.002
[2012/09/13 21:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/13 21:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/13 21:12:25 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/09/12 17:03:38 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/12 17:03:37 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/12 17:03:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/12 17:03:23 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/12 16:49:35 | 000,000,000 | ---D | C] -- C:\09470b656efc966851db
[2012/09/09 13:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/10/09 02:35:29 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/09 02:35:29 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/09 02:27:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/09 02:27:21 | 796,102,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/09 02:24:09 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/10/08 23:06:26 | 000,408,820 | ---- | M] () -- C:\Users\Russell\Desktop\(2) acceptance and commitment therapy — Facebook search.maff
[2012/10/08 22:56:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/10/08 14:52:58 | 008,067,631 | ---- | M] () -- C:\Users\Russell\Desktop\At_the_Heart_of_Intimacy_Susan_Johnson.flv
[2012/10/07 22:17:17 | 000,071,313 | ---- | M] () -- C:\Users\Russell\Desktop\Storied Mind Newsletter The Anger in Depression.maff
[2012/10/06 12:20:39 | 000,153,870 | ---- | M] () -- C:\Users\Russell\Desktop\Most Psychotropic Meds Increase Driving Risk.maff
[2012/10/06 06:02:54 | 000,126,494 | ---- | M] () -- C:\Users\Russell\Desktop\Neuropathy_Treatment.pdf
[2012/10/04 15:28:51 | 000,000,013 | ---- | M] () -- C:\Windows\System32\WinSys32.crc
[2012/10/02 12:01:56 | 000,665,232 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/02 12:01:56 | 000,125,678 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/25 00:07:50 | 000,000,712 | ---- | M] () -- C:\user.js
[2012/09/16 21:47:00 | 000,001,947 | ---- | M] () -- C:\Users\Russell\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2012/09/13 23:52:19 | 000,002,060 | ---- | M] () -- C:\Users\Russell\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
========== Files Created - No Company Name ==========
[2012/10/08 23:06:07 | 000,408,820 | ---- | C] () -- C:\Users\Russell\Desktop\(2) acceptance and commitment therapy — Facebook search.maff
[2012/10/08 14:50:56 | 008,067,631 | ---- | C] () -- C:\Users\Russell\Desktop\At_the_Heart_of_Intimacy_Susan_Johnson.flv
[2012/10/07 22:16:51 | 000,071,313 | ---- | C] () -- C:\Users\Russell\Desktop\Storied Mind Newsletter The Anger in Depression.maff
[2012/10/06 12:20:18 | 000,153,870 | ---- | C] () -- C:\Users\Russell\Desktop\Most Psychotropic Meds Increase Driving Risk.maff
[2012/10/06 06:02:07 | 000,126,494 | ---- | C] () -- C:\Users\Russell\Desktop\Neuropathy_Treatment.pdf
[2012/09/16 23:31:58 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/08/25 10:31:42 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012/08/24 14:02:51 | 000,001,729 | ---- | C] () -- C:\Users\Russell\AppData\Local\recently-used.xbel
[2012/07/29 19:16:38 | 000,000,061 | ---- | C] () -- C:\ProgramData\DoremisoftSWFSetting.ini
[2012/06/21 06:30:48 | 000,093,696 | ---- | C] () -- C:\Windows\System32\lua5.1a.dll
[2012/05/10 00:38:50 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2012/05/08 00:43:43 | 000,001,089 | ---- | C] () -- C:\Users\Russell\Documents - Shortcut.lnk
[2012/05/07 13:48:05 | 000,042,120 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2012/04/20 23:30:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/03/18 22:00:51 | 000,000,000 | ---- | C] () -- C:\Users\Russell\hsqlprefs.dat
[2012/03/14 18:56:02 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2012/03/01 23:57:34 | 000,000,165 | ---- | C] () -- C:\Users\Russell\.gtkrc-2.0
[2012/02/27 19:17:40 | 002,216,480 | ---- | C] () -- C:\Windows\wweb32.dll
[2012/02/23 00:31:43 | 000,011,776 | ---- | C] () -- C:\Users\Russell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 01:44:00 | 000,003,504 | ---- | C] () -- C:\Users\Russell\Financial Accounts.gnucash
[2012/02/14 23:08:04 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/02/05 03:29:28 | 000,000,224 | ---- | C] () -- C:\Users\Russell\.languagetool-ooo.cfg
[2012/02/02 23:23:25 | 000,899,072 | ---- | C] () -- C:\Users\Russell\AppData\Roaming\SharedSettings.ccs
[2011/12/21 22:42:09 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/12/14 11:57:16 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/12/12 03:22:22 | 000,000,101 | ---- | C] () -- C:\Windows\System32\ud-boot-time.ini
[2011/10/22 22:24:58 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin
[2011/09/15 16:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/09/07 09:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/03/29 21:00:00 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/03/25 08:35:18 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/02 23:43:46 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
========== ZeroAccess Check ==========
[2012/08/11 00:32:56 | 000,000,596 | ---- | M] () -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/14 17:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 17:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 10:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 14:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/04/18 04:27:57 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\.calligra
[2012/05/27 14:48:23 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\.gephi
[2012/07/28 13:06:35 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AnvSoft
[2012/10/07 21:57:37 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Applian FLV and Media Player
[2012/03/06 10:32:13 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Ashampoo
[2012/07/29 05:10:41 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AVCWare
[2012/05/16 14:47:51 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AVG
[2012/02/02 17:21:16 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Blio
[2012/09/08 18:54:50 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Box Desktop
[2012/09/09 23:55:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Box Sync
[2012/02/13 06:07:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\calibre
[2012/08/04 03:21:52 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CBS Interactive
[2012/02/05 15:41:23 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Cocoon Software
[2012/10/04 15:25:35 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CoffeeCup Software
[2012/05/20 17:48:43 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\ColorCop
[2012/09/26 03:15:58 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CX
[2012/02/14 21:15:38 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DAZ 3D
[2012/09/08 02:35:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Docear
[2012/08/04 05:05:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Downloaded Installations
[2012/09/08 18:02:55 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Dropbox
[2012/08/30 02:11:01 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DVDVideoSoft
[2012/08/29 01:34:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/02/04 02:13:30 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\E-Z Contact Book
[2012/06/19 23:12:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Eltima Software
[2012/08/20 00:43:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\eM Client
[2012/03/21 20:03:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\eM Client for SoftMaker
[2012/05/16 02:09:12 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\enchant
[2012/05/27 21:46:26 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\EndNote
[2012/06/25 18:07:07 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FileOpen
[2012/10/03 22:43:26 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FileZilla
[2012/08/04 07:27:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Foxit
[2012/06/16 19:51:33 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Foxit Software
[2012/08/08 06:57:37 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Free Sound Recorder
[2012/02/07 07:27:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FreeCommander
[2012/08/08 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Audio
[2012/08/08 08:47:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Converter
[2012/08/08 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Screen
[2012/08/08 08:48:07 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Video
[2012/02/03 23:44:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FreeFLVConverter
[2012/08/13 07:27:27 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FTPSynchronize
[2012/09/13 23:54:11 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\GlarySoft
[2012/04/29 10:49:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\gtk-2.0
[2012/05/27 15:29:02 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\HistCite
[2012/05/15 13:28:06 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\inkscape
[2012/03/03 23:11:37 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\IObit
[2012/05/17 09:41:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\IrfanView
[2012/05/31 05:01:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\JabRef 2.8
[2012/10/08 00:41:03 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Jarte
[2012/07/28 14:57:39 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\KompoZer
[2012/07/28 15:50:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\kompozer.net
[2012/02/02 17:55:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\LibreOffice
[2012/05/25 03:38:20 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\LyX2.0
[2012/10/06 20:41:35 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\MegaCloud
[2012/09/09 23:20:54 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\MegaCloudBackup
[2012/07/29 07:46:20 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Moyea
[2012/10/08 00:40:38 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Nitro PDF
[2012/04/18 12:23:41 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\onOne Software
[2012/07/04 08:52:39 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\OpenCandy
[2012/05/19 02:07:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\OpenOffice.org
[2012/07/29 00:35:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Opera
[2012/07/04 08:57:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Paltalk
[2012/05/20 23:08:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\picpick
[2012/02/15 05:43:06 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\postgresql
[2012/05/28 02:01:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Publish or Perish
[2012/02/07 22:06:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Quantisle
[2012/08/04 04:17:17 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RapidTyping
[2012/07/28 14:51:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RecoolTec
[2012/04/17 15:54:04 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RegistryKeys
[2012/08/13 00:55:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RiseFly
[2012/06/25 16:28:27 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Smart PDF Converter Pro
[2012/07/17 13:55:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\SoftGrid Client
[2012/03/21 20:42:01 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\SoftMaker
[2012/02/02 16:41:42 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Synaptics
[2012/08/13 01:43:49 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Sync App Settings
[2012/08/11 00:05:26 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Thunderbird
[2012/03/14 06:42:58 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Titler
[2012/02/02 18:09:58 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\TP
[2012/05/05 19:15:14 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\uTorrent
[2012/07/28 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\VIP Video Converter
[2012/02/03 19:21:42 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Windows Live Writer
[2012/07/28 14:12:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/07/29 05:35:51 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Xilisoft
[2012/02/03 00:55:24 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Zotero
[2012/03/16 15:07:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\ZScreen
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4
< End of report >
russwilsonau
2012-10-08, 21:59
not sure if I'm doing this right --
you didn't mention the Admin window opening, so I ignored it and proceeded;
CF didn't say to re-boot but Firefox wouldn't work properly so I re-booted;
no ComboFix.txt file created automatically that I could find, so re-ran CF to see if it would create it -- awaiting operations -- this closes Ff down so will get back to you after that
You should be able to find the combofix file here
C:\ComboFix.txt
russwilsonau
2012-10-09, 10:23
see screen capture -- missing menu bar to fit "everything" in -- attached contents of combofix.txt -- looks ok? but??
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ComboFix 12-10-08.03 - Russell 09/10/2012 8:18:44.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.1012.185 [GMT 13:00]
Running from: C:\Users\Russell\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\install.exe
C:\Users\Russell\AppData\Local\assembly\tmp
C:\Users\Russell\AppData\Local\TempDIR
C:\Windows\iun6002.exe
C:\Windows\system32\wpcap.dll
((((((((((((((((((((((((( Files Created from 2012-09-08 to 2012-10-08 )))))))))))))))))))))))))))))))
Your screen capture is bogus, I need to see the entire Combofix log , if you cant find it then run DDS again and post that new log please
russwilsonau
2012-10-09, 13:24
I did a Windows search and what you see is what was in combofix.txt
bogus? don't know what you mean, it's a real screen capture, not sure I mocked up
DDS -- could you remind me what that is, please?
russwilsonau
2012-10-09, 13:26
that should have read "not SOMETHING I mocked up"
russwilsonau
2012-10-09, 14:02
did search and found DDS referred to as having something to do with Malwarebytes (on BleepingComputer.com, and you've had me run that before) so am attaching that log below -- but can't see any useful info.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.10.09.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Russell :: RUSSELL-HP [administrator]
Protection: Disabled
9/10/2012 11:38:03 p.m.
mbam-log-2012-10-09 (23-38-03).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207179
Time elapsed: 14 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Hey Russell,
Looking at the screen capture again and thought it was just from a bogus site, my bad. DDS is the first log you posted when you originally posted in the forum
Download DDS from one of the links below to your desktop
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)
Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)
After running Combofix, is incredibar gone ?
russwilsonau
2012-10-09, 14:45
THANKS FOR THE EXPLANATION
here're the two files
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Russell at 0:27:52 on 2012-10-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.1012.117 [GMT 13:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Box Sync\UpdateService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~1\GFI\GFIBAC~1\GFIFInst.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIFSC~1.EXE
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Freecorder 6: {6b34accf-1b63-4e1a-8633-461917c75544} - c:\program files\freecorder 6\tbcore3.dll
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\program files\microsoft office 15\root\office15\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\russell\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll/105
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7}\37071627B6630314C647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7}\4457E6564696E602C4962627162797021337470264C6F6F627 : DhcpNameServer = 10.10.10.1
TCP: Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7}\642554540294E4455425E454450213 : DhcpNameServer = 192.168.11.1 8.8.8.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\russell\appdata\roaming\mozilla\firefox\profiles\bylhdpoc.default\
FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com/
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitroie.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\videodownloadconverter_4z\bar\1.bin\NP4zStub.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\russell\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQKBEoZ6o&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 4e18d11e0000000000002eb70d3f194a
FF - user.js: extensions.incredibar_i.instlDay - 15607
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:07:47
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQKBEoZ6o
FF - user.js: extensions.incredibar_i.upn2n - 92543635926693664
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
============= SERVICES / DRIVERS ===============
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-5-20 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-5-20 69392]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-17 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-17 355632]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 #UpdateService;Box Sync Auto-updater;c:\program files\box sync\UpdateService.exe [2012-8-18 8704]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-6-1 913792]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AESTSrv.exe [2011-12-21 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-17 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-17 58680]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-10-22 85152]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-27 44808]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-7-21 249648]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 GFIBckFAtt;GFI BackUp Freeware Attendant Service;c:\progra~1\gfi\gfibac~1\GFIFInst.exe [2012-6-26 1011056]
R2 GFIBckFSched;GFI BackUp Freeware Scheduler Service;c:\progra~1\gfi\gfibac~1\GFIFSC~1.EXE [2012-6-26 2664816]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-9-10 86072]
R2 HPClientSvc;HP Client Services;c:\program files\hewlett-packard\hp client services\HPClientServices.exe [2010-10-11 246840]
R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2011-7-12 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-12-21 13336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-28 399432]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-7-26 184848]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-6-20 69640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-9-28 1153368]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2011-10-22 158880]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-10-22 25248]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2012-8-4 27760]
R3 igddim32;igddim32;c:\windows\system32\drivers\igddim32.sys [2012-4-20 1344512]
R3 igdkmd32;igdkmd32;c:\windows\system32\drivers\igdkmd32.sys [2012-4-20 419328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-28 22856]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-12-21 197224]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-12-21 394856]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-5-20 33552]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-11 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-28 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-18 250056]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-10-22 35488]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-8-2 195320]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-10-22 290976]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-10-22 97440]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-10-22 147616]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-10-22 60064]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-10-22 263968]
S3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-10-22 445088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-11 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-3 114144]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2012-6-23 4846168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-3 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 51040]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-10-09 11:20:19 0 ----a-w- c:\windows\system32\sho2636.tmp
2012-10-09 07:52:16 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3026ec6d-ac11-4658-ae3b-dc6228560d8a}\mpengine.dll
2012-10-08 20:07:04 -------- d-----w- C:\$RECYCLE.BIN
2012-10-08 20:03:45 -------- d-----w- c:\users\russell\appdata\local\temp
2012-10-08 19:10:19 -------- d-----w- C:\ComboFix
2012-10-08 18:24:42 518144 ----a-w- c:\windows\SWREG.exe
2012-10-08 18:24:42 256000 ----a-w- c:\windows\PEV.exe
2012-10-08 18:24:42 208896 ----a-w- c:\windows\MBR.exe
2012-10-08 18:24:41 98816 ----a-w- c:\windows\sed.exe
2012-10-08 13:23:10 -------- d-----w- C:\_OTL
2012-10-05 22:50:53 -------- d-----w- C:\8e07ef0f1fb298627a7ae926aaec3f
2012-09-28 07:03:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-28 07:03:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-28 04:12:52 -------- d-----w- c:\users\russell\appdata\roaming\Malwarebytes
2012-09-28 04:12:10 -------- d-----w- c:\programdata\Malwarebytes
2012-09-28 04:12:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 04:12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-26 08:03:11 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-26 00:54:09 -------- d-----w- c:\program files\CCleaner
2012-09-25 14:15:58 -------- d-----w- c:\users\russell\appdata\roaming\CX
2012-09-25 14:14:37 -------- d-----w- c:\users\russell\appdata\local\CX
2012-09-24 11:09:26 -------- d-----w- c:\program files\Perion
2012-09-23 14:39:22 -------- d-----w- c:\program files\Mr Smoozles Goes Nutso
2012-09-23 12:29:25 -------- d-----w- c:\program files\GOG.com
2012-09-23 06:15:50 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-23 06:12:28 -------- d-----w- c:\program files\iPod
2012-09-23 06:12:07 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-23 06:12:07 -------- d-----w- c:\program files\iTunes
2012-09-21 23:35:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-21 23:35:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-09-21 23:35:02 140936 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-09-21 23:35:01 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-09-17 01:19:26 -------- d-----w- c:\program files\Sigma Team
2012-09-17 01:07:36 -------- d-----w- C:\Counter-Strike 2D
2012-09-16 22:57:04 -------- d-----w- c:\program files\Cave Story Deluxe
2012-09-16 14:34:27 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2012-09-16 14:34:25 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-09-16 14:34:24 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2012-09-16 14:34:23 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2012-09-16 14:33:47 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-09-16 10:31:58 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-09-16 10:31:22 -------- d-----w- c:\users\russell\appdata\local\Punkbuster
2012-09-16 10:30:00 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2012-09-15 03:54:15 -------- d-----w- C:\found.002
2012-09-13 08:12:25 -------- d-----r- c:\program files\Skype
2012-09-12 04:03:39 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 04:03:38 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 04:03:37 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 04:03:31 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 04:03:29 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 04:03:23 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 03:49:35 -------- d-----w- C:\09470b656efc966851db
.
==================== Find3M ====================
.
2012-09-01 19:38:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-01 19:38:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-01 19:00:07 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-01 18:59:57 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-01 18:59:56 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 03:58:36 405152 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13:14 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13:14 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 01:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-28 09:32:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-28 09:32:23 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-26 02:39:12 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-07-26 02:39:10 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 00:27:53 2216480 ------w- c:\windows\wweb32.dll
.
============= FINISH: 0:36:06.52 ===============
Incredibar is still on your DDS log
Look for Incredibar
At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
In the Add-ons Manager tab, select the Extensions or Appearance or Plugins panel.
Select the add-on you wish to disable.
Click the Disable button.
Click Restart now if it pops up. Your tabs will be saved and restored after the restart.
Drag Combofix to the trash and lets download a fresh new copy and run it without a script, also go and delete C:\ComboFix.txt
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
russwilsonau
2012-10-10, 03:22
didn't "stick around" to check if recovery manager installed but here's ComboFix.txt
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ComboFix 12-10-09.01 - Russell 10/10/2012 8:46.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.1012.229 [GMT 13:00]
Running from: c:\users\Russell\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\install.exe
c:\windows\iun6002.exe
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2012-10-09 20:30 . 2012-10-09 20:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-09 11:20 . 2012-10-09 11:20 0 ----a-w- c:\windows\system32\sho2636.tmp
2012-10-09 07:52 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3026EC6D-AC11-4658-AE3B-DC6228560D8A}\mpengine.dll
2012-10-08 20:03 . 2012-10-09 20:30 -------- d-----w- c:\users\Russell\AppData\Local\temp
2012-10-08 13:23 . 2012-10-08 13:23 -------- d-----w- C:\_OTL
2012-10-05 22:50 . 2012-10-05 22:50 -------- d-----w- C:\8e07ef0f1fb298627a7ae926aaec3f
2012-09-29 07:36 . 2012-09-29 07:36 -------- d-----w- c:\program files\ERUNT
2012-09-28 07:03 . 2012-10-07 06:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-28 07:03 . 2012-09-28 07:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-28 04:12 . 2012-09-28 04:12 -------- d-----w- c:\users\Russell\AppData\Roaming\Malwarebytes
2012-09-28 04:12 . 2012-09-28 04:12 -------- d-----w- c:\programdata\Malwarebytes
2012-09-28 04:12 . 2012-09-28 04:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-28 04:12 . 2012-09-07 05:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 08:03 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-26 00:54 . 2012-09-26 00:54 -------- d-----w- c:\program files\CCleaner
2012-09-25 14:15 . 2012-09-25 14:15 -------- d-----w- c:\users\Russell\AppData\Roaming\CX
2012-09-25 14:14 . 2012-09-25 14:15 -------- d-----w- c:\users\Russell\AppData\Local\CX
2012-09-24 11:09 . 2012-09-24 11:09 -------- d-----w- c:\program files\Perion
2012-09-23 14:39 . 2012-09-23 14:39 -------- d-----w- c:\program files\Mr Smoozles Goes Nutso
2012-09-23 12:29 . 2012-10-05 04:29 -------- d-----w- c:\program files\GOG.com
2012-09-23 06:15 . 2012-08-21 01:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-23 06:12 . 2012-09-23 06:12 -------- d-----w- c:\program files\iPod
2012-09-23 06:12 . 2012-09-23 06:15 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-23 06:12 . 2012-09-23 06:15 -------- d-----w- c:\program files\iTunes
2012-09-21 23:35 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-21 23:35 . 2012-08-24 07:34 140936 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-09-21 23:35 . 2012-08-24 06:47 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-09-21 23:35 . 2012-08-24 06:48 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-09-17 01:19 . 2012-09-17 03:57 -------- d-----w- c:\program files\Sigma Team
2012-09-17 01:07 . 2012-09-17 01:12 -------- d-----w- C:\Counter-Strike 2D
2012-09-16 22:57 . 2012-09-16 22:57 -------- d-----w- c:\program files\Cave Story Deluxe
2012-09-16 14:34 . 2006-09-28 04:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2012-09-16 14:34 . 2006-09-28 04:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-09-16 14:34 . 2006-07-27 21:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2012-09-16 14:34 . 2006-07-27 21:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2012-09-16 14:33 . 2005-05-26 03:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-09-16 10:31 . 2012-09-16 10:49 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-09-16 10:31 . 2012-09-16 10:31 -------- d-----w- c:\users\Russell\AppData\Local\Punkbuster
2012-09-16 10:30 . 2012-09-16 11:55 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2012-09-15 03:54 . 2012-09-15 03:54 -------- d-----w- C:\found.002
2012-09-13 08:12 . 2012-09-13 08:12 -------- d-----w- c:\program files\Common Files\Skype
2012-09-13 08:12 . 2012-09-13 08:12 -------- d-----r- c:\program files\Skype
2012-09-12 04:03 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 04:03 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 04:03 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 04:03 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 04:03 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 04:03 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 03:49 . 2012-09-12 03:50 -------- d-----w- C:\09470b656efc966851db
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 19:38 . 2012-06-17 16:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-01 19:38 . 2012-06-17 16:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-01 19:00 . 2012-09-01 19:00 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-01 18:59 . 2012-03-20 01:19 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-01 18:59 . 2012-02-02 05:03 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-29 13:37 . 2012-08-29 13:37 39424 ----a-r- c:\users\Russell\AppData\Roaming\Microsoft\Installer\{88741A14-4C9D-469F-BA36-8FDF6037BB68}\Icon88741A14.exe
2012-08-24 03:58 . 2012-08-03 17:05 405152 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-08-21 09:13 . 2012-07-16 14:47 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-07-16 14:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-07-16 14:47 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-07-16 14:47 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-07-16 14:47 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-07-16 14:47 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-07-16 14:45 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-07-16 14:45 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-21 01:01 . 2012-02-02 07:20 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-01 04:02 . 2012-07-18 02:37 460424 ------w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2012-07-28 09:32 . 2012-03-01 16:59 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-28 09:32 . 2012-03-01 16:59 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-26 02:39 . 2012-08-03 16:12 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-07-26 02:39 . 2012-08-03 16:12 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-07-18 17:47 . 2012-08-15 10:20 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 00:27 . 2012-02-27 06:17 2216480 ------w- c:\windows\wweb32.dll
2012-09-09 00:34 . 2012-09-09 00:24 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6B34ACCF-1B63-4E1A-8633-461917C75544}"= "c:\program files\Freecorder 6\tbcore3.dll" [2012-08-01 2711928]
.
[HKEY_CLASSES_ROOT\clsid\{6b34accf-1b63-4e1a-8633-461917c75544}]
[HKEY_CLASSES_ROOT\TBSB00808.TBSB00808.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00808.TBSB00808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-17 16:40 220608 ----a-w- c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-17 16:40 220608 ----a-w- c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-17 16:40 220608 ----a-w- c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]
@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"
[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]
@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"
[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal]
@="{03FB4211-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}]
2012-08-31 02:45 242864 ----a-w- c:\users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified]
@="{03FB4212-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}]
2012-08-31 02:45 242864 ----a-w- c:\users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError]
@="{03FB4213-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}]
2012-08-31 02:45 242864 ----a-w- c:\users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-11-11 2307368]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
c:\windows\system32 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
c:\windows\system32 [X]
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 #UpdateService;Box Sync Auto-updater;c:\program files\Box Sync\UpdateService.exe [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 GFIBckFAtt;GFI BackUp Freeware Attendant Service;c:\progra~1\GFI\GFIBAC~1\GFIFInst.exe [x]
S2 GFIBckFSched;GFI BackUp Freeware Scheduler Service;c:\progra~1\GFI\GFIBAC~1\GFIFSC~1.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [x]
S3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\
FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com/
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQKBEoZ6o&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 4e18d11e0000000000002eb70d3f194a
FF - user.js: extensions.incredibar_i.instlDay - 15607
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:07
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQKBEoZ6o
FF - user.js: extensions.incredibar_i.upn2n - 92543635926693664
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{8BA85C75-763B-4103-94EB-9470F12FE0F7} - (no file)
ShellIconOverlayIdentifiers-{CD55129A-B1A1-438E-A425-CEBC7DC684EE} - (no file)
ShellIconOverlayIdentifiers-{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} - (no file)
HKLM_ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
AddRemove-Freecorder_1.0 - c:\windows\iun6002.exe
AddRemove-2D857E8472D5CE6389E3ABD8FDE97BC8130D96A3 - c:\program files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(660)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'Explorer.exe'(5828)
c:\program files\ThreatFire\TfWah.dll
c:\windows\system32\prnfldr.dll
c:\windows\system32\dxp.dll
c:\windows\System32\QUtil.dll
.
Completion time: 2012-10-10 09:46:31
ComboFix-quarantined-files.txt 2012-10-09 20:46
.
Pre-Run: 162,872,561,664 bytes free
Post-Run: 162,774,302,720 bytes free
.
- - End Of File - - 13E96276EF9804C214AD5B876EC5CF68
russwilsonau
2012-10-10, 06:24
to clarify, though I did state this at the start -- am using Windows 7 (Home Premium, in fact) and, as I understand it, System Recovery doesn't work in the same way as with the older System Recovery Console
Well, we dont need the recovery tool but Win 7 has a nice option for it if ever needed, lets try one more time to see if Combofix can remove those incredibar entries from your Firefox profile
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Firefox::
Firefox::
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQKBEoZ6o&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 4e18d11e0000000000002eb70d3f194a
FF - user.js: extensions.incredibar_i.instlDay - 15607
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:07
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQKBEoZ6o
FF - user.js: extensions.incredibar_i.upn2n - 92543635926693664
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
russwilsonau
2012-10-10, 13:20
ComboFix 12-10-09.01 - Russell 10/10/2012 22:13:09.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.1012.91 [GMT 13:00]
Running from: c:\users\Russell\Desktop\ComboFix.exe
Command switches used :: c:\users\Russell\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 09:57 . 2012-10-10 09:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 00:34 . 2012-10-10 00:34 -------- d-----w- C:\found.003
2012-10-09 11:20 . 2012-10-09 11:20 0 ----a-w- c:\windows\system32\sho2636.tmp
2012-10-09 07:52 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3026EC6D-AC11-4658-AE3B-DC6228560D8A}\mpengine.dll
2012-10-08 20:03 . 2012-10-10 09:57 -------- d-----w- c:\users\Russell\AppData\Local\temp
2012-10-08 13:23 . 2012-10-08 13:23 -------- d-----w- C:\_OTL
2012-10-05 22:50 . 2012-10-05 22:50 -------- d-----w- C:\8e07ef0f1fb298627a7ae926aaec3f
2012-09-29 07:36 . 2012-09-29 07:36 -------- d-----w- c:\program files\ERUNT
2012-09-28 07:03 . 2012-10-07 06:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-28 07:03 . 2012-09-28 07:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-28 04:12 . 2012-09-28 04:12 -------- d-----w- c:\users\Russell\AppData\Roaming\Malwarebytes
2012-09-28 04:12 . 2012-09-28 04:12 -------- d-----w- c:\programdata\Malwarebytes
2012-09-28 04:12 . 2012-09-28 04:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-28 04:12 . 2012-09-07 05:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 08:03 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-26 00:54 . 2012-09-26 00:54 -------- d-----w- c:\program files\CCleaner
2012-09-25 14:15 . 2012-09-25 14:15 -------- d-----w- c:\users\Russell\AppData\Roaming\CX
2012-09-25 14:14 . 2012-09-25 14:15 -------- d-----w- c:\users\Russell\AppData\Local\CX
2012-09-24 11:09 . 2012-09-24 11:09 -------- d-----w- c:\program files\Perion
2012-09-23 14:39 . 2012-09-23 14:39 -------- d-----w- c:\program files\Mr Smoozles Goes Nutso
2012-09-23 12:29 . 2012-10-05 04:29 -------- d-----w- c:\program files\GOG.com
2012-09-23 06:15 . 2012-08-21 01:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-23 06:12 . 2012-09-23 06:12 -------- d-----w- c:\program files\iPod
2012-09-23 06:12 . 2012-09-23 06:15 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-23 06:12 . 2012-09-23 06:15 -------- d-----w- c:\program files\iTunes
2012-09-21 23:35 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-21 23:35 . 2012-08-24 07:34 140936 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-09-21 23:35 . 2012-08-24 06:47 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-09-21 23:35 . 2012-08-24 06:48 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-09-17 01:19 . 2012-09-17 03:57 -------- d-----w- c:\program files\Sigma Team
2012-09-17 01:07 . 2012-09-17 01:12 -------- d-----w- C:\Counter-Strike 2D
2012-09-16 22:57 . 2012-09-16 22:57 -------- d-----w- c:\program files\Cave Story Deluxe
2012-09-16 14:34 . 2006-09-28 04:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2012-09-16 14:34 . 2006-09-28 04:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-09-16 14:34 . 2006-07-27 21:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2012-09-16 14:34 . 2006-07-27 21:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2012-09-16 14:33 . 2005-05-26 03:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-09-16 10:31 . 2012-09-16 10:49 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-09-16 10:31 . 2012-09-16 10:31 -------- d-----w- c:\users\Russell\AppData\Local\Punkbuster
2012-09-16 10:30 . 2012-09-16 11:55 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2012-09-15 03:54 . 2012-09-15 03:54 -------- d-----w- C:\found.002
2012-09-13 08:12 . 2012-09-13 08:12 -------- d-----w- c:\program files\Common Files\Skype
2012-09-13 08:12 . 2012-09-13 08:12 -------- d-----r- c:\program files\Skype
2012-09-12 04:03 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 04:03 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 04:03 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 04:03 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 04:03 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 04:03 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 03:49 . 2012-09-12 03:50 -------- d-----w- C:\09470b656efc966851db
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 19:38 . 2012-06-17 16:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-01 19:38 . 2012-06-17 16:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-01 19:00 . 2012-09-01 19:00 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-01 18:59 . 2012-03-20 01:19 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-01 18:59 . 2012-02-02 05:03 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-29 13:37 . 2012-08-29 13:37 39424 ----a-r- c:\users\Russell\AppData\Roaming\Microsoft\Installer\{88741A14-4C9D-469F-BA36-8FDF6037BB68}\Icon88741A14.exe
2012-08-24 03:58 . 2012-08-03 17:05 405152 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-08-21 09:13 . 2012-07-16 14:47 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-07-16 14:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-07-16 14:47 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-07-16 14:47 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-07-16 14:47 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-07-16 14:47 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-07-16 14:45 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-07-16 14:45 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-21 01:01 . 2012-02-02 07:20 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-01 04:02 . 2012-07-18 02:37 460424 ------w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2012-07-28 09:32 . 2012-03-01 16:59 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-28 09:32 . 2012-03-01 16:59 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-26 02:39 . 2012-08-03 16:12 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-07-26 02:39 . 2012-08-03 16:12 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-07-18 17:47 . 2012-08-15 10:20 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 00:27 . 2012-02-27 06:17 2216480 ------w- c:\windows\wweb32.dll
2012-09-09 00:34 . 2012-09-09 00:24 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6B34ACCF-1B63-4E1A-8633-461917C75544}"= "c:\program files\Freecorder 6\tbcore3.dll" [2012-08-01 2711928]
.
[HKEY_CLASSES_ROOT\clsid\{6b34accf-1b63-4e1a-8633-461917c75544}]
[HKEY_CLASSES_ROOT\TBSB00808.TBSB00808.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00808.TBSB00808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-17 16:40 220608 ----a-w- c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-17 16:40 220608 ----a-w- c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-17 16:40 220608 ----a-w- c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]
@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"
[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]
@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"
[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal]
@="{03FB4211-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}]
2012-08-31 02:45 242864 ----a-w- c:\users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified]
@="{03FB4212-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}]
2012-08-31 02:45 242864 ----a-w- c:\users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError]
@="{03FB4213-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}]
2012-08-31 02:45 242864 ----a-w- c:\users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-11-11 2307368]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
c:\windows\system32 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
c:\windows\system32 [X]
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 #UpdateService;Box Sync Auto-updater;c:\program files\Box Sync\UpdateService.exe [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 GFIBckFAtt;GFI BackUp Freeware Attendant Service;c:\progra~1\GFI\GFIBAC~1\GFIFInst.exe [x]
S2 GFIBckFSched;GFI BackUp Freeware Scheduler Service;c:\progra~1\GFI\GFIBAC~1\GFIFSC~1.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [x]
S3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\
FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com/
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQKBEoZ6o&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 4e18d11e0000000000002eb70d3f194a
FF - user.js: extensions.incredibar_i.instlDay - 15607
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:07
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQKBEoZ6o
FF - user.js: extensions.incredibar_i.upn2n - 92543635926693664
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(664)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'Explorer.exe'(2656)
c:\program files\ThreatFire\TfWah.dll
c:\windows\system32\timedate.cpl
c:\windows\system32\MsftEdit.dll
c:\program files\Common Files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\CRYPTUI.dll
c:\windows\System32\UIAnimation.dll
c:\windows\system32\stobject.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\System32\QUtil.dll
c:\windows\System32\hcproviders.dll
.
Completion time: 2012-10-10 23:13:52
ComboFix-quarantined-files.txt 2012-10-10 10:13
ComboFix2.txt 2012-10-09 20:46
.
Pre-Run: 161,586,810,880 bytes free
Post-Run: 161,538,367,488 bytes free
.
- - End Of File - - 449CB27A23F557CE80BD67E82E779FFD
Still there, the user profile from Firefox is hard to remove or edit, lets do this, it may be the easier thing to do.
Go into Programs and Features in the Control Panel and uninstall Firefox, then reboot
The go to Start > Run and copy and paste this in %APPDATA% and hit enter, then go to the Mozilla folder and delete it because there is where incredibar is in your profile.
Then go here and download and install the latest version of Firefox nice and clean
http://www.mozilla.org/en-US/firefox/new/
Let me know how it went ?
russwilsonau
2012-10-10, 15:37
Start > Run and copy and paste this in %APPDATA% ??
"this" -- what's this?
incidentally, I don't often use chrome but after removing Ff, before re-installing (which I have yet to do) there was a new extension Chrome was asking if I wanted to install "Newtab for Chrome / Firefox" -- different name, same crap -- it had set up Mystart Incredibar in a new tab but I think I prevented its installation -- but to be safe, removed Ff and Chrome -- didn't have this problem with IE -- I write for the web so have several browsers installed -- removeNewtab from Chrome, using Chrome, but also using Advanced System Care removed Chrome, with all leftovers in registry etc (I hope)
but now, what you were saying about "this"??
now back to removing folders from AppData -- just as well I store my Zotero library elsewhere (100Mb+) -- importance of knowing your programs ;-)
If type or copy %APPDATA% into the run box and hit enter it will take you to the Mozilla folder if its still present after the uninstall of Firefox
russwilsonau
2012-10-10, 16:26
oh, is that all, I did it somewhat differently -- revealed hidden folders/files -- folder removed from AppData Local, also removed it from AppData Roaming --
BUT on re-installing the program hadn't removed the extensions -- so the problem remained unresolved -- still Incredibar there!
obviously installed into one of the extensions, but not by itself
currently re-running SB as I discovered on surveying contents of AppData that PriceGong and Toolbar4 also there -- which SB hadn't reported on earlier
wondering if I "shred" these folders, and all Firefox folders if that will help
not sure where the extensions get installed
proving to be a troublesome little beggar!
The extensions folder was inside the Mozilla folder, did you delete Mozilla ?
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:filefind
incredibar
:folderfind
incredibar
:Regfind
incredibar
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
russwilsonau
2012-10-10, 19:09
well, fingers crossed, it's working properly again -- a pain to fix, but thanks to LastPass and XMarks soon back up to speed
thanks for the assistance
Great, but I would run SystemLook and let me take a peak. Either way I will keep this thread open for you for a few days so post back in a few days with an update
russwilsonau
2012-10-11, 06:38
here's the log -- don't know if this affects other programs, still affects them that is -- opened Google Chrome earlier and it opened a new tab with Incredibar! -- so I've tried to delete the google AppData directory -- twice now -- it started with incredibar after the first deletion -- but I haven't tried again yet
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
SystemLook 30.07.11 by jpshortstuff
Log created at 14:58 on 11/10/2012 by Russell
Administrator - Elevation successful
========== filefind ==========
Searching for "incredibar"
No files found.
========== folderfind ==========
Searching for "incredibar"
No folders found.
========== Regfind ==========
Searching for "incredibar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc\CurVer]
@="esrv.IncredibarESrvc.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd\CurVer]
@="Incredibar.dskBnd.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\0\win32]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\HELPDIR]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppName"="incredibarsrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppPath"="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS]
-= EOF =-
russwilsonau
2012-10-11, 09:44
problems continue with google chrome, despite uninstalling and re-installing chrome (about three times now!) -- here's the log -- not sure if it shows anything different from before -- can't find any incredibar files or folders, but some registry entries
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
SystemLook 30.07.11 by jpshortstuff
Log created at 19:06 on 11/10/2012 by Russell
Administrator - Elevation successful
========== filefind ==========
Searching for "incredibar"
No files found.
========== folderfind ==========
Searching for "incredibar"
No folders found.
========== Regfind ==========
Searching for "incredibar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc\CurVer]
@="esrv.IncredibarESrvc.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd\CurVer]
@="Incredibar.dskBnd.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\0\win32]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\HELPDIR]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppName"="incredibarsrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppPath"="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS]
-= EOF =-
russwilsonau
2012-10-11, 09:53
some people have claimed in discussions on other forums that it's the New Tab extension, but this seems a legitimate extension in the chrome "repository" (or app store, I guess you could call it) but I don't think it is that extension, despite its name/function
despite uninstalling and installing chrome it auto-detects what extensions have been installed before and re-installs them automatically, including, I guess, the contaminated one?
so where are the installed extensions if not under chrome?
Hi,
Where going to make changes to your registry so we need to back it up first
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::
Regisry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Incredibar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc\CurVer]
@="esrv.IncredibarESrvc.1"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd\CurVer]
@="Incredibar.dskBnd.1"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\0\win32]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\HELPDIR]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppName"="incredibarsrv.exe"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppPath"="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS]
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
russwilsonau
2012-10-11, 15:34
thanks, you've been really patient BUT, just to "prove" I'm not making this up
am attaching files created after the attempted fix -- combofix.txt and capture of screen of relaunch of google chrome -- which still has problems -- still no problems with Firefox or IE -- below -- contents of combofix.txt
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ComboFix 12-10-11.01 - Russell 12/10/2012 0:05.4.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.1012.281 [GMT 13:00]
Running from: c:\users\Russell\Desktop\ComboFix.exe
Command switches used :: c:\users\Russell\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\system32\MSVCR100.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-11 to 2012-10-11 )))))))))))))))))))))))))))))))
.
.
2012-10-11 11:56 . 2012-10-11 12:02 -------- d-----w- c:\users\Russell\AppData\Local\temp
2012-10-11 11:56 . 2012-10-11 11:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 17:58 . 2012-10-10 17:58 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3026EC6D-AC11-4658-AE3B-DC6228560D8A}\offreg.dll
2012-10-10 14:28 . 2012-10-10 14:28 0 ----a-w- c:\windows\system32\sho2396.tmp
2012-10-10 14:23 . 2012-10-10 14:23 -------- d-----w- c:\users\Russell\AppData\Local\Mozilla
2012-10-10 03:01 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 03:01 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 02:59 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 02:59 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 02:59 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 02:59 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 02:59 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 02:58 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 02:58 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 00:34 . 2012-10-10 00:34 -------- d-----w- C:\found.003
2012-10-09 11:20 . 2012-10-09 11:20 0 ----a-w- c:\windows\system32\sho2636.tmp
2012-10-09 07:52 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3026EC6D-AC11-4658-AE3B-DC6228560D8A}\mpengine.dll
2012-10-08 13:23 . 2012-10-08 13:23 -------- d-----w- C:\_OTL
2012-10-05 22:50 . 2012-10-05 22:50 -------- d-----w- C:\8e07ef0f1fb298627a7ae926aaec3f
2012-09-29 07:36 . 2012-09-29 07:36 -------- d-----w- c:\program files\ERUNT
2012-09-28 07:03 . 2012-10-07 06:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-28 07:03 . 2012-09-28 07:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-28 04:12 . 2012-09-28 04:12 -------- d-----w- c:\users\Russell\AppData\Roaming\Malwarebytes
2012-09-28 04:12 . 2012-09-28 04:12 -------- d-----w- c:\programdata\Malwarebytes
2012-09-28 04:12 . 2012-09-28 04:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-28 04:12 . 2012-09-07 05:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 08:03 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-26 00:54 . 2012-09-26 00:54 -------- d-----w- c:\program files\CCleaner
2012-09-25 14:15 . 2012-10-11 01:07 -------- d-----w- c:\users\Russell\AppData\Roaming\CX
2012-09-25 14:14 . 2012-09-25 14:15 -------- d-----w- c:\users\Russell\AppData\Local\CX
2012-09-24 11:09 . 2012-09-24 11:09 -------- d-----w- c:\program files\Perion
2012-09-23 14:39 . 2012-09-23 14:39 -------- d-----w- c:\program files\Mr Smoozles Goes Nutso
2012-09-23 12:29 . 2012-10-05 04:29 -------- d-----w- c:\program files\GOG.com
2012-09-23 06:15 . 2012-08-21 01:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-23 06:12 . 2012-09-23 06:12 -------- d-----w- c:\program files\iPod
2012-09-23 06:12 . 2012-09-23 06:15 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-23 06:12 . 2012-09-23 06:15 -------- d-----w- c:\program files\iTunes
2012-09-21 23:35 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-21 23:35 . 2012-08-24 07:34 140936 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-09-21 23:35 . 2012-08-24 06:47 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-09-21 23:35 . 2012-08-24 06:48 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-09-17 01:19 . 2012-09-17 03:57 -------- d-----w- c:\program files\Sigma Team
2012-09-17 01:07 . 2012-09-17 01:12 -------- d-----w- C:\Counter-Strike 2D
2012-09-16 22:57 . 2012-09-16 22:57 -------- d-----w- c:\program files\Cave Story Deluxe
2012-09-16 14:34 . 2006-09-28 04:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2012-09-16 14:34 . 2006-09-28 04:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-09-16 14:34 . 2006-07-27 21:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2012-09-16 14:34 . 2006-07-27 21:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2012-09-16 14:33 . 2005-05-26 03:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-09-16 10:31 . 2012-09-16 10:49 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-09-16 10:31 . 2012-09-16 10:31 -------- d-----w- c:\users\Russell\AppData\Local\Punkbuster
2012-09-16 10:30 . 2012-09-16 11:55 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2012-09-15 03:54 . 2012-09-15 03:54 -------- d-----w- C:\found.002
2012-09-13 08:12 . 2012-09-13 08:12 -------- d-----w- c:\program files\Common Files\Skype
2012-09-13 08:12 . 2012-09-13 08:12 -------- d-----r- c:\program files\Skype
2012-09-12 04:03 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 04:03 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 04:03 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 04:03 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 04:03 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 04:03 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 03:49 . 2012-09-12 03:50 -------- d-----w- C:\09470b656efc966851db
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 19:38 . 2012-06-17 16:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-01 19:38 . 2012-06-17 16:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-01 19:00 . 2012-09-01 19:00 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-01 18:59 . 2012-03-20 01:19 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-01 18:59 . 2012-02-02 05:03 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-29 13:37 . 2012-08-29 13:37 39424 ----a-r- c:\users\Russell\AppData\Roaming\Microsoft\Installer\{88741A14-4C9D-469F-BA36-8FDF6037BB68}\Icon88741A14.exe
2012-08-24 03:58 . 2012-08-03 17:05 405152 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-08-21 09:13 . 2012-07-16 14:47 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-07-16 14:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-07-16 14:47 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-07-16 14:47 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-07-16 14:47 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-07-16 14:47 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-07-16 14:45 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-07-16 14:45 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-21 01:01 . 2012-02-02 07:20 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-01 04:02 . 2012-07-18 02:37 460424 ------w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2012-07-28 09:32 . 2012-03-01 16:59 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-28 09:32 . 2012-03-01 16:59 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-26 02:39 . 2012-08-03 16:12 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-07-26 02:39 . 2012-08-03 16:12 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-07-18 17:47 . 2012-08-15 10:20 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 00:27 . 2012-02-27 06:17 2216480 ------w- c:\windows\wweb32.dll
2012-10-06 02:15 . 2012-10-10 14:22 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-17 16:40 220608 ----a-w- c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-17 16:40 220608 ----a-w- c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-17 16:40 220608 ----a-w- c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]
@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"
[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]
@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"
[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal]
@="{03FB4211-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}]
2012-08-31 02:45 242864 ----a-w- c:\users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified]
@="{03FB4212-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}]
2012-08-31 02:45 242864 ----a-w- c:\users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError]
@="{03FB4213-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}]
2012-08-31 02:45 242864 ----a-w- c:\users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-11-11 2307368]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
c:\windows\system32 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
c:\windows\system32 [X]
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 #UpdateService;Box Sync Auto-updater;c:\program files\Box Sync\UpdateService.exe [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 GFIBckFAtt;GFI BackUp Freeware Attendant Service;c:\progra~1\GFI\GFIBAC~1\GFIFInst.exe [x]
S2 GFIBckFSched;GFI BackUp Freeware Scheduler Service;c:\progra~1\GFI\GFIBAC~1\GFIFSC~1.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [x]
S3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\
FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com/?cmp=fcb|http://nz.yahoo.com/
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(624)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(652)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'Explorer.exe'(1224)
c:\program files\ThreatFire\TfWah.dll
c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\MSVCR110.dll
c:\windows\system32\timedate.cpl
c:\windows\system32\actxprxy.dll
c:\windows\System32\shdocvw.dll
c:\windows\System32\gameux.dll
c:\windows\System32\shacct.dll
c:\windows\system32\MsftEdit.dll
c:\windows\system32\msls31.dll
c:\program files\Common Files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\authui.dll
c:\windows\system32\NetworkExplorer.dll
c:\windows\System32\UIAnimation.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ntshrui.dll
c:\windows\system32\Syncreg.dll
c:\windows\ehome\ehSSO.dll
c:\windows\System32\AltTab.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Bluetooth Suite\AthCopyHook.dll
c:\program files\Box Sync\BoxCopyHookHandler.dll
c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c9bf903caf3cdbad651e4254c8fc78ab\System.Drawing.ni.dll
c:\windows\system32\wwanapi.dll
c:\windows\System32\wscui.cpl
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThreatFire\TFService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-10-12 01:20:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-11 12:20
ComboFix2.txt 2012-10-10 10:14
ComboFix3.txt 2012-10-09 20:46
.
Pre-Run: 156,395,098,112 bytes free
Post-Run: 156,963,450,880 bytes free
.
- - End Of File - - 5D58FBB101C3B593072ADB79DB06CFBE
Rerun SystemLook and lets see if those entries are gone, then run OTL again and post a new log please
russwilsonau
2012-10-11, 19:50
I'm hoping to NOT have to reformat the hard disk and re-install everything BUT
here's the result from SystemLook -- looks exactly the same as before, but haven't checked in detail -- will run OTL now
++++++++++++++++++++++++++++++++++++++++++++++++++++++
SystemLook 30.07.11 by jpshortstuff
Log created at 05:17 on 12/10/2012 by Russell
Administrator - Elevation successful
========== filefind ==========
Searching for "incredibar"
No files found.
========== folderfind ==========
Searching for "incredibar"
No folders found.
========== Regfind ==========
Searching for "incredibar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc\CurVer]
@="esrv.IncredibarESrvc.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd\CurVer]
@="Incredibar.dskBnd.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\0\win32]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\HELPDIR]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppName"="incredibarsrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppPath"="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS]
-= EOF =-
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Incredibar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc\CurVer]
@="esrv.IncredibarESrvc.1"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd\CurVer]
@="Incredibar.dskBnd.1"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\0\win32]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\HELPDIR]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppName"="incredibarsrv.exe"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppPath"="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS]
Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.
If you saved the file correctly it should look like this http://i24.photobucket.com/albums/c30/ken545/reg.jpg
Make sure to back up with ERUNT first
Then lets look over OTL and go from there
russwilsonau
2012-10-11, 22:42
contents of OTL.txt
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
TL logfile created on: 12/10/2012 6:47:24 a.m. - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Russell\Downloads\OTL
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy
1012.30 Mb Total Physical Memory | 69.52 Mb Available Physical Memory | 6.87% Memory free
1.99 Gb Paging File | 0.46 Gb Available in Paging File | 23.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.95 Gb Total Space | 148.35 Gb Free Space | 52.24% Space Free | Partition Type: NTFS
Drive D: | 13.84 Gb Total Space | 1.55 Gb Free Space | 11.18% Space Free | Partition Type: NTFS
Drive E: | 99.00 Mb Total Space | 87.44 Mb Free Space | 88.33% Space Free | Partition Type: FAT32
Computer Name: RUSSELL-HP | User Name: Russell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Russell\Downloads\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Box Sync\UpdateService.exe (Box, Inc.)
PRC - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Program Files\GFI\GFI BackUp Freeware\GFIFInst.exe (GFI Software Ltd.)
PRC - C:\Program Files\GFI\GFI BackUp Freeware\GFIFSched.exe (GFI Software Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
PRC - C:\Program Files\IDT\WDM\AESTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll ()
MOD - C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ae1551d0edae77ab6ccc6b5dc3a90919\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c9bf903caf3cdbad651e4254c8fc78ab\System.Drawing.ni.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d37b6a5c0576b73e54e2027ea1eaf940\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f489585d6cb29313a05dceac6ee1cde1\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f37a9277a565b368c4358befdce25080\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\6b97ba148f663f114bcbbfae7a2752e9\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7edca5be5fb91df4d5eb66097437f546\mscorlib.ni.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
========== Services (SafeList) ==========
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (#UpdateService) -- C:\Program Files\Box Sync\UpdateService.exe (Box, Inc.)
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (BingDesktopUpdate) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (GFIBckFAtt) -- C:\Program Files\GFI\GFI BackUp Freeware\GFIFInst.exe (GFI Software Ltd.)
SRV - (GFIBckFSched) -- C:\Program Files\GFI\GFI BackUp Freeware\GFIFSched.exe (GFI Software Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ThreatFire) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSrv.exe (Andrea Electronics Corporation)
========== Driver Services (SafeList) ==========
DRV - (catchme) -- C:\Users\Russell\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (igddim32) -- C:\Windows\System32\drivers\igddim32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros)
DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros)
DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros)
DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros)
DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros)
DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros)
DRV - (btath_avdt) -- C:\Windows\System32\drivers\btath_avdt.sys (Atheros)
DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (clwvd) -- C:\Windows\System32\drivers\clwvd.sys (CyberLink Corporation)
DRV - (TfSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys (PC Tools)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{1EB53970-B557-5025-3244-737B4FF514AF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\.DEFAULT\..\URLSearchHook: {D0CF9C3B-2C4F-4C99-ACED-3CDF9AEEFF7E} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {D0CF9C3B-2C4F-4C99-ACED-3CDF9AEEFF7E} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.msn.com/?pc=BDT3&ocid=bdtdhp
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes,Backup.Old.DefaultScope = {9655317D-B950-475F-9450-73A32684CFEC}
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes,DefaultScope = {1EB53970-B557-5025-3244-737B4FF514AF}
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{1EB53970-B557-5025-3244-737B4FF514AF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7ITVB_enNZ475
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{4306E828-4997-4C8E-9FE4-9E46CC3276E4}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "http://au.yahoo.com/?cmp=fcb|http://nz.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: {d37dc5d0-431d-44e5-8c91-49419370caa1}:3.1.26
FF - prefs.js..extensions.enabledAddons: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:2.0.6
FF - prefs.js..extensions.enabledAddons: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.7.5
FF - prefs.js..extensions.enabledAddons: {ada4b710-8346-4b82-8199-5de2b400a6ae}:2.0.1
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: tabutilslite@ithinc.cn:1.1.5
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.16
FF - prefs.js..extensions.enabledAddons: zotero@chnm.gmu.edu:3.0.8
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: artur.dubovoy@gmail.com:3.7.1
FF - prefs.js..extensions.enabledAddons: zotfile@columbia.edu:2.2.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\LibreOffice 3.4\program File not found
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin [2012/09/28 18:41:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/27 23:47:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/11 03:22:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/24 19:22:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles/xfb27j5f.default\extensions\superfish@superfish.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files\WordWeb\WCaptureMoz [2012/02/27 19:17:18 | 000,000,000 | ---D | M]
[2012/10/11 03:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Extensions
[2012/10/11 04:57:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions
[2012/10/11 04:04:18 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012/10/11 03:49:59 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/10/11 04:22:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/10/11 03:38:46 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012/10/11 03:52:07 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\foxmarks@kei.com
[2012/10/11 03:38:18 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\support@lastpass.com
[2012/10/11 04:22:21 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\zotero@chnm.gmu.edu
[2012/10/11 04:44:13 | 000,221,242 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\artur.dubovoy@gmail.com.xpi
[2012/10/11 03:55:18 | 000,024,946 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\tabutilslite@ithinc.cn.xpi
[2012/10/11 04:57:42 | 000,406,180 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\zotfile@columbia.edu.xpi
[2012/10/11 03:47:54 | 000,527,037 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi
[2012/10/11 03:57:34 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/10/11 03:47:54 | 000,324,289 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
[2012/08/11 00:32:56 | 000,000,822 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\xpi-details.xsl
[2012/10/11 03:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/06 15:15:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/06 15:15:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/06 15:15:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.co.nz/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.co.nz/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak
CHR - Extension: YouTube = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Proxy SwitchySharp = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\1.9.48_0\
CHR - Extension: LastPass = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.12_0\
CHR - Extension: avast! WebRep = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Search for YouTube Videos = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kabfoagjjgbakjgadhcpoleecfkmhpjm\0.1.0.6_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Gmail = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/10/12 01:01:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 10:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/10/12 01:01:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/10/12 00:56:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/12 00:56:54 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\temp
[2012/10/11 23:47:19 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\ERUNT
[2012/10/11 23:45:36 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\erunt
[2012/10/11 16:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/10/11 14:07:29 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\CX Sync
[2012/10/11 03:23:53 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Mozilla
[2012/10/11 03:23:53 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Mozilla
[2012/10/11 03:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/10/10 16:01:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/10 16:00:43 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/10/10 16:00:42 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/10/10 16:00:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 16:00:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 16:00:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 16:00:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 16:00:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 16:00:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 16:00:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 16:00:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 16:00:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 16:00:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 16:00:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 16:00:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 16:00:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 16:00:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 16:00:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 16:00:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 16:00:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 16:00:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 16:00:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 16:00:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 16:00:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 16:00:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 16:00:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 16:00:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 16:00:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 16:00:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 16:00:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 16:00:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 15:58:57 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/10 15:58:55 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/10 15:29:47 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\NoiseTrade-Summer-Sampler
[2012/10/10 13:34:54 | 000,000,000 | ---D | C] -- C:\found.003
[2012/10/10 08:34:29 | 004,765,263 | R--- | C] (Swearware) -- C:\Users\Russell\Desktop\ComboFix.exe
[2012/10/10 00:32:39 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\INCREDIBAR TESTING
[2012/10/09 21:47:12 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\RICK HANSON VIDEOS
[2012/10/09 07:24:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/09 07:24:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/09 07:24:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/09 07:22:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/09 02:23:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/08 20:13:14 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\GAD
[2012/10/07 09:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012/10/07 01:53:17 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\EMAIL IDs
[2012/10/07 00:21:44 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\MEDITATION -- SELF-COMPASSION
[2012/10/06 11:50:53 | 000,000,000 | ---D | C] -- C:\8e07ef0f1fb298627a7ae926aaec3f
[2012/09/29 20:38:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/09/29 20:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/09/29 20:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/09/28 20:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/09/28 20:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/09/28 20:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/09/28 17:12:52 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Malwarebytes
[2012/09/28 17:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/28 17:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/28 17:12:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/28 17:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/26 21:03:11 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012/09/26 13:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/26 13:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/26 03:15:58 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\CX
[2012/09/26 03:15:11 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CX
[2012/09/26 03:14:37 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\CX
[2012/09/25 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012/09/24 03:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr Smoozles Goes Nutso
[2012/09/24 03:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mr Smoozles Goes Nutso
[2012/09/24 01:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2012/09/24 01:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com
[2012/09/23 19:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/23 19:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/23 19:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/23 19:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/22 12:35:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/22 12:34:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/22 12:34:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/22 12:34:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/22 12:34:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/22 12:34:50 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/22 12:34:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/22 12:34:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/20 22:57:10 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\MSSAT TRUST OTAGO
[2012/09/17 14:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigma Team
[2012/09/17 14:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sigma Team
[2012/09/17 14:07:36 | 000,000,000 | ---D | C] -- C:\Counter-Strike 2D
[2012/09/17 11:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cave Story Deluxe
[2012/09/17 11:57:56 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cave Story Deluxe
[2012/09/17 11:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Cave Story Deluxe
[2012/09/17 03:34:27 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2012/09/17 03:34:25 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2012/09/17 03:34:24 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2012/09/17 03:34:23 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2012/09/17 03:34:22 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2012/09/17 03:34:22 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2012/09/17 03:34:21 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2012/09/17 03:33:54 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2012/09/17 03:33:53 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2012/09/17 03:33:53 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2012/09/17 03:33:52 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2012/09/17 03:33:50 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2012/09/17 03:33:48 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2012/09/17 03:33:47 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2012/09/17 03:33:45 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2012/09/17 03:33:43 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2012/09/16 23:31:22 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Punkbuster
[2012/09/16 23:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Wolfenstein - Enemy Territory
[2012/09/15 16:54:15 | 000,000,000 | ---D | C] -- C:\found.002
[2012/09/13 21:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/13 21:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/13 21:12:25 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/09/12 17:03:38 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/12 17:03:37 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/12 17:03:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/12 17:03:23 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/12 16:49:35 | 000,000,000 | ---D | C] -- C:\09470b656efc966851db
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/10/12 06:50:32 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 06:50:32 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 06:29:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/12 06:29:25 | 796,102,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/12 06:15:12 | 000,001,477 | ---- | M] () -- C:\Users\Russell\Desktop\Regfix.reg
[2012/10/12 05:27:31 | 000,817,869 | ---- | M] () -- C:\Users\Russell\Desktop\How To Hide Your Personal Information On Facebook.maff
[2012/10/12 01:01:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/11 23:53:14 | 004,765,263 | R--- | M] (Swearware) -- C:\Users\Russell\Desktop\ComboFix.exe
[2012/10/11 10:16:05 | 000,734,576 | ---- | M] () -- C:\Users\Russell\Desktop\freecorder6-setup.exe
[2012/10/11 10:14:03 | 000,001,827 | ---- | M] () -- C:\Users\Russell\Desktop\Freecorder.lnk
[2012/10/11 10:12:56 | 000,985,904 | ---- | M] () -- C:\Users\Russell\Desktop\FreecorderSetup.exe
[2012/10/08 23:06:26 | 000,408,820 | ---- | M] () -- C:\Users\Russell\Desktop\(2) acceptance and commitment therapy — Facebook search.maff
[2012/10/08 22:56:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/10/08 14:52:58 | 008,067,631 | ---- | M] () -- C:\Users\Russell\Desktop\At_the_Heart_of_Intimacy_Susan_Johnson.flv
[2012/10/06 12:20:39 | 000,153,870 | ---- | M] () -- C:\Users\Russell\Desktop\Most Psychotropic Meds Increase Driving Risk.maff
[2012/10/04 15:28:51 | 000,000,013 | ---- | M] () -- C:\Windows\System32\WinSys32.crc
[2012/10/02 12:01:56 | 000,665,232 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/02 12:01:56 | 000,125,678 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/25 00:07:50 | 000,000,712 | ---- | M] () -- C:\user.js
[2012/09/16 21:47:00 | 000,001,947 | ---- | M] () -- C:\Users\Russell\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2012/09/15 07:28:53 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/09/13 23:52:19 | 000,002,060 | ---- | M] () -- C:\Users\Russell\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/10/12 06:15:10 | 000,001,477 | ---- | C] () -- C:\Users\Russell\Desktop\Regfix.reg
[2012/10/12 05:24:36 | 000,817,869 | ---- | C] () -- C:\Users\Russell\Desktop\How To Hide Your Personal Information On Facebook.maff
[2012/10/11 10:15:11 | 000,734,576 | ---- | C] () -- C:\Users\Russell\Desktop\freecorder6-setup.exe
[2012/10/11 10:14:03 | 000,001,827 | ---- | C] () -- C:\Users\Russell\Desktop\Freecorder.lnk
[2012/10/11 10:12:17 | 000,985,904 | ---- | C] () -- C:\Users\Russell\Desktop\FreecorderSetup.exe
[2012/10/11 03:23:00 | 000,001,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/09 07:24:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/09 07:24:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/09 07:24:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/09 07:24:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/09 07:24:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/08 23:06:07 | 000,408,820 | ---- | C] () -- C:\Users\Russell\Desktop\(2) acceptance and commitment therapy — Facebook search.maff
[2012/10/08 14:50:56 | 008,067,631 | ---- | C] () -- C:\Users\Russell\Desktop\At_the_Heart_of_Intimacy_Susan_Johnson.flv
[2012/10/06 12:20:18 | 000,153,870 | ---- | C] () -- C:\Users\Russell\Desktop\Most Psychotropic Meds Increase Driving Risk.maff
[2012/09/16 23:31:58 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/08/25 10:31:42 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012/08/24 14:02:51 | 000,001,729 | ---- | C] () -- C:\Users\Russell\AppData\Local\recently-used.xbel
[2012/07/29 19:16:38 | 000,000,061 | ---- | C] () -- C:\ProgramData\DoremisoftSWFSetting.ini
[2012/06/21 06:30:48 | 000,093,696 | ---- | C] () -- C:\Windows\System32\lua5.1a.dll
[2012/05/10 00:38:50 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2012/05/08 00:43:43 | 000,001,089 | ---- | C] () -- C:\Users\Russell\Documents - Shortcut.lnk
[2012/05/07 13:48:05 | 000,042,120 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2012/04/20 23:30:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/03/18 22:00:51 | 000,000,000 | ---- | C] () -- C:\Users\Russell\hsqlprefs.dat
[2012/03/14 18:56:02 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2012/03/01 23:57:34 | 000,000,165 | ---- | C] () -- C:\Users\Russell\.gtkrc-2.0
[2012/02/27 19:17:40 | 002,216,480 | ---- | C] () -- C:\Windows\wweb32.dll
[2012/02/23 00:31:43 | 000,011,776 | ---- | C] () -- C:\Users\Russell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 01:44:00 | 000,003,504 | ---- | C] () -- C:\Users\Russell\Financial Accounts.gnucash
[2012/02/14 23:08:04 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/02/05 03:29:28 | 000,000,224 | ---- | C] () -- C:\Users\Russell\.languagetool-ooo.cfg
[2012/02/02 23:23:25 | 000,899,072 | ---- | C] () -- C:\Users\Russell\AppData\Roaming\SharedSettings.ccs
[2011/12/21 22:42:09 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/12/14 11:57:16 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/12/12 03:22:22 | 000,000,101 | ---- | C] () -- C:\Windows\System32\ud-boot-time.ini
[2011/10/22 22:24:58 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin
[2011/09/15 16:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/09/07 09:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/03/29 21:00:00 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/03/25 08:35:18 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/02 23:43:46 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
========== ZeroAccess Check ==========
[2012/08/11 00:32:56 | 000,000,596 | ---- | M] () -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/14 17:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 17:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 10:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 14:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/04/18 04:27:57 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\.calligra
[2012/05/27 14:48:23 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\.gephi
[2012/07/28 13:06:35 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AnvSoft
[2012/03/06 10:32:13 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Ashampoo
[2012/07/29 05:10:41 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AVCWare
[2012/05/16 14:47:51 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AVG
[2012/02/02 17:21:16 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Blio
[2012/09/08 18:54:50 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Box Desktop
[2012/09/09 23:55:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Box Sync
[2012/02/13 06:07:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\calibre
[2012/08/04 03:21:52 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CBS Interactive
[2012/02/05 15:41:23 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Cocoon Software
[2012/10/04 15:25:35 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CoffeeCup Software
[2012/05/20 17:48:43 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\ColorCop
[2012/10/11 14:07:30 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CX
[2012/02/14 21:15:38 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DAZ 3D
[2012/09/08 02:35:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Docear
[2012/08/04 05:05:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Downloaded Installations
[2012/09/08 18:02:55 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Dropbox
[2012/08/30 02:11:01 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DVDVideoSoft
[2012/08/29 01:34:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/02/04 02:13:30 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\E-Z Contact Book
[2012/06/19 23:12:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Eltima Software
[2012/08/20 00:43:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\eM Client
[2012/03/21 20:03:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\eM Client for SoftMaker
[2012/05/16 02:09:12 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\enchant
[2012/05/27 21:46:26 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\EndNote
[2012/06/25 18:07:07 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FileOpen
[2012/10/11 23:25:07 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FileZilla
[2012/08/04 07:27:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Foxit
[2012/06/16 19:51:33 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Foxit Software
[2012/08/08 06:57:37 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Free Sound Recorder
[2012/02/07 07:27:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FreeCommander
[2012/08/08 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Audio
[2012/08/08 08:47:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Converter
[2012/08/08 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Screen
[2012/08/08 08:48:07 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Video
[2012/02/03 23:44:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FreeFLVConverter
[2012/08/13 07:27:27 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FTPSynchronize
[2012/09/13 23:54:11 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\GlarySoft
[2012/04/29 10:49:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\gtk-2.0
[2012/05/27 15:29:02 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\HistCite
[2012/05/15 13:28:06 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\inkscape
[2012/03/03 23:11:37 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\IObit
[2012/05/17 09:41:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\IrfanView
[2012/05/31 05:01:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\JabRef 2.8
[2012/10/08 00:41:03 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Jarte
[2012/07/28 14:57:39 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\KompoZer
[2012/07/28 15:50:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\kompozer.net
[2012/02/02 17:55:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\LibreOffice
[2012/05/25 03:38:20 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\LyX2.0
[2012/10/12 02:35:39 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\MegaCloud
[2012/09/09 23:20:54 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\MegaCloudBackup
[2012/07/29 07:46:20 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Moyea
[2012/10/08 00:40:38 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Nitro PDF
[2012/04/18 12:23:41 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\onOne Software
[2012/07/04 08:52:39 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\OpenCandy
[2012/05/19 02:07:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\OpenOffice.org
[2012/07/29 00:35:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Opera
[2012/07/04 08:57:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Paltalk
[2012/05/20 23:08:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\picpick
[2012/02/15 05:43:06 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\postgresql
[2012/05/28 02:01:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Publish or Perish
[2012/02/07 22:06:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Quantisle
[2012/08/04 04:17:17 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RapidTyping
[2012/07/28 14:51:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RecoolTec
[2012/04/17 15:54:04 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RegistryKeys
[2012/08/13 00:55:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RiseFly
[2012/06/25 16:28:27 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Smart PDF Converter Pro
[2012/07/17 13:55:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\SoftGrid Client
[2012/03/21 20:42:01 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\SoftMaker
[2012/02/02 16:41:42 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Synaptics
[2012/08/13 01:43:49 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Sync App Settings
[2012/08/11 00:05:26 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Thunderbird
[2012/03/14 06:42:58 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Titler
[2012/02/02 18:09:58 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\TP
[2012/05/05 19:15:14 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\uTorrent
[2012/07/28 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\VIP Video Converter
[2012/02/03 19:21:42 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Windows Live Writer
[2012/07/28 14:12:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/07/29 05:35:51 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Xilisoft
[2012/02/03 00:55:24 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Zotero
[2012/03/16 15:07:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\ZScreen
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4
< End of report >
russwilsonau
2012-10-11, 22:53
Google Chrome STILL producing new tabs with Incredibar
This is what I would do, uninstall Chrome and then go to C:/Program Files and delete the Chrome folder if its still present
Give this a shot
http://www.bleepingcomputer.com/download/adwcleaner/
russwilsonau
2012-10-12, 10:41
uninstalled chrome and re-installed several times, after checking with that program, and despite having the HOST PuPs program installed but still Incredibar is still there -- see graphic
and here's the report showing it's been trialled several times but not once did it report finding Incredibar
+++++++++++++++++++++++++++++++++++++++++++++++++++++
# AdwCleaner v2.004 - Logfile created 10/12/2012 at 20:33:03
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Russell - RUSSELL-HP
# Boot Mode : Normal
# Running from : C:\Users\Russell\Desktop\AdwCleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v16.0.1 (en-US)
Profile name : default
File : C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\84emq8ne.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [7042 octets] - [12/10/2012 15:21:08]
AdwCleaner[R2].txt - [7102 octets] - [12/10/2012 15:29:54]
AdwCleaner[S1].txt - [7026 octets] - [12/10/2012 15:33:20]
AdwCleaner[R3].txt - [1873 octets] - [12/10/2012 15:47:16]
AdwCleaner[R4].txt - [1933 octets] - [12/10/2012 16:20:18]
AdwCleaner[S2].txt - [2009 octets] - [12/10/2012 16:25:51]
AdwCleaner[R5].txt - [1189 octets] - [12/10/2012 17:25:04]
AdwCleaner[S3].txt - [1249 octets] - [12/10/2012 17:26:58]
AdwCleaner[R6].txt - [1464 octets] - [12/10/2012 18:07:44]
AdwCleaner[S4].txt - [1524 octets] - [12/10/2012 18:09:19]
AdwCleaner[R7].txt - [1287 octets] - [12/10/2012 18:37:31]
AdwCleaner[R8].txt - [1310 octets] - [12/10/2012 19:00:17]
AdwCleaner[R9].txt - [1551 octets] - [12/10/2012 19:20:49]
AdwCleaner[R10].txt - [1613 octets] - [12/10/2012 19:36:19]
AdwCleaner[R11].txt - [1674 octets] - [12/10/2012 20:13:00]
AdwCleaner[S5].txt - [1733 octets] - [12/10/2012 20:14:22]
AdwCleaner[R12].txt - [1819 octets] - [12/10/2012 20:33:03]
########## EOF - C:\AdwCleaner[R12].txt - [1880 octets] ##########
russwilsonau
2012-10-12, 11:00
problem persists in Google Chrome -- see attached
Try this
Uninstall a program called WebAssistant, it comes with Incredimail / Incredibar and hides the search engine control program.
Remove MyStart in Google Chrome:
1. Open Google Chrome.
2. Click on the Wrench icon on top right corner of the browser.
3. Choose “Settings” from the drop down list.
4. Select “Basics.”
5. Click on “Manage search engines” under SEARCH settings area.
6. Hover your mouse to a preferred search engine and click “Make default.”
7. You can now remove MyStart by Incredibar search by clicking on the X mark.
russwilsonau
2012-10-12, 15:24
Thanks BUT
-- I wasn't happy with WebAssistant so un-installed it before I started corresponding with this forum
see attached JPGs for remaining problem
-- Google set up as default search by Google on install
-- only Yahoo and Bing available as search engines -- no other search engines "available"
problem persists
re-running AdwCleaner doesn't reveal Incredibar as adware -- never has, BUT
Go to Start > Run and type in REGEDIT then OK
When it opens go to
HKEY_LOCAL_MACHINE and click on the + sign to open it
Then on the left pane click on Software and right click and delete Incredibar and WebAssistant
Then go to
HKEY_CURRENT_USER
Then on the left pane click on Software and right click and delete Incredibar and WebAssistant
Then I would uninstall Chrome ,
Go to C\Program Files and delete Chrome folder if still present
russwilsonau
2012-10-12, 16:18
thought I'd share something with you I never thought I'd see again -- see attached jpg
on starting re-installed Chrome I had three extensions that came up -- I've seen people talk about manually removing extensions using the address bar
about:config
and similar modifications to the way the program was installed
BUT I thought I'd remove the three extensions as a final last ditch attempt -- as I said I test pages for web creation and didn't want to do without Chrome if I could avoid it -- it is the most popular browser numerically
(sorry, I can't remember what the three extensions were, but one WAS New Tab)
one final thing -- one has to make sure MyStart is no longer one of the default pages openinng when Chrome starts -- it opened automatically and I thought I had mucked it up again! before it opened up with each new tab but after changing that option it's now working OK
so who knows what "the" effective step was -- or what combination BUT
Great, prior to reinstalling Chrome, did you remove those entries with Regedit
russwilsonau
2012-10-13, 03:52
yep, followed all the steps you suggested, so it's hard to understand just what step, or steps, were effective, but that probably helped, so thanks for that -- I'm not experienced with editing the registry, just rely on the "packaged" programs, like Advanced System Care to rremove the "leftovers" from installs.
Thanks for everything
It could have been any number of those fixes I posted but you also had a hand in it yourself trying to remove it :bigthumb:
Glad things are back to normal for you :)
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.