PDA

View Full Version : mystart.incredibar.com/?loc=CH_NT malware


003294
2012-10-16, 14:59
DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by YR at 13:33:10 on 2012-10-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4009.2261 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Users\YR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\YR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\YR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\YR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\YR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\YR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredibar.com/mb128?a=6PQMJIR3uD&i=26
uDefault_Page_URL = hxxp://ts.fujitsu.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\YR\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IndicatorUtility] "C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
mRun: [snp2uvc] C:\Windows\vsnp2uvc.exe
mRun: [DeskUpdateNotifier] "c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{3F7562C9-F27E-463D-8296-32ADF363F79A} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{513A9D91-8545-4E80-B3DB-05192565187A} : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
x64-Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
x64-Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
x64-Run: [PfNet] "C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe" /r
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
x64-Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
x64-Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 FBIOSDRV;Fujitsu BIOS Driver;C:\Windows\System32\drivers\FBIOSDRV.sys [2010-11-15 21104]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-9-30 969200]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-9-30 359464]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-9-30 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-9-30 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-30 44808]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 PFNService;PFNService;C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-10-7 331776]
R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2011-5-7 63336]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-9-21 2656280]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-3-8 51712]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-3-8 274944]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\System32\drivers\fuj02e3.sys [2010-10-12 7296]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-3-22 59904]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-2 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-3-24 25496]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-4-7 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2011-5-31 8507392]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-5-7 245792]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-17 412776]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-3-24 42392]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-20 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-20 136176]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-3-24 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-27 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-10-16 12:14:55 -------- d-----w- C:\Users\YR\AppData\Roaming\Malwarebytes
2012-10-16 12:14:42 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-16 12:14:39 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-16 12:14:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-15 19:58:10 -------- d-----w- C:\Program Files (x86)\Perion
2012-10-15 19:57:36 -------- d-----w- C:\Windows\SysWow64\WNLT
2012-10-15 19:56:06 -------- d-----w- C:\ProgramData\Tarma Installer
2012-10-15 19:56:00 -------- d-----w- C:\Program Files (x86)\OnlineHD.TV
2012-10-13 14:18:52 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C55E040-D79D-4E37-955D-78D51BB39247}\mpengine.dll
2012-10-11 11:43:20 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-11 11:43:18 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-11 11:43:17 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-10-11 11:43:16 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-11 11:43:06 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-11 11:43:05 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-11 11:43:05 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-11 11:43:03 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-11 11:41:41 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-11 11:41:40 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-11 11:41:40 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-11 11:41:39 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-11 11:41:38 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-11 11:41:38 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-03 21:11:44 -------- d-----w- C:\Users\YR\AppData\Local\MetaGeek,_LLC
2012-10-03 20:09:35 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-10-03 18:57:25 -------- d-----w- C:\Users\YR\AppData\Local\LogMeIn Rescue Applet
2012-10-03 18:31:10 -------- d-----w- C:\Users\YR\AppData\Local\Adobe
2012-09-30 21:31:21 -------- d-----w- C:\Users\YR\AppData\Local\Apple Computer
2012-09-30 21:31:08 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-30 21:30:05 -------- d-----w- C:\Program Files\iPod
2012-09-30 21:30:01 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-30 21:30:01 -------- d-----w- C:\Program Files\iTunes
2012-09-30 21:30:01 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-30 21:28:50 -------- d-----w- C:\Users\YR\AppData\Local\Apple
2012-09-30 21:27:05 -------- d-----w- C:\Program Files\Bonjour
2012-09-30 21:27:05 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-09-30 21:20:52 -------- d-----w- C:\Users\YR\AppData\Local\CrashDumps
2012-09-30 21:12:22 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-09-30 21:12:20 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-09-30 21:12:19 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-09-30 21:11:35 41224 ----a-w- C:\Windows\avastSS.scr
2012-09-30 19:59:18 -------- d-----w- C:\Users\YR\AppData\Roaming\SoftGrid Client
2012-09-30 19:59:18 -------- d-----w- C:\Users\YR\AppData\Local\SoftGrid Client
2012-09-30 19:58:13 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-09-30 19:58:02 -------- d-----w- C:\Users\YR\AppData\Roaming\TP
2012-09-27 21:17:40 -------- d-----w- C:\Windows\SysWow64\Wat
2012-09-27 21:17:40 -------- d-----w- C:\Windows\System32\Wat
2012-09-26 08:23:06 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-09-24 21:59:50 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-09-24 21:39:36 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-09-24 21:39:36 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-09-24 21:39:36 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-09-24 21:39:35 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-09-24 21:39:35 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-09-23 21:42:57 -------- d-----w- C:\Users\YR\AppData\Local\Diagnostics
2012-09-23 21:24:41 895088 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-23 21:24:23 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-23 21:24:13 710992 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-21 03:51:00 662016 ----a-w- C:\Windows\vsnp2uvc.exe
2012-09-21 03:51:00 375808 ----a-w- C:\Windows\System32\vsnp2uvc.dll
2012-09-21 03:51:00 35456 ----a-w- C:\Windows\System32\drivers\sncduvc.sys
2012-09-21 03:51:00 306176 ----a-w- C:\Windows\SysWow64\vsnp2uvc.dll
2012-09-21 03:51:00 245760 ----a-w- C:\Windows\SysWow64\rsnp2uvc.dll
2012-09-21 03:51:00 24576 ----a-w- C:\Windows\snuvcdsm.exe
2012-09-21 03:51:00 242176 ----a-w- C:\Windows\System32\csnp2uvc.dll
2012-09-21 03:51:00 240640 ----a-w- C:\Windows\System32\rsnp2uvc.dll
2012-09-21 03:51:00 1801216 ----a-w- C:\Windows\System32\drivers\snp2uvc.sys
2012-09-21 03:51:00 -------- d-----w- C:\Program Files (x86)\Common Files\SNP2UVC
2012-09-21 03:49:57 83 ------w- C:\Windows\System32\IHV_Install.bat
2012-09-21 03:49:40 -------- d-----w- C:\ProgramData\Roaming
2012-09-21 03:49:09 -------- d-----w- C:\Program Files (x86)\Cisco
2012-09-21 03:48:57 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2012-09-21 03:48:53 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-09-20 22:14:01 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2012-09-20 22:14:01 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2012-09-20 22:14:01 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2012-09-20 22:14:00 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2012-09-20 22:14:00 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2012-09-20 22:12:59 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2012-09-20 22:10:53 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-09-20 22:07:47 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-09-20 20:23:45 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-09-20 20:23:45 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-09-20 20:23:45 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-09-20 20:17:50 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-09-20 20:17:37 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-09-20 20:17:37 -------- d-----w- C:\Users\YR\AppData\Local\Google
2012-09-20 20:17:27 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-09-20 20:17:27 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-09-20 20:14:09 -------- d-----w- C:\Users\YR\AppData\Roaming\Fujitsu Launch Center
2012-09-20 20:13:52 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-20 20:11:51 -------- d-----w- C:\Users\YR\AppData\Local\VirtualStore
2012-09-20 20:11:43 -------- d-----w- C:\Program Files (x86)\Intel Corporation
2012-09-20 20:11:43 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-09-20 20:10:21 -------- d-----w- C:\ProgramData\Fujitsu
2012-09-20 20:09:04 112128 ----a-w- C:\Program Files\Windows Sidebar\Shared Gadgets\eBayGadgetFS.gadget\Bin\eBayGadget.dll
.
==================== Find3M ====================
.
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-21 12:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 12:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 13:34:21.32 ===============
ken545
2012-10-17, 00:29
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR


uninstall a program called WebAssistant, it comes with Incredimail / Incredibar and hides the search engine control program.



MyStart is an adware program. There should be an add/remove entry from control panel that you may use to uninstall MyStart. You can also try this procedure to remove it from different browsers.

Remove MyStart in Internet Explorer:
1. Open Internet Explorer.
2. Go to Tools > Options.
3. On General tab, proceed to ”Change search defaults” and click the “Settings” button.
4. You will see a list of search providers. Select your desired search provider and click the button “Set as default” to replace MyStart by Incredibar.
5. You may now remove MyStart from the list.

Remove MyStart in Mozilla Firefox:
1. Open Mozilla Firefox Internet Browser.
2. On Google’s Search box, click the “arrow down” beside the logo.
3. Select “Manage Search Engine” from the drop-down list.
4. Choose your desired search default (like Google) and click the button “Move up.” It should be on the top of the list to set it as default.
5. You can now remove other installed search engine.

Remove MyStart in Google Chrome:
1. Open Google Chrome.
2. Click on the Wrench icon on top right corner of the browser.
3. Choose “Settings” from the drop down list.
4. Select “Basics.”
5. Click on “Manage search engines” under SEARCH settings area.
6. Hover your mouse to a preferred search engine and click “Make default.”
7. You can now remove MyStart by Incredibar search by clicking on the X mark.
003294
2012-10-17, 20:39
Done but when I click on a new tab I still get that my incredible page come up on google chrome, problem fixed with IE and firefox
003294
2012-10-17, 20:41
Is it worth me uninstalling chrome and re installing?
ken545
2012-10-17, 22:44
Yes, but hang on because if its not a complete uninstall when you install the new one incredibar will be back

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
003294
2012-10-17, 23:08
OTL logfile created on: 10/17/2012 9:51:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\YR\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 62.91% Memory free
7.83 Gb Paging File | 6.24 Gb Available in Paging File | 79.78% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 345.13 Gb Total Space | 305.59 Gb Free Space | 88.54% Space Free | Partition Type: NTFS
Drive D: | 100.00 Gb Total Space | 64.51 Gb Free Space | 64.51% Space Free | Partition Type: NTFS

Computer Name: YR-PC | User Name: YR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\YR\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
PRC - C:\Windows\vsnp2uvc.exe (Sonix)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)


========== Modules (No Company Name) ==========

MOD - C:\Users\YR\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\YR\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\YR\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll ()
MOD - C:\Users\YR\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll ()
MOD - C:\Users\YR\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll ()
MOD - C:\Users\YR\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll ()
MOD - C:\Users\YR\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll ()
MOD - C:\Users\YR\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\log4net\9833bcbd6eb1461bf506e09b40a2188b\log4net.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeskUpdateNotifier\d7b6da7018ea1a67efb6f4c5e41d1ef0\DeskUpdateNotifier.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (PFNService) -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe (FUJITSU LIMITED)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (PowerSavingUtilityService) -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (FBIOSDRV) -- C:\Windows\SysNative\drivers\FBIOSDRV.sys (FUJITSU LIMITED)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (FUJ02E3) -- C:\Windows\SysNative\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV:64bit: - (FUJ02B1) -- C:\Windows\SysNative\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}
IE:64bit: - HKLM\..\SearchScopes\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}
IE - HKLM\..\SearchScopes\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-288869447-1382899389-2484242644-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ts.fujitsu.com
IE - HKU\S-1-5-21-288869447-1382899389-2484242644-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKU\S-1-5-21-288869447-1382899389-2484242644-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-288869447-1382899389-2484242644-1000\..\SearchScopes,DefaultScope = {E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}
IE - HKU\S-1-5-21-288869447-1382899389-2484242644-1000\..\SearchScopes\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG_enGB502
IE - HKU\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\YR\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\YR\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox

[2012/10/15 20:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\YR\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/10/15 20:56:02 | 000,189,644 | ---- | M] () (No name found) -- C:\Users\YR\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\onlinehdtv@onlinehd.tv.xpi
[2012/10/15 20:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\YR\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\YR\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\YR\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\YR\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: avast! WebRep = C:\Users\YR\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\YR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-288869447-1382899389-2484242644-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-288869447-1382899389-2484242644-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F7562C9-F27E-463D-8296-32ADF363F79A}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{513A9D91-8545-4E80-B3DB-05192565187A}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========
003294
2012-10-17, 23:09
[2012/10/17 21:49:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\YR\Desktop\OTL.exe
[2012/10/16 13:55:19 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Roaming\Windows Live Writer
[2012/10/16 13:55:19 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Local\Windows Live Writer
[2012/10/16 13:53:57 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Local\WinZip
[2012/10/16 13:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012/10/16 13:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012/10/16 13:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/10/16 13:14:55 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Roaming\Malwarebytes
[2012/10/16 13:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/16 13:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/16 13:14:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/16 13:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/15 20:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion
[2012/10/15 20:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/15 20:57:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT
[2012/10/15 20:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/10/15 20:56:02 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Roaming\Mozilla
[2012/10/15 20:56:01 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OnlineHD.TV
[2012/10/15 20:56:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnlineHD.TV
[2012/10/11 12:43:18 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/11 12:43:17 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/11 12:43:16 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/11 12:43:06 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/11 12:43:06 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/11 12:43:05 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/11 12:43:05 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/11 12:42:57 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/11 12:42:57 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/11 12:42:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/11 12:42:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/11 12:42:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/11 12:42:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/11 12:42:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/11 12:42:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/11 12:42:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/11 12:42:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/11 12:42:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/11 12:42:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/11 12:42:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/11 12:42:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/11 12:42:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/11 12:42:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/11 12:42:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/11 12:42:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/11 12:42:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/11 12:42:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/11 12:42:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/11 12:42:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/11 12:42:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/11 12:42:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/11 12:42:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/11 12:42:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/11 12:42:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/11 12:42:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/11 12:42:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/11 12:42:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/11 12:42:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/11 12:42:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/11 12:42:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/11 12:42:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/11 12:42:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/11 12:42:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/11 12:42:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/11 12:42:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/11 12:42:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/11 12:42:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/11 12:42:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/11 12:42:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/11 12:42:38 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/11 12:41:41 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/11 12:41:39 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/03 22:11:44 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Local\MetaGeek,_LLC
[2012/10/03 22:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2012/10/03 21:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/10/03 19:57:25 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Local\LogMeIn Rescue Applet
[2012/10/03 19:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/10/03 19:31:10 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Roaming\Adobe
[2012/10/03 19:31:10 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Local\Adobe
[2012/09/30 22:31:21 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Local\Apple Computer
[2012/09/30 22:31:19 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Roaming\Apple Computer
[2012/09/30 22:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/30 22:31:08 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/09/30 22:31:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/09/30 22:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/30 22:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/30 22:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/09/30 22:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/09/30 22:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/09/30 22:28:50 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Local\Apple
[2012/09/30 22:28:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/09/30 22:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/09/30 22:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/09/30 22:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/09/30 22:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/09/30 22:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/09/30 22:20:52 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Local\CrashDumps
[2012/09/30 22:12:27 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/09/30 22:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/09/30 22:12:26 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/09/30 22:12:22 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/09/30 22:12:21 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/09/30 22:12:20 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/09/30 22:12:19 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/09/30 22:11:35 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/09/30 22:11:33 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/09/30 20:59:18 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Roaming\SoftGrid Client
[2012/09/30 20:59:18 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Local\SoftGrid Client
[2012/09/30 20:58:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/09/30 20:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/09/30 20:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012/09/30 20:58:02 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Roaming\TP
[2012/09/27 22:17:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/09/27 22:17:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/09/26 09:18:16 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/26 09:18:14 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/09/26 09:18:14 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/09/26 09:18:06 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/09/26 09:18:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/09/26 09:18:05 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/09/26 09:18:04 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/09/26 09:18:04 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/09/26 09:18:04 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/09/26 09:18:03 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/09/24 22:59:50 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012/09/24 22:50:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/24 22:50:04 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/24 22:50:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/24 22:50:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/24 22:50:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/24 22:50:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/24 22:50:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/24 22:50:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/24 22:50:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/24 22:50:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/24 22:49:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/24 22:49:59 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/24 22:49:55 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/24 22:49:55 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/24 22:49:55 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/24 22:39:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/09/24 22:39:36 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/09/23 22:42:57 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Local\Diagnostics
[2012/09/21 04:51:00 | 000,662,016 | ---- | C] (Sonix) -- C:\Windows\vsnp2uvc.exe
[2012/09/21 04:51:00 | 000,375,808 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysNative\vsnp2uvc.dll
[2012/09/21 04:51:00 | 000,306,176 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysWow64\vsnp2uvc.dll
[2012/09/21 04:51:00 | 000,242,176 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysNative\csnp2uvc.dll
[2012/09/21 04:51:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SNP2UVC
[2012/09/21 04:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FJ Camera
[2012/09/21 04:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2012/09/21 04:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2012/09/21 04:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012/09/21 04:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012/09/21 04:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012/09/20 23:14:36 | 000,000,000 | ---D | C] -- C:\Users\YR\Documents\Downloads
[2012/09/20 23:14:35 | 000,000,000 | ---D | C] -- C:\Users\YR\Documents\Betfair
[2012/09/20 23:14:34 | 000,000,000 | ---D | C] -- C:\Users\YR\Documents\ODDS
[2012/09/20 23:14:34 | 000,000,000 | ---D | C] -- C:\Users\YR\Documents\New Folder
[2012/09/20 23:14:31 | 000,000,000 | ---D | C] -- C:\Users\YR\Documents\MB
[2012/09/20 23:14:01 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/09/20 23:14:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/09/20 23:13:57 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/09/20 23:13:56 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/09/20 23:13:40 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/09/20 23:13:39 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/09/20 23:13:38 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/09/20 23:13:38 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/09/20 23:13:38 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/09/20 23:13:38 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/09/20 23:13:38 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/09/20 23:13:38 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/09/20 23:13:38 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/09/20 23:13:35 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/09/20 23:13:31 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/09/20 23:13:24 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/09/20 23:13:24 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/09/20 23:13:22 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/09/20 23:13:20 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/09/20 23:13:16 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/09/20 23:13:16 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/09/20 23:13:16 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/09/20 23:13:15 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/09/20 23:13:11 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/09/20 23:13:08 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/09/20 23:13:08 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/09/20 23:13:08 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/09/20 23:13:07 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/09/20 23:13:07 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/09/20 23:13:07 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/09/20 23:13:07 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/09/20 23:13:07 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/09/20 23:13:06 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/09/20 23:13:06 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/09/20 23:13:06 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/09/20 23:13:06 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/09/20 23:13:06 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/09/20 23:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/09/20 23:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/20 23:12:51 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/09/20 23:12:50 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/09/20 23:12:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/09/20 23:12:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/09/20 23:12:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/09/20 23:12:47 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/09/20 23:12:47 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/09/20 23:12:46 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/09/20 23:12:46 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/09/20 23:12:46 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/09/20 23:12:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/09/20 23:12:45 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/09/20 23:12:42 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/09/20 23:12:42 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/09/20 23:12:40 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/09/20 23:12:40 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/09/20 23:12:40 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/09/20 23:12:39 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/09/20 23:12:36 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/20 23:12:28 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/20 23:12:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/09/20 23:12:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/09/20 23:12:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/09/20 23:12:13 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/09/20 23:12:13 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/09/20 23:12:13 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/09/20 23:12:13 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/09/20 23:12:13 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/09/20 23:12:04 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/09/20 23:12:03 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/20 23:12:02 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/09/20 23:12:02 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/09/20 23:12:02 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/20 23:12:02 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/09/20 23:12:02 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/09/20 23:11:59 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/09/20 23:11:59 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/09/20 23:11:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/09/20 23:11:25 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/09/20 23:11:25 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/09/20 23:11:25 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/09/20 23:11:24 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/09/20 23:11:19 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/09/20 23:11:18 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/09/20 23:11:17 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/09/20 23:11:17 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/09/20 23:11:17 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/09/20 23:11:17 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/09/20 23:11:17 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/09/20 23:11:17 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/09/20 23:11:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/09/20 23:11:01 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/09/20 23:11:01 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/09/20 23:10:53 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/09/20 23:10:53 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/09/20 23:10:39 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/09/20 23:10:38 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/09/20 23:10:30 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/09/20 23:10:28 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/09/20 23:10:25 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/09/20 23:10:25 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/09/20 23:10:24 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/09/20 23:10:23 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/09/20 23:10:06 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/09/20 23:10:03 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/09/20 23:10:02 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/09/20 23:10:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/09/20 21:23:45 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/09/20 21:23:45 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/09/20 21:19:34 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/09/20 21:17:50 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/09/20 21:17:50 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/09/20 21:17:50 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/09/20 21:17:37 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/09/20 21:17:37 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/09/20 21:17:37 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/09/20 21:17:37 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Roaming\Google
[2012/09/20 21:17:37 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Local\Google
[2012/09/20 21:17:27 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/09/20 21:17:27 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/09/20 21:14:09 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Roaming\Fujitsu Launch Center
[2012/09/20 21:13:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/20 21:11:51 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Local\VirtualStore
[2012/09/20 21:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
[2012/09/20 21:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel Corporation
[2012/09/20 21:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2012/09/20 21:11:27 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2012/09/20 21:11:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2012/09/20 21:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Fujitsu
[2012/09/20 21:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012/09/20 21:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LifeBook Application Panel
[2012/09/20 21:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/09/20 21:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/09/20 21:00:41 | 000,000,000 | RHSD | C] -- C:\Users\YR\Documents\My Videos
[2012/09/20 21:00:41 | 000,000,000 | RHSD | C] -- C:\Users\YR\Documents\My Pictures
[2012/09/20 21:00:41 | 000,000,000 | RHSD | C] -- C:\Users\YR\Documents\My Music
[2012/09/20 21:00:41 | 000,000,000 | -HSD | C] -- C:\Users\YR\AppData\Local\Temporary Internet Files
[2012/09/20 21:00:41 | 000,000,000 | -HSD | C] -- C:\Users\YR\Templates
[2012/09/20 21:00:41 | 000,000,000 | -HSD | C] -- C:\Users\YR\Start Menu
[2012/09/20 21:00:41 | 000,000,000 | -HSD | C] -- C:\Users\YR\SendTo
[2012/09/20 21:00:41 | 000,000,000 | -HSD | C] -- C:\Users\YR\Recent
[2012/09/20 21:00:41 | 000,000,000 | -HSD | C] -- C:\Users\YR\PrintHood
[2012/09/20 21:00:41 | 000,000,000 | -HSD | C] -- C:\Users\YR\NetHood
[2012/09/20 21:00:41 | 000,000,000 | -HSD | C] -- C:\Users\YR\My Documents
[2012/09/20 21:00:41 | 000,000,000 | -HSD | C] -- C:\Users\YR\Local Settings
[2012/09/20 21:00:41 | 000,000,000 | -HSD | C] -- C:\Users\YR\AppData\Local\History
[2012/09/20 21:00:41 | 000,000,000 | -HSD | C] -- C:\Users\YR\Cookies
[2012/09/20 21:00:41 | 000,000,000 | -HSD | C] -- C:\Users\YR\Application Data
[2012/09/20 21:00:41 | 000,000,000 | -HSD | C] -- C:\Users\YR\AppData\Local\Application Data
[2012/09/20 21:00:39 | 000,000,000 | --SD | C] -- C:\Users\YR\AppData\Roaming\Microsoft
[2012/09/20 21:00:39 | 000,000,000 | R--D | C] -- C:\Users\YR\Videos
[2012/09/20 21:00:39 | 000,000,000 | R--D | C] -- C:\Users\YR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/09/20 21:00:39 | 000,000,000 | R--D | C] -- C:\Users\YR\Searches
[2012/09/20 21:00:39 | 000,000,000 | R--D | C] -- C:\Users\YR\Saved Games
[2012/09/20 21:00:39 | 000,000,000 | R--D | C] -- C:\Users\YR\Pictures
[2012/09/20 21:00:39 | 000,000,000 | R--D | C] -- C:\Users\YR\Music
[2012/09/20 21:00:39 | 000,000,000 | R--D | C] -- C:\Users\YR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/09/20 21:00:39 | 000,000,000 | R--D | C] -- C:\Users\YR\Links
[2012/09/20 21:00:39 | 000,000,000 | R--D | C] -- C:\Users\YR\Favorites
[2012/09/20 21:00:39 | 000,000,000 | R--D | C] -- C:\Users\YR\Downloads
[2012/09/20 21:00:39 | 000,000,000 | R--D | C] -- C:\Users\YR\Documents
[2012/09/20 21:00:39 | 000,000,000 | R--D | C] -- C:\Users\YR\Desktop
[2012/09/20 21:00:39 | 000,000,000 | R--D | C] -- C:\Users\YR\Contacts
[2012/09/20 21:00:39 | 000,000,000 | R--D | C] -- C:\Users\YR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/09/20 21:00:39 | 000,000,000 | R--D | C] -- C:\Users\YR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/09/20 21:00:39 | 000,000,000 | -H-D | C] -- C:\Users\YR\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/09/20 21:00:39 | 000,000,000 | -H-D | C] -- C:\Users\YR\AppData
[2012/09/20 21:00:39 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Local\Windows Live
[2012/09/20 21:00:39 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Local\Temp
[2012/09/20 21:00:39 | 000,000,000 | ---D | C] -- C:\Users\YR\Roaming
[2012/09/20 21:00:39 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Local\Microsoft
[2012/09/20 21:00:39 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Roaming\Intel
[2012/09/20 21:00:39 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Roaming\Identities
[2012/09/20 21:00:39 | 000,000,000 | ---D | C] -- C:\Users\YR\AppData\Roaming\Fujitsu
[2012/09/20 21:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner
[2012/09/20 21:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/09/20 21:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/09/20 21:00:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/09/20 20:58:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[2012/10/17 21:49:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\YR\Desktop\OTL.exe
[2012/10/17 21:29:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/17 21:28:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-288869447-1382899389-2484242644-1000UA.job
[2012/10/17 20:59:04 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 20:59:04 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 20:51:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/17 20:50:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/17 20:50:18 | 3152,547,840 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/16 13:57:33 | 000,001,946 | ---- | M] () -- C:\Users\YR\Desktop\attach.zip
[2012/10/16 13:52:19 | 000,002,283 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012/10/16 13:14:44 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/16 12:50:34 | 000,000,215 | ---- | M] () -- C:\Users\YR\Desktop\f siemens.rtf
[2012/10/15 20:58:05 | 000,000,447 | ---- | M] () -- C:\user.js
[2012/10/11 22:28:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-288869447-1382899389-2484242644-1000Core.job
[2012/10/02 20:36:55 | 005,150,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/02 20:36:55 | 000,748,340 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/10/02 20:36:55 | 000,748,184 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/10/02 20:36:55 | 000,746,054 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012/10/02 20:36:55 | 000,742,876 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/10/02 20:36:55 | 000,699,624 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/10/02 20:36:55 | 000,665,232 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/02 20:36:55 | 000,161,808 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/10/02 20:36:55 | 000,156,400 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012/10/02 20:36:55 | 000,152,776 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/10/02 20:36:55 | 000,152,266 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/10/02 20:36:55 | 000,150,272 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/10/02 20:36:55 | 000,125,678 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/01 22:31:29 | 005,200,976 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/30 22:12:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/09/30 22:04:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/09/26 09:06:20 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/21 04:58:05 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/09/21 04:58:05 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/09/21 04:49:57 | 000,000,083 | ---- | M] () -- C:\Windows\SysNative\IHV_Install.bat
[2012/09/20 23:06:53 | 000,000,355 | ---- | M] () -- C:\Users\YR\Desktop\Computer - Shortcut.lnk
[2012/09/20 21:17:32 | 000,001,443 | ---- | M] () -- C:\Users\YR\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/20 21:12:19 | 000,000,012 | ---- | M] () -- C:\Windows\SysWow64\drivers\10CF_FUJITSU_FTS_LIFEBOOK AH531_PI_FUJITSU_FJNBB0F_Default System BIOS_FUJ - 1_1.31_Intel(R) HD Graphics Family.MRK
[2012/09/20 21:12:19 | 000,000,012 | ---- | M] () -- C:\Windows\SysNative\drivers\10CF_FUJITSU_FTS_LIFEBOOK AH531_PI_FUJITSU_FJNBB0F_Default System BIOS_FUJ - 1_1.31_Intel(R) HD Graphics Family.MRK
[2012/09/20 21:11:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iwdbus_01009.Wdf
[2012/09/20 21:11:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WDKMD_01009.Wdf
[2012/09/20 21:08:07 | 000,001,296 | ---- | M] () -- C:\Windows\SysWow64\TRACE.trace
[2012/09/20 21:01:07 | 000,015,406 | ---- | M] () -- C:\Windows\SysNative\results.xml

========== Files Created - No Company Name ==========

[2012/10/16 13:57:33 | 000,001,946 | ---- | C] () -- C:\Users\YR\Desktop\attach.zip
[2012/10/16 13:52:18 | 000,002,283 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012/10/16 13:14:44 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/16 12:50:34 | 000,000,215 | ---- | C] () -- C:\Users\YR\Desktop\f siemens.rtf
[2012/10/15 20:58:04 | 000,000,447 | ---- | C] () -- C:\user.js
[2012/10/03 19:37:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/09/30 22:28:46 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/09/30 22:04:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/09/21 04:51:00 | 001,801,216 | ---- | C] () -- C:\Windows\SysNative\drivers\snp2uvc.sys
[2012/09/21 04:51:00 | 000,245,760 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2012/09/21 04:51:00 | 000,240,640 | ---- | C] ( ) -- C:\Windows\SysNative\rsnp2uvc.dll
[2012/09/21 04:51:00 | 000,035,456 | ---- | C] () -- C:\Windows\SysNative\drivers\sncduvc.sys
[2012/09/21 04:51:00 | 000,024,576 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2012/09/21 04:51:00 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2012/09/21 04:51:00 | 000,013,021 | ---- | C] () -- C:\Windows\snp2uvc.src
[2012/09/21 04:49:57 | 000,000,083 | ---- | C] () -- C:\Windows\SysNative\IHV_Install.bat
[2012/09/21 04:48:57 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2012/09/21 04:43:50 | 3152,547,840 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/20 23:14:34 | 010,387,985 | ---- | C] () -- C:\Users\YR\Documents\Ultimate.Bluetooth.1.8.rar
[2012/09/20 23:13:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/09/20 23:06:53 | 000,000,355 | ---- | C] () -- C:\Users\YR\Desktop\Computer - Shortcut.lnk
[2012/09/20 21:18:31 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-288869447-1382899389-2484242644-1000UA.job
[2012/09/20 21:18:31 | 000,000,844 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-288869447-1382899389-2484242644-1000Core.job
[2012/09/20 21:17:32 | 000,001,443 | ---- | C] () -- C:\Users\YR\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/20 21:12:19 | 000,000,012 | ---- | C] () -- C:\Windows\SysWow64\drivers\10CF_FUJITSU_FTS_LIFEBOOK AH531_PI_FUJITSU_FJNBB0F_Default System BIOS_FUJ - 1_1.31_Intel(R) HD Graphics Family.MRK
[2012/09/20 21:12:19 | 000,000,012 | ---- | C] () -- C:\Windows\SysNative\drivers\10CF_FUJITSU_FTS_LIFEBOOK AH531_PI_FUJITSU_FJNBB0F_Default System BIOS_FUJ - 1_1.31_Intel(R) HD Graphics Family.MRK
[2012/09/20 21:11:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iwdbus_01009.Wdf
[2012/09/20 21:11:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WDKMD_01009.Wdf
[2012/09/20 21:11:45 | 000,002,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) WiDi.lnk
[2012/09/20 21:01:17 | 000,001,296 | ---- | C] () -- C:\Windows\SysWow64\TRACE.trace
[2012/09/20 21:00:40 | 000,000,290 | ---- | C] () -- C:\Users\YR\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/09/20 21:00:40 | 000,000,272 | ---- | C] () -- C:\Users\YR\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/09/20 21:00:39 | 000,001,449 | ---- | C] () -- C:\Users\YR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/09/20 21:00:39 | 000,001,415 | ---- | C] () -- C:\Users\YR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/09/20 21:00:21 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/20 21:00:21 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/07 18:16:59 | 005,200,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/02 01:21:18 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/05/02 01:21:15 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/05/02 01:21:12 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/05/02 01:21:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/05/02 01:21:06 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2010/11/25 05:43:32 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/05/07 20:24:53 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Fujitsu
[2011/05/07 20:24:53 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Fujitsu
[2011/05/07 20:24:53 | 000,000,000 | ---D | M] -- C:\Users\YR\AppData\Roaming\Fujitsu
[2012/09/20 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\YR\AppData\Roaming\Fujitsu Launch Center
[2012/10/16 15:05:29 | 000,000,000 | ---D | M] -- C:\Users\YR\AppData\Roaming\SoftGrid Client
[2012/09/30 20:59:27 | 000,000,000 | ---D | M] -- C:\Users\YR\AppData\Roaming\TP
[2012/10/16 13:55:19 | 000,000,000 | ---D | M] -- C:\Users\YR\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
003294
2012-10-17, 23:10
OTL Extras logfile created on: 10/17/2012 9:51:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\YR\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 62.91% Memory free
7.83 Gb Paging File | 6.24 Gb Available in Paging File | 79.78% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 345.13 Gb Total Space | 305.59 Gb Free Space | 88.54% Space Free | Partition Type: NTFS
Drive D: | 100.00 Gb Total Space | 64.51 Gb Free Space | 64.51% Space Free | Partition Type: NTFS

Computer Name: YR-PC | User Name: YR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0194E714-8467-47AB-AD78-63284C73D3D6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{06E89086-29C2-4D18-AC5D-25C083906403}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{09F21DF2-C8F6-4308-9399-7E9FA5F6B885}" = lport=139 | protocol=6 | dir=in | app=system |
"{1C0A51B1-8E96-4AAD-BA2B-2D4C958075A3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{21848F6E-7B16-409F-AE0C-27D4FDCB1F0A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2BCA7A04-BD8C-419B-BCF8-B146437E467F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39697303-8E2E-442C-8712-8113EC945DB9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3C199169-44B4-4F87-BB83-130C2155A555}" = lport=445 | protocol=6 | dir=in | app=system |
"{3F72AF6D-F1F4-4B05-BB96-C7B00763E777}" = lport=138 | protocol=17 | dir=in | app=system |
"{4C3DCF04-5F0E-4E4B-A53E-A4EF485278C3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{550A3ED1-DB49-4607-94F7-C49B0A968634}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5EA839E7-8124-435F-BFDC-380C90866944}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{605400BB-976F-4189-905C-4F6832265DC6}" = lport=137 | protocol=17 | dir=in | app=system |
"{625E8C6E-12FC-45B6-AC09-50B481C1AC77}" = rport=137 | protocol=17 | dir=out | app=system |
"{76D76E56-A385-41A7-AAB6-1C707A61DD68}" = rport=138 | protocol=17 | dir=out | app=system |
"{94858ED2-DD73-4B44-A8F6-E949C65E662F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{96D3EEF2-E296-464C-B41D-929574770170}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{997AEA1E-9CBC-4B04-AADE-1BE5E55C0242}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C3B9E31D-8397-4056-8C9F-11E4EE1ED2FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF410514-200C-4B36-AF50-DC0E18F3A8BE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD1E74D3-ADFA-41B3-9294-233ADF30D5B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EECF3A7B-65BA-4BFA-BAF8-BE243E5F9816}" = rport=139 | protocol=6 | dir=out | app=system |
"{EF050188-50D6-46E0-BBE7-7DEFA0D705C7}" = rport=445 | protocol=6 | dir=out | app=system |
"{FF29BED8-B30A-4454-925C-55AC86416C94}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15443CD3-EA4E-4697-8144-42452A028151}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2F4FF21E-0B11-43E2-A89E-D3C31BA8FFCE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{366755E2-C6D7-4171-A211-9B0EF5D9EFFA}" = protocol=6 | dir=out | app=system |
"{3ADB9751-AAAD-4C19-A382-DC9C233D9863}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3D26EC18-9E0F-4D31-AAEE-98FBB5626287}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3D5DECB2-AA4C-4CB0-B61F-1862091632E3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3D95E92F-37EE-4C86-AB6C-B5CB2DAD8737}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{489AA404-1AAB-4150-9084-7017614191D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54CE8D0F-C29F-467A-A784-BD9E54C379FA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61ED718D-AB95-4EAE-B419-24ED94D7D756}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{6399AC6D-74BB-4BD3-8E56-0937267B18C5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{64047F57-6566-4509-9B21-09FE171438B1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6733533B-D92E-4D43-BE6E-329951CC5D62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B4B89A5-4CC1-45A3-9AD9-83092EEDF9C7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{73FF8CAB-6DE7-48E2-B2DB-9D70C6BFA60A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7B9104FF-2C03-46E2-B988-EF4D952F3F9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{88599510-3ABA-46CB-A734-C3A0624C8396}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{928ADC65-B9C5-47F8-ACAD-C4E4484C89D7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9B6323A7-8301-495B-907F-4B182E54B706}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9BA288D2-6567-4CDD-9386-136ED1620392}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E26E0E2-3215-431C-B405-584F0F710E43}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9F3C2CDD-2B42-40D7-A134-A9AAAE31A7BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A787CA7A-F9A6-4379-9EF3-78B1B32B295A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B25B05A4-688B-4159-B13B-3B6C982594D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5C90F00-0DD1-43CE-92D9-E309E24DA1D3}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{D085E780-AB63-4CB9-8B7E-FC6437E1FCB5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D7602490-33D0-4DD4-89F1-911AA352F54E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D9CFABC8-E295-4C17-A5DF-AF5281748D43}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E17F6997-F59C-4DFA-BDF6-EB0B4C64AF7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E19BD6CB-804A-4DB3-B30B-C2F9C8C122D9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{006B5C65-3938-4246-B182-994A7E415EDE}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A5FADEAC-B0A9-4C27-A8B5-05381A339F4E}" = Plugfree NETWORK
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}" = WinZip 17.0
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel(R) WiDi
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = FJ Camera
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{49A588CF-5FD4-4774-BFBF-0764287DE82B}" = Power Saving Utility
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{549BF60D-FDDA-4E4C-ABE3-9E897BC09E79}" = Anytime USB Charge Utility
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"avast" = avast! Free Antivirus
"DeskUpdate_is1" = DeskUpdate 4.13
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/17/2012 2:01:22 PM | Computer Name = YR-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/17/2012 2:01:22 PM | Computer Name = YR-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1045

Error - 10/17/2012 2:01:22 PM | Computer Name = YR-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1045

Error - 10/17/2012 2:01:23 PM | Computer Name = YR-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/17/2012 2:01:23 PM | Computer Name = YR-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2122

Error - 10/17/2012 2:01:23 PM | Computer Name = YR-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2122

Error - 10/17/2012 2:01:24 PM | Computer Name = YR-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/17/2012 2:01:24 PM | Computer Name = YR-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3401

Error - 10/17/2012 2:01:24 PM | Computer Name = YR-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3401

Error - 10/17/2012 3:51:43 PM | Computer Name = YR-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/27/2012 2:11:13 PM | Computer Name = YR-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Update for Microsoft .NET Framework 4 on Windows XP, Windows
Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008
R2 for x64-based Systems (KB2468871).

Error - 9/27/2012 5:09:47 PM | Computer Name = YR-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:11:16 on ?27/?09/?2012 was unexpected.

Error - 10/14/2012 11:35:51 AM | Computer Name = YR-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:00:16 on ?14/?10/?2012 was unexpected.

Error - 10/17/2012 1:32:32 PM | Computer Name = YR-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NlaSvc service.

Error - 10/17/2012 1:32:32 PM | Computer Name = YR-PC | Source = Service Control Manager | ID = 7000
Description = The Network Location Awareness service failed to start due to the
following error: %%1053

Error - 10/17/2012 1:33:02 PM | Computer Name = YR-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Dnscache service.

Error - 10/17/2012 1:33:32 PM | Computer Name = YR-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Dnscache service.

Error - 10/17/2012 1:34:02 PM | Computer Name = YR-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Dnscache service.

Error - 10/17/2012 1:38:34 PM | Computer Name = YR-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NlaSvc service.

Error - 10/17/2012 1:38:34 PM | Computer Name = YR-PC | Source = Service Control Manager | ID = 7000
Description = The Network Location Awareness service failed to start due to the
following error: %%1053


< End of report >
ken545
2012-10-17, 23:32
Lets uninstall Chrome, but use this uninstaller to remove the files and registry entries, the program is free for 30 days

Install it and click on Google Chrome
http://www.revouninstaller.com/revo_uninstaller_free_download.html


Then download and install the new one here
https://www.google.com/intl/en/chrome/browser/?&brand=CHMB&utm_campaign=en&utm_source=en-ha-na-us-sk&utm_medium=ha


Let me know if this helped
003294
2012-10-18, 12:32
Done as above problem still there.
ken545
2012-10-18, 13:16
Hi,

1. Go to the start menu, click on 'Computer'
2. In the search box, type in 'mystart'
3. When you get results, simply right-click on them and delete them all. You may have to refresh, for your own peace of mind to make sure they have all been deleted.
4. Repeat, searching also for: 'incredibar', 'coolyou', 'conduit' and 'perion'


If tjhat didn't help than run System Look

You need the 64bit version

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:filefind
incredibar
mystart

:folderfind
incredibar
mystart

:Regfind
incredibar
mystart


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
003294
2012-10-18, 22:34
Not sure what to do now? nothing come up when I search as advised in above post, still got problem with chrome

SystemLook 30.07.11 by jpshortstuff
Log created at 21:29 on 18/10/2012 by YR
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "incredibar"
No files found.

Searching for "mystart"
No files found.

========== folderfind ==========

Searching for "incredibar"
C:\Users\YR\AppData\Local\Temp\mt_ffx\Incredibar.com\incredibar d------ [19:58 15/10/2012]

Searching for "mystart"
No folders found.

========== Regfind ==========

Searching for "incredibar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://mystart.incredibar.com/mb128?a=6PQMJIR3uD&i=26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS]
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://mystart.incredibar.com/mb128?a=6PQMJIR3uD&i=26]

Searching for "mystart"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://mystart.incredibar.com/mb128?a=6PQMJIR3uD&i=26]
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://mystart.incredibar.com/mb128?a=6PQMJIR3uD&i=26]

-= EOF =-
ken545
2012-10-19, 02:44
Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL


:Services

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\IncredibarToolbar]
[-HKEY_CURRENT_USER\Software\incredibarToolbar]

:Files
ipconfig /flushdns /c
C:\Users\YR\AppData\Local\Temp\mt_ffx


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
003294
2012-10-19, 23:25
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\IncredibarToolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\incredibarToolbar\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\YR\Desktop\cmd.bat deleted successfully.
C:\Users\YR\Desktop\cmd.txt deleted successfully.
C:\Users\YR\AppData\Local\Temp\mt_ffx\Incredibar.com\incredibar\1.5.11.14 folder moved successfully.
C:\Users\YR\AppData\Local\Temp\mt_ffx\Incredibar.com\incredibar folder moved successfully.
C:\Users\YR\AppData\Local\Temp\mt_ffx\Incredibar.com folder moved successfully.
C:\Users\YR\AppData\Local\Temp\mt_ffx folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: YR
->Temp folder emptied: 2686066 bytes
->Temporary Internet Files folder emptied: 40409158 bytes
->Google Chrome cache emptied: 31572995 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 96817522 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 164.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10192012_222128

Files\Folders moved on Reboot...
C:\Users\YR\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
ken545
2012-10-19, 23:52
Any better ?
003294
2012-10-20, 00:55
Problem still there with chrome
ken545
2012-10-20, 01:23
Try this

Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe



Go to Start > Run and type in REGEDIT then OK

When it opens go to
HKEY_LOCAL_MACHINE and click on the + sign to open it

Then on the left pane click on Software and right click on Incredibar ,
My Start and WebAssistant and delete them if present


Then go to
HKEY_CURRENT_USER

Then on the left pane click on Software and right click Incredibar , My Start and WebAssistant and delete them if present
003294
2012-10-21, 10:42
when i went to HKEY_LOCAL_MACHINE & HKEY_CURRENT_USER there was no incredibar or others present to delete
only default Type reg_sz. Problem still present
ken545
2012-10-21, 10:48
OK, there is a tool that will remove unwanted spyware toolbars, I have not had you run it yet because I tried it on a few different systems and incredibar was not targeted but it has just been updated to remove Incredibar so lets give it a shot.


Download AdwCleaner (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner) to your desktop

1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.
4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

http://i24.photobucket.com/albums/c30/ken545/AdwareCleaner.jpg
003294
2012-10-21, 11:05
avast keeps blocking it what can i do to temporary disable avast
ken545
2012-10-21, 11:11
http://www.bleepingcomputer.com/forums/topic114351.html

Avast is the first one
003294
2012-10-21, 11:16
# AdwCleaner v2.005 - Logfile created 10/21/2012 at 10:11:23
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : YR - YR-PC
# Boot Mode : Normal
# Running from : C:\Users\YR\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\YR\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2329 octets] - [21/10/2012 10:11:23]

########## EOF - C:\AdwCleaner[S1].txt - [2389 octets] ##########


Problems still there
ken545
2012-10-21, 14:19
Looks like it got most of it, let me check into this further, be back soon.

IE and FF are fine ? Its just Chrome ?
ken545
2012-10-21, 15:14
See if you can do this now


1. Open Google Chrome.
2. Click on the Wrench icon on top right corner of the browser.
3. Choose “Settings” from the drop down list.
4. Select “Basics.”
5. Click on “Manage search engines” under SEARCH settings area.
6. Hover your mouse to a preferred search engine and click “Make default.”
7. You can now remove MyStart by Incredibar search by clicking on the X mark.
003294
2012-10-21, 17:42
Looks like it got most of it, let me check into this further, be back soon.

IE and FF are fine ? Its just Chrome ?

Don't have ff, ie fine chrome is the only prob
003294
2012-10-21, 17:42
See if you can do this now


1. Open Google Chrome.
2. Click on the Wrench icon on top right corner of the browser.
3. Choose “Settings” from the drop down list.
4. Select “Basics.”
5. Click on “Manage search engines” under SEARCH settings area.
6. Hover your mouse to a preferred search engine and click “Make default.”
7. You can now remove MyStart by Incredibar search by clicking on the X mark.

Already done above and still no luck
ken545
2012-10-21, 18:03
OK, hang in and I will be back
ken545
2012-10-21, 19:00
Watch this on YouTube and see if it helps, YouTube has been showing some great things lately, my wife found out how to upload and transfer music to her Shuffle

http://www.youtube.com/watch?v=5VCTDCuzJUw
ken545
2012-10-21, 20:12
Make sure windows is enabled to show all files and folders


Follow this path and go to the cache folder, open it and delete all inside but not the cache folder itself
C:\Users\YR\AppData\Local\Google\Chrome\User Data\Default\Cache\
003294
2012-10-21, 21:00
Watch this on YouTube and see if it helps, YouTube has been showing some great things lately, my wife found out how to upload and transfer music to her Shuffle

http://www.youtube.com/watch?v=5VCTDCuzJUw

Sorry to sound Rude but what relevance does above have with my prob..?
ken545
2012-10-21, 21:34
YouTube will show you how to remove Incredibar from Chrome

Did you empty the cache ?
ken545
2012-10-21, 22:06
I have been at this for over 12 years, what happens is about every few weeks or a month or so a new infection shows up and the people in the malware removal community that target these infections write programs and create tools to remove them, we have been dealing with a rash of infected Master boot Records, cleanable but real hard to remove it the user is not computer savvy, we are dealing with infections that will steal all your personal data from your hard drive, banking account numbers, log on passwords for sites you frequent, credit card numbers and passwords, your lucky you dont have any of these although Incredibar is a real annoyance but is somewhat the the new kid on the block and a thorough fix for it has not come up yet, but where getting there. Incredibar just did not show up, it was installed when you download software and installed it without reading the EULA ( End User Licence Agreement ) and just clicked though and accepted all the defaults. We got rid of it on IE and still working on how to remove it from Chrome. Its just been the past week or so that people are posting about removing this, so just hang on, we will get there in the end

The YouTube Video may give you some tips to perform that we have not done yet.


Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}
IE:64bit: - HKLM\..\SearchScopes\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}: "URL" = http://www.google.com/search?q={searchTerm...amp;rlz=1I7FTSF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}
IE - HKLM\..\SearchScopes\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}: "URL" = http://www.google.com/search?q={searchTerm...amp;rlz=1I7FTSF


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
ken545
2012-10-22, 10:29
Hi,

Uninstall Chrome via Programs and Features in the Control Panel

Go to Start > Run and copy and paste each of these in one at a time and click OK. When the page loads delete any reference to Google

%appdata%
%programdata%
%temp%

Take a peak and make sure this is gone, if not delete Google
C:\Users\YR\AppData\Local\Google\Chrome\User Data\Default\Preferences


Reboot your system, do not reinstall Chrome just yet

Run these through System Look and post the log please




:filefind
Google
MyStart
Incredibar

:folderfind
Google
MyStart
Incredibar

:Regfind
Google
MyStart
Incredibar
ken545
2012-10-23, 01:59
Still with me ?

Are your rude, no, not at all, just frustrated like i am trying to remove this garbage.
003294
2012-10-24, 19:51
Watch this on YouTube and see if it helps, YouTube has been showing some great things lately, my wife found out how to upload and transfer music to her Shuffle

http://www.youtube.com/watch?v=5VCTDCuzJUw

All the stuff in youtube video I've done it, I've checked and re-checked I have and we've done a uninstall of chrome so Im baffled..?
003294
2012-10-24, 19:53
Make sure windows is enabled to show all files and folders


Follow this path and go to the cache folder, open it and delete all inside but not the cache folder itself
C:\Users\YR\AppData\Local\Google\Chrome\User Data\Default\Cache\


Done above
003294
2012-10-24, 20:09
I have been at this for over 12 years, what happens is about every few weeks or a month or so a new infection shows up and the people in the malware removal community that target these infections write programs and create tools to remove them, we have been dealing with a rash of infected Master boot Records, cleanable but real hard to remove it the user is not computer savvy, we are dealing with infections that will steal all your personal data from your hard drive, banking account numbers, log on passwords for sites you frequent, credit card numbers and passwords, your lucky you dont have any of these although Incredibar is a real annoyance but is somewhat the the new kid on the block and a thorough fix for it has not come up yet, but where getting there. Incredibar just did not show up, it was installed when you download software and installed it without reading the EULA ( End User Licence Agreement ) and just clicked though and accepted all the defaults. We got rid of it on IE and still working on how to remove it from Chrome. Its just been the past week or so that people are posting about removing this, so just hang on, we will get there in the end

The YouTube Video may give you some tips to perform that we have not done yet.


Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}
IE:64bit: - HKLM\..\SearchScopes\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}: "URL" = http://www.google.com/search?q={searchTerm...amp;rlz=1I7FTSF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}
IE - HKLM\..\SearchScopes\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}: "URL" = http://www.google.com/search?q={searchTerm...amp;rlz=1I7FTSF


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\YR\Desktop\Safer Networking\cmd.bat deleted successfully.
C:\Users\YR\Desktop\Safer Networking\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: YR
->Temp folder emptied: 37574 bytes
->Temporary Internet Files folder emptied: 33242 bytes
->Google Chrome cache emptied: 49532903 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7420 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 47.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10242012_190431

Files\Folders moved on Reboot...
C:\Users\YR\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
003294
2012-10-24, 20:17
Still with me ?

Are your rude, no, not at all, just frustrated like i am trying to remove this garbage.

I am still with you just frustrated with this trash!
003294
2012-10-24, 20:33
Hi,

Uninstall Chrome via Programs and Features in the Control Panel

Go to Start > Run and copy and paste each of these in one at a time and click OK. When the page loads delete any reference to Google

%appdata%
%programdata%
%temp%

Take a peak and make sure this is gone, if not delete Google
C:\Users\YR\AppData\Local\Google\Chrome\User Data\Default\Preferences


Reboot your system, do not reinstall Chrome just yet

Run these through System Look and post the log please



Code:
:filefind
Google
MyStart
Incredibar

:folderfind
Google
MyStart
Incredibar

:Regfind
Google
MyStart
Incredibar

SystemLook 30.07.11 by jpshortstuff
Log created at 19:22 on 24/10/2012 by YR
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "Google"
No files found.

Searching for "MyStart"
No files found.

Searching for "Incredibar"
No files found.

========== folderfind ==========

Searching for "Google"
C:\Fujitsu\Programs\Google d------ [10:44 06/05/2011]
C:\Program Files\Google d------ [20:00 20/09/2012]
C:\Program Files (x86)\Google d------ [20:00 20/09/2012]
C:\Users\YR\AppData\Local\Google d------ [20:17 20/09/2012]
C:\Windows\System32\config\systemprofile\AppData\Local\Google d------ [20:00 20/09/2012]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google d------ [20:00 20/09/2012]

Searching for "MyStart"
No folders found.

Searching for "Incredibar"
C:\_OTL\MovedFiles\10192012_222128\C_Users\YR\AppData\Local\Temp\mt_ffx\Incredibar.com\incredibar d------ [19:58 15/10/2012]

========== Regfind ==========

Searching for "Google"
[HKEY_CURRENT_USER\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://support.google.com/chrome/bin/request.py?hl=en&os=6.1.7601&contact_type=uninstall2&rd=1&crversion=22.0.1229.94]
[HKEY_CURRENT_USER\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://www.google.com/intl/en/chrome]
[HKEY_CURRENT_USER\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://www.google.com/support/chrome/bin/request.py?hl=en&contact_type=uninstall&crversion=22.0.1229.94&os=6.1.7601]
[HKEY_CURRENT_USER\Software\Google]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://google.com/]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://services.google.com/helpcenter/forms/universal_survey]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://support.google.com/chrome/bin/request.py?hl=en&os=6.1.7601&contact_type=uninstall2&rd=1&crversion=22.0.1229.94]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://www.google.co.uk/]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\SearchRules\fastweb.it]
"url"="^http\:\/\/www\.fastweb\.it\/portale\/google\/.+"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\SearchRules\google.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\SearchRules\google.com]
"url"="^http(s)?\:\/\/((www|encrypted)\.)?google\.(com?\.[a-z]{2}|[a-z]{2,})\/.*"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\SearchRules\interia.pl]
"url"="^http\:\/\/(www\.)?google\.interia\.pl\/szukaj\/.+"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\SearchRules\plus.google.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\SearchRules\plus.google.com]
"url"="^http(s)?\\:\\/\\/plus\\.?google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/.*"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d82876eb_0]
@="{0.0.0.00000000}.{307baf76-9ba8-4999-ad0a-93f87077f89e}|\Device\HarddiskVolume2\Users\YR\AppData\Local\Google\Chrome\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\google.co.uk]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.co.uk/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Secondary_Page_URL"="http://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}]
"DisplayName"="Google"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}]
"URL"="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG_enGB502"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}]
"SuggestionsURLFallback"="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}]
"FaviconURLFallback"="http://www.google.com/favicon.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}]
"SuggestionsURL"="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"c"="C:\Users\YR\AppData\Local\Google\Chrome\User Data\Default\Cache\\1"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InProcServer32]
@="C:\Users\YR\AppData\Local\Google\Update\1.2.183.39\goopdate.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{CD221623-4F9A-4FA5-A9EE-A77EC8F0E7BD}\InprocHandler32]
@="C:\Users\YR\AppData\Local\Google\Update\1.3.21.111\psuser.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InProcServer32]
@="C:\Users\YR\AppData\Local\Google\Update\1.3.21.111\psuser.dll"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\YR\AppData\Local\Google\Chrome\Application\chrome.exe"="Google Chrome"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InProcServer32]
@="C:\Users\YR\AppData\Local\Google\Update\1.2.183.39\goopdate.dll"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CD221623-4F9A-4FA5-A9EE-A77EC8F0E7BD}\InprocHandler32]
@="C:\Users\YR\AppData\Local\Google\Update\1.3.21.111\psuser.dll"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InProcServer32]
@="C:\Users\YR\AppData\Local\Google\Update\1.3.21.111\psuser.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Common\Partner\FTSG\IE\0]
"ph"="clients1.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Common\Partner\FTSG\IE\0]
"trx"="^http://www\.google\.[^/]+/ig\?.*brand=FTSG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Common\Partner\FTSG\IE\1]
"ph"="clients1.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Common\Partner\FTSG\IE\1]
"trx"="^http://www\.google\.[^/]+/search\?.*(rls)|(source)=ig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Common\Partner\FTSG\IE\2]
"ph"="clients1.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Common\Partner\FTSG\IE\2]
"trx"="^http://www\.google\.[^/]+/search\?.*sourceid=ie7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update]
"path"="C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update]
"UninstallCmdLine"=""C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}]
"name"="Google Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
"DllName"="googletoolbar*.dll;googletoolbar*.dll;googletoolbar*.dll;googletoolbar*.dll;googletoolbar*.dll;googletoolbar*.dll;googletoolbar*.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{AA58ED58-01DD-4D91-8333-CF10577473F7}]
"DllName"="googletoolbar*.dll;googletoolbar*.dll;googletoolbar*.dll;googletoolbar*.dll;googletoolbar*.dll;googletoolbar*.dll;googletoolbar*.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
"AppName"="GoogleUpdateBroker.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
"AppPath"="C:\Program Files (x86)\Google\Update\1.3.21.123"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
"AppName"="GoogleUpdate.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
"AppPath"="C:\Program Files (x86)\Google\Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_E6C807F38EB64284_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_E6C807F38EB64284_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"InstallSource"="C:\Program Files (x86)\Google\Update\1.3.21.123\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Publisher"="Google Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"DisplayName"="Google Update Helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Path"="C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"="Google Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"ProductName"="Google Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Vendor"="Google Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3\MimeTypes\application/x-vnd.google.update3webcontrol.3]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Path"="C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"="Google Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"ProductName"="Google Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Vendor"="Google Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9\MimeTypes\application/x-vnd.google.oneclickctrl.9]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Google]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\GoogleUpdate.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}]
@="Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}]
@="GoogleUpdate CredentialDialog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LocalServer32]
@=""C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\ProgID]
@="GoogleUpdate.CredentialDialogMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\VersionIndependentProgID]
@="GoogleUpdate.CredentialDialogMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InProcServer32]
@="C:\Program Files (x86)\Google\Update\1.2.183.39\goopdate.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{457BC604-48ED-451E-8051-A46EA7B611C4}\InProcServer32]
@="C:\Program Files (x86)\Google\Update\1.3.21.123\psmachine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4AD5D8BA-976D-42BE-A47F-ADBC15F82D3C}\InprocHandler32]
@="C:\Program Files (x86)\Google\Update\1.3.21.111\psmachine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ProgID]
@="GoogleUpdate.Update3COMClassService.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\VersionIndependentProgID]
@="GoogleUpdate.Update3COMClassService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}]
@="GoogleUpdate Update3Web"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\ProgID]
@="GoogleUpdate.Update3WebSvc.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\VersionIndependentProgID]
@="GoogleUpdate.Update3WebSvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}]
@="GoogleUpdate Update3Web"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}]
"LocalizedString"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\Elevation]
"IconReference"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalServer32]
@=""C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\ProgID]
@="GoogleUpdate.Update3WebMachineFallback.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\VersionIndependentProgID]
@="GoogleUpdate.Update3WebMachineFallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}]
@="Google Update Broker Class Factory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}]
"LocalizedString"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation]
"IconReference"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32]
@=""C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ProgID]
@="GoogleUpdate.OnDemandCOMClassMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\VersionIndependentProgID]
@="GoogleUpdate.OnDemandCOMClassMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\LocalServer32]
@=""C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\ProgID]
@="GoogleUpdate.CoCreateAsync.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\VersionIndependentProgID]
@="GoogleUpdate.CoCreateAsync"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}]
@="Google Update Broker Class Factory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}]
"LocalizedString"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\Elevation]
"IconReference"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalServer32]
@=""C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ProgID]
@="GoogleUpdate.Update3WebMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\VersionIndependentProgID]
@="GoogleUpdate.Update3WebMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
@="Google Update Legacy On Demand"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\ProgID]
@="GoogleUpdate.OnDemandCOMClassSvc.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\VersionIndependentProgID]
@="GoogleUpdate.OnDemandCOMClassSvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}]
@="Google Update Core Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}]
"LocalizedString"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\Elevation]
"IconReference"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LocalServer32]
@=""C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\ProgID]
@="GoogleUpdate.CoreMachineClass.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\VersionIndependentProgID]
@="GoogleUpdate.CoreMachineClass"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32]
@="C:\Program Files (x86)\Google\Update\1.3.21.123\psmachine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}]
@="Google.OneClickProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\LocalServer32]
@=""C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\ProgID]
@="Google.OneClickProcessLauncherMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\VersionIndependentProgID]
@="Google.OneClickProcessLauncherMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}]
@="Google Update Process Launcher Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32]
@=""C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ProgID]
@="GoogleUpdate.ProcessLauncher.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VersionIndependentProgID]
@="GoogleUpdate.ProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}]
@="Google Update Legacy On Demand"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}]
"LocalizedString"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\Elevation]
"IconReference"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32]
@=""C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\ProgID]
@="GoogleUpdate.OnDemandCOMClassMachineFallback.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\VersionIndependentProgID]
@="GoogleUpdate.OnDemandCOMClassMachineFallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B6827B84-2F5E-41CF-A11B-50A0BE741815}\InprocHandler32]
@="C:\Program Files (x86)\Google\Update\1.3.21.123\psmachine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
@="Google Update Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32]
@="C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\ProgID]
@="Google.Update3WebControl.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
@="Google Update Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32]
@="C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\ProgID]
@="Google.OneClickCtrl.9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0730E95-4D82-4716-BF23-4F3AB3EF790D}\InProcServer32]
@="C:\Program Files (x86)\Google\Update\1.3.21.111\psmachine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}]
@="Google Update Core Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\ProgID]
@="GoogleUpdate.CoreClass.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID]
@="GoogleUpdate.CoreClass"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.OneClickCtrl.9]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.OneClickCtrl.9]
@="Google Update Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.OneClickProcessLauncherMachine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.OneClickProcessLauncherMachine]
@="Google.OneClickProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.OneClickProcessLauncherMachine\CurVer]
@="Google.OneClickProcessLauncherMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.OneClickProcessLauncherMachine.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.OneClickProcessLauncherMachine.1.0]
@="Google.OneClickProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.Update3WebControl.3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.Update3WebControl.3]
@="Google Update Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoCreateAsync]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoCreateAsync\CurVer]
@="GoogleUpdate.CoCreateAsync.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoCreateAsync.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass]
@="Google Update Core Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass\CurVer]
@="GoogleUpdate.CoreClass.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass.1]
@="Google Update Core Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass]
@="Google Update Core Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass\CurVer]
@="GoogleUpdate.CoreMachineClass.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass.1]
@="Google Update Core Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CredentialDialogMachine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CredentialDialogMachine]
@="GoogleUpdate CredentialDialog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CredentialDialogMachine\CurVer]
@="GoogleUpdate.CredentialDialogMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CredentialDialogMachine.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CredentialDialogMachine.1.0]
@="GoogleUpdate CredentialDialog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine]
@="Google Update Broker Class Factory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine\CurVer]
@="GoogleUpdate.OnDemandCOMClassMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine.1.0]
@="Google Update Broker Class Factory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachineFallback]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachineFallback]
@="Google Update Legacy On Demand"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachineFallback\CurVer]
@="GoogleUpdate.OnDemandCOMClassMachineFallback.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachineFallback.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachineFallback.1.0]
@="Google Update Legacy On Demand"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassSvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassSvc]
@="Google Update Legacy On Demand"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassSvc\CurVer]
@="GoogleUpdate.OnDemandCOMClassSvc.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassSvc.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassSvc.1.0]
@="Google Update Legacy On Demand"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher]
@="Google Update Process Launcher Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher\CurVer]
@="GoogleUpdate.ProcessLauncher.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher.1.0]
@="Google Update Process Launcher Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService\CurVer]
@="GoogleUpdate.Update3COMClassService.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine]
@="Google Update Broker Class Factory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine\CurVer]
@="GoogleUpdate.Update3WebMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine.1.0]
@="Google Update Broker Class Factory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachineFallback]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachineFallback]
@="GoogleUpdate Update3Web"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachineFallback\CurVer]
@="GoogleUpdate.Update3WebMachineFallback.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachineFallback.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachineFallback.1.0]
@="GoogleUpdate Update3Web"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc]
@="GoogleUpdate Update3Web"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc\CurVer]
@="GoogleUpdate.Update3WebSvc.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc.1.0]
@="GoogleUpdate Update3Web"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdateProcessLauncher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdateProcessLauncher]
@="Google Update Process Launcher Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdateProcessLauncher\CurVer]
@="GoogleUpdateProcessLauncher.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdateProcessLauncher.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdateProcessLauncher.1.0]
@="Google Update Process Launcher Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"ProductName"="Google Update Helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList]
"PackageName"="GoogleUpdateHelper.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList]
"LastUsedSource"="n;3;C:\Program Files (x86)\Google\Update\1.3.21.123\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList\Net]
"1"="C:\Program Files (x86)\Google\Update\1.2.183.39\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList\Net]
"2"="C:\Program Files (x86)\Google\Update\1.3.21.111\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList\Net]
"3"="C:\Program Files (x86)\Google\Update\1.3.21.123\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}]
@="IGoogleUpdate3WebSecurity"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}]
@="IGoogleUpdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}]
@="IGoogleUpdate3Web"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}]
@="IGoogleUpdate3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}]
@="IGoogleUpdateCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.google.oneclickctrl.9]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.google.update3webcontrol.3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\17.0\0\win32]
@="C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}]
@="GoogleUpdate CredentialDialog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LocalServer32]
@=""C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\ProgID]
@="GoogleUpdate.CredentialDialogMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\VersionIndependentProgID]
@="GoogleUpdate.CredentialDialogMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InProcServer32]
@="C:\Program Files (x86)\Google\Update\1.2.183.39\goopdate.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{457BC604-48ED-451E-8051-A46EA7B611C4}\InProcServer32]
@="C:\Program Files (x86)\Google\Update\1.3.21.123\psmachine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4AD5D8BA-976D-42BE-A47F-ADBC15F82D3C}\InprocHandler32]
@="C:\Program Files (x86)\Google\Update\1.3.21.111\psmachine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ProgID]
@="GoogleUpdate.Update3COMClassService.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\VersionIndependentProgID]
@="GoogleUpdate.Update3COMClassService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}]
@="GoogleUpdate Update3Web"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\ProgID]
@="GoogleUpdate.Update3WebSvc.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\VersionIndependentProgID]
@="GoogleUpdate.Update3WebSvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}]
@="GoogleUpdate Update3Web"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}]
"LocalizedString"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\Elevation]
"IconReference"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalServer32]
@=""C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\ProgID]
@="GoogleUpdate.Update3WebMachineFallback.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\VersionIndependentProgID]
@="GoogleUpdate.Update3WebMachineFallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}]
@="Google Update Broker Class Factory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}]
"LocalizedString"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation]
"IconReference"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32]
@=""C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ProgID]
@="GoogleUpdate.OnDemandCOMClassMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\VersionIndependentProgID]
@="GoogleUpdate.OnDemandCOMClassMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\LocalServer32]
@=""C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\ProgID]
@="GoogleUpdate.CoCreateAsync.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\VersionIndependentProgID]
@="GoogleUpdate.CoCreateAsync"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}]
@="Google Update Broker Class Factory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}]
"LocalizedString"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\Elevation]
"IconReference"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalServer32]
@=""C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ProgID]
@="GoogleUpdate.Update3WebMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\VersionIndependentProgID]
@="GoogleUpdate.Update3WebMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
@="Google Update Legacy On Demand"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\ProgID]
@="GoogleUpdate.OnDemandCOMClassSvc.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\VersionIndependentProgID]
@="GoogleUpdate.OnDemandCOMClassSvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}]
@="Google Update Core Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}]
"LocalizedString"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\Elevation]
"IconReference"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LocalServer32]
@=""C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\ProgID]
@="GoogleUpdate.CoreMachineClass.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\VersionIndependentProgID]
@="GoogleUpdate.CoreMachineClass"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32]
@="C:\Program Files (x86)\Google\Update\1.3.21.123\psmachine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}]
@="Google.OneClickProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\LocalServer32]
@=""C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\ProgID]
@="Google.OneClickProcessLauncherMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\VersionIndependentProgID]
@="Google.OneClickProcessLauncherMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}]
@="Google Update Process Launcher Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32]
@=""C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ProgID]
@="GoogleUpdate.ProcessLauncher.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VersionIndependentProgID]
@="GoogleUpdate.ProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}]
@="Google Update Legacy On Demand"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}]
"LocalizedString"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\Elevation]
"IconReference"="@C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32]
@=""C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\ProgID]
@="GoogleUpdate.OnDemandCOMClassMachineFallback.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\VersionIndependentProgID]
@="GoogleUpdate.OnDemandCOMClassMachineFallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B6827B84-2F5E-41CF-A11B-50A0BE741815}\InprocHandler32]
@="C:\Program Files (x86)\Google\Update\1.3.21.123\psmachine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
@="Google Update Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32]
@="C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\ProgID]
@="Google.Update3WebControl.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
@="Google Update Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32]
@="C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\ProgID]
@="Google.OneClickCtrl.9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E0730E95-4D82-4716-BF23-4F3AB3EF790D}\InProcServer32]
@="C:\Program Files (x86)\Google\Update\1.3.21.111\psmachine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}]
@="Google Update Core Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\ProgID]
@="GoogleUpdate.CoreClass.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID]
@="GoogleUpdate.CoreClass"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}]
@="IGoogleUpdate3WebSecurity"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}]
@="IGoogleUpdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}]
@="IGoogleUpdate3Web"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}]
@="IGoogleUpdate3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{909489C2-85A6-4322-AA56-D25278649D67}]
@="IGoogleUpdateCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\Google]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\GoogleUpdate.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}]
@="Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\17.0\0\win32]
@="C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdate]
"ImagePath"=""C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdate]
"DisplayName"="Google Update Service (gupdate)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdate]
"Description"="Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdatem]
"ImagePath"=""C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdatem]
"DisplayName"="Google Update Service (gupdatem)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdatem]
"Description"="Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\gupdate]
"ImagePath"=""C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\gupdate]
"DisplayName"="Google Update Service (gupdate)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\gupdate]
"Description"="Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\gupdatem]
"ImagePath"=""C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\gupdatem]
"DisplayName"="Google Update Service (gupdatem)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\gupdatem]
"Description"="Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gupdate]
"ImagePath"=""C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gupdate]
"DisplayName"="Google Update Service (gupdate)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gupdate]
"Description"="Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gupdatem]
"ImagePath"=""C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gupdatem]
"DisplayName"="Google Update Service (gupdatem)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gupdatem]
"Description"="Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."
[HKEY_USERS\.DEFAULT\Software\Google]
[HKEY_USERS\.DEFAULT\Software\Google\Google Toolbar]
[HKEY_USERS\.DEFAULT\Software\Google\GoogleToolbarNotifier]
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://support.google.com/chrome/bin/request.py?hl=en&os=6.1.7601&contact_type=uninstall2&rd=1&crversion=22.0.1229.94]
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://www.google.com/intl/en/chrome]
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://www.google.com/support/chrome/bin/request.py?hl=en&contact_type=uninstall&crversion=22.0.1229.94&os=6.1.7601]
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Google]
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://google.com/]
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://services.google.com/helpcenter/forms/universal_survey]
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://support.google.com/chrome/bin/request.py?hl=en&os=6.1.7601&contact_type=uninstall2&rd=1&crversion=22.0.1229.94]
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://www.google.co.uk/]
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\SearchRules\fastweb.it]
"url"="^http\:\/\/www\.fastweb\.it\/portale\/google\/.+"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\SearchRules\google.com]
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\SearchRules\google.com]
"url"="^http(s)?\:\/\/((www|encrypted)\.)?google\.(com?\.[a-z]{2}|[a-z]{2,})\/.*"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\SearchRules\interia.pl]
"url"="^http\:\/\/(www\.)?google\.interia\.pl\/szukaj\/.+"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\SearchRules\plus.google.com]
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\SearchRules\plus.google.com]
"url"="^http(s)?\\:\\/\\/plus\\.?google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/.*"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d82876eb_0]
@="{0.0.0.00000000}.{307baf76-9ba8-4999-ad0a-93f87077f89e}|\Device\HarddiskVolume2\Users\YR\AppData\Local\Google\Chrome\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\google.co.uk]
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.co.uk/"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\Main]
"Default_Secondary_Page_URL"="http://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}]
"DisplayName"="Google"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}]
"URL"="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG_enGB502"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}]
"SuggestionsURLFallback"="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}]
"FaviconURLFallback"="http://www.google.com/favicon.ico"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E4AEF8C0-A9D6-4817-BFE4-A5D7E266114E}]
"SuggestionsURL"="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"c"="C:\Users\YR\AppData\Local\Google\Chrome\User Data\Default\Cache\\1"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InProcServer32]
@="C:\Users\YR\AppData\Local\Google\Update\1.2.183.39\goopdate.dll"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Classes\CLSID\{CD221623-4F9A-4FA5-A9EE-A77EC8F0E7BD}\InprocHandler32]
@="C:\Users\YR\AppData\Local\Google\Update\1.3.21.111\psuser.dll"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InProcServer32]
@="C:\Users\YR\AppData\Local\Google\Update\1.3.21.111\psuser.dll"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\YR\AppData\Local\Google\Chrome\Application\chrome.exe"="Google Chrome"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Classes\Wow6432Node\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InProcServer32]
@="C:\Users\YR\AppData\Local\Google\Update\1.2.183.39\goopdate.dll"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Classes\Wow6432Node\CLSID\{CD221623-4F9A-4FA5-A9EE-A77EC8F0E7BD}\InprocHandler32]
@="C:\Users\YR\AppData\Local\Google\Update\1.3.21.111\psuser.dll"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Classes\Wow6432Node\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InProcServer32]
@="C:\Users\YR\AppData\Local\Google\Update\1.3.21.111\psuser.dll"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InProcServer32]
@="C:\Users\YR\AppData\Local\Google\Update\1.2.183.39\goopdate.dll"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000_Classes\CLSID\{CD221623-4F9A-4FA5-A9EE-A77EC8F0E7BD}\InprocHandler32]
@="C:\Users\YR\AppData\Local\Google\Update\1.3.21.111\psuser.dll"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InProcServer32]
@="C:\Users\YR\AppData\Local\Google\Update\1.3.21.111\psuser.dll"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\YR\AppData\Local\Google\Chrome\Application\chrome.exe"="Google Chrome"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000_Classes\Wow6432Node\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InProcServer32]
@="C:\Users\YR\AppData\Local\Google\Update\1.2.183.39\goopdate.dll"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000_Classes\Wow6432Node\CLSID\{CD221623-4F9A-4FA5-A9EE-A77EC8F0E7BD}\InprocHandler32]
@="C:\Users\YR\AppData\Local\Google\Update\1.3.21.111\psuser.dll"
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000_Classes\Wow6432Node\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InProcServer32]
@="C:\Users\YR\AppData\Local\Google\Update\1.3.21.111\psuser.dll"
[HKEY_USERS\S-1-5-18\Software\Google]
[HKEY_USERS\S-1-5-18\Software\Google\Google Toolbar]
[HKEY_USERS\S-1-5-18\Software\Google\GoogleToolbarNotifier]

Searching for "MyStart"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://mystart.incredibar.com/mb128?a=6PQMJIR3uD&i=26]
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://mystart.incredibar.com/mb128?a=6PQMJIR3uD&i=26]

Searching for "Incredibar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://mystart.incredibar.com/mb128?a=6PQMJIR3uD&i=26]
[HKEY_USERS\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-288869447-1382899389-2484242644-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://mystart.incredibar.com/mb128?a=6PQMJIR3uD&i=26]

-= EOF =-
003294
2012-10-24, 20:34
Just let know when I should/if I should install chrome
ken545
2012-10-24, 22:59
Its possible that Google Chrome is being targeted with some 'extentions' from Internet Explorer so lets try setting IE back to default.

Open IE and go to Tools > Internet Options > Advanced Tab > Reset Internet Explorer Setting > Reset......this will take a few seconds

Then go to the Connections Tab > Lan Setting > and if use a Proxy Server is checked, uncheck it and x your way out, close IE

With Chrome Uninstalled, run this script, but first back up your registry with ERUNT

Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe




REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Google]
[-HKEY_USERS\.DEFAULT\Software\Google]
[-HKEY_CURRENT_USER\Software\Google]




Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this http://i24.photobucket.com/albums/c30/ken545/reg.jpg


Then reboot and reinstall Chrome from here
https://www.google.com/intl/en/chrome/browser/?&brand=CHMB&utm_campaign=en&utm_source=en-ha-na-us-sk&utm_medium=ha


Then let see if this helped
003294
2012-10-25, 11:50
done problem still there with chrome
ken545
2012-10-25, 13:17
Wow, this is a stickler

Rerun AdwCleaner, but drag the copy you have to the trash and download a fresh copy as it may have been updated

C:\AdwCleaner[Sn].txt<--Delete this old log as well


Download AdwCleaner (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner) to your desktop

1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.
4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

http://i24.photobucket.com/albums/c30/ken545/AdwareCleaner.jpg





Then lets run Combofix

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
003294
2012-10-25, 14:40
# AdwCleaner v2.005 - Logfile created 10/25/2012 at 13:36:27
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : YR - YR-PC
# Boot Mode : Normal
# Running from : C:\Users\YR\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\YR\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2450 octets] - [21/10/2012 10:11:23]
AdwCleaner[S2].txt - [716 octets] - [25/10/2012 13:36:27]

########## EOF - C:\AdwCleaner[S2].txt - [775 octets] ##########
003294
2012-10-25, 15:00
ComboFix 12-10-25.01 - YR 25/10/2012 13:44:58.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4009.2515 [GMT 1:00]
Running from: c:\users\YR\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2012-09-25 to 2012-10-25 )))))))))))))))))))))))))))))))
.
.
2012-10-25 12:52 . 2012-10-25 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-24 17:37 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6DDE45FB-C352-4F99-9F1C-1028C3B17FA6}\mpengine.dll
2012-10-19 21:21 . 2012-10-19 21:21 -------- d-----w- C:\_OTL
2012-10-18 07:13 . 2012-10-25 09:39 -------- d-----w- c:\users\YR\AppData\Local\Deployment
2012-10-18 07:13 . 2012-10-18 07:13 -------- d-----w- c:\users\YR\AppData\Local\Apps
2012-10-18 07:09 . 2012-10-18 07:09 -------- d-----w- c:\users\YR\AppData\Local\VS Revo Group
2012-10-18 07:09 . 2009-12-30 10:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-10-18 07:09 . 2012-10-18 07:09 -------- d-----w- c:\program files\VS Revo Group
2012-10-18 07:07 . 2012-10-18 07:07 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-18 07:07 . 2012-10-18 07:07 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-18 07:07 . 2012-10-18 07:07 -------- d-----w- c:\windows\SysWow64\Macromed
2012-10-18 07:07 . 2012-10-18 07:07 -------- d-----w- c:\windows\system32\Macromed
2012-10-16 12:55 . 2012-10-16 12:55 -------- d-----w- c:\users\YR\AppData\Local\Windows Live Writer
2012-10-16 12:55 . 2012-10-16 12:55 -------- d-----w- c:\users\YR\AppData\Roaming\Windows Live Writer
2012-10-16 12:53 . 2012-10-25 09:24 -------- d-----w- c:\users\YR\AppData\Local\WinZip
2012-10-16 12:51 . 2012-10-16 12:53 -------- d-----w- c:\programdata\WinZip
2012-10-16 12:51 . 2012-10-16 12:52 -------- d-----w- c:\program files\WinZip
2012-10-16 12:14 . 2012-10-16 12:14 -------- d-----w- c:\users\YR\AppData\Roaming\Malwarebytes
2012-10-16 12:14 . 2012-10-16 12:14 -------- d-----w- c:\programdata\Malwarebytes
2012-10-16 12:14 . 2012-10-16 12:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-16 12:14 . 2012-09-07 16:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-15 19:58 . 2012-10-15 19:58 -------- d-----w- c:\program files (x86)\Perion
2012-10-15 19:57 . 2012-10-15 20:02 -------- d-----w- c:\windows\SysWow64\WNLT
2012-10-15 19:56 . 2012-10-15 20:07 -------- d-----w- c:\program files (x86)\OnlineHD.TV
2012-10-11 11:43 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-11 11:43 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-11 11:43 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-11 11:43 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-11 11:43 . 2012-08-20 18:48 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-11 11:43 . 2012-08-20 18:48 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-10-11 11:43 . 2012-08-20 18:48 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-10-11 11:43 . 2012-08-20 18:46 338432 ----a-w- c:\windows\system32\conhost.exe
2012-10-11 11:43 . 2012-08-20 17:37 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-10-11 11:41 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-11 11:41 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-11 11:41 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-11 11:41 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-11 11:41 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-11 11:41 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-03 21:11 . 2012-10-03 21:11 -------- d-----w- c:\users\YR\AppData\Local\MetaGeek,_LLC
2012-10-03 20:09 . 2012-10-03 21:03 -------- d-----w- c:\programdata\VirtualizedApplications
2012-10-03 18:57 . 2012-10-04 14:43 -------- d-----w- c:\users\YR\AppData\Local\LogMeIn Rescue Applet
2012-10-03 18:31 . 2012-10-03 18:36 -------- d-----w- c:\users\YR\AppData\Local\Adobe
2012-09-30 21:31 . 2012-09-30 21:31 -------- d-----w- c:\users\YR\AppData\Local\Apple Computer
2012-09-30 21:31 . 2012-09-30 21:36 -------- d-----w- c:\users\YR\AppData\Roaming\Apple Computer
2012-09-30 21:31 . 2012-09-30 21:31 -------- dc----w- c:\windows\system32\DRVSTORE
2012-09-30 21:31 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-30 21:30 . 2012-09-30 21:30 -------- d-----w- c:\program files\iPod
2012-09-30 21:30 . 2012-09-30 21:31 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-30 21:30 . 2012-09-30 21:31 -------- d-----w- c:\program files\iTunes
2012-09-30 21:30 . 2012-09-30 21:31 -------- d-----w- c:\program files (x86)\iTunes
2012-09-30 21:30 . 2012-09-30 21:30 -------- d-----w- c:\programdata\Apple Computer
2012-09-30 21:28 . 2012-09-30 21:28 -------- d-----w- c:\users\YR\AppData\Local\Apple
2012-09-30 21:28 . 2012-09-30 21:28 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-09-30 21:27 . 2012-09-30 21:27 -------- d-----w- c:\program files\Common Files\Apple
2012-09-30 21:27 . 2012-09-30 21:27 -------- d-----w- c:\program files\Bonjour
2012-09-30 21:27 . 2012-09-30 21:27 -------- d-----w- c:\program files (x86)\Bonjour
2012-09-30 21:26 . 2012-09-30 21:30 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-09-30 21:26 . 2012-09-30 21:28 -------- d-----w- c:\programdata\Apple
2012-09-30 21:20 . 2012-10-15 20:06 -------- d-----w- c:\users\YR\AppData\Local\CrashDumps
2012-09-30 21:12 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-30 21:12 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-30 21:12 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-30 21:12 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-30 21:12 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-30 21:12 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-30 21:11 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-30 21:11 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-09-30 19:59 . 2012-10-25 09:54 -------- d-----w- c:\users\YR\AppData\Roaming\SoftGrid Client
2012-09-30 19:59 . 2012-09-30 19:59 -------- d-----w- c:\users\YR\AppData\Local\SoftGrid Client
2012-09-30 19:58 . 2012-10-01 21:31 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-09-30 19:58 . 2012-09-30 19:58 -------- d-----w- c:\program files\Microsoft Office
2012-09-30 19:58 . 2012-09-30 19:59 -------- d-----w- c:\users\YR\AppData\Roaming\TP
2012-09-27 21:17 . 2012-09-27 21:17 -------- d-----w- c:\windows\SysWow64\Wat
2012-09-27 21:17 . 2012-09-27 21:17 -------- d-----w- c:\windows\system32\Wat
2012-09-27 21:15 . 2012-10-13 14:14 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-26 08:23 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-23 21:24 . 2012-09-23 21:24 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-23 21:24 . 2012-09-23 21:24 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-23 21:24 . 2012-09-23 21:24 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-21 03:49 . 2012-09-21 03:49 83 ------w- c:\windows\system32\IHV_Install.bat
2012-09-20 21:48 . 2010-06-24 18:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-24 11:15 . 2012-09-24 21:49 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-24 21:49 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-24 21:49 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-24 21:50 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-24 21:49 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-24 21:50 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-24 21:50 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-24 21:49 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-24 21:50 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-24 21:49 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-24 21:49 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-24 21:49 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-24 21:49 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-24 21:50 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-24 21:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-24 21:50 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-24 21:49 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-24 21:49 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-24 21:50 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-24 21:50 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-24 21:50 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-24 21:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-20 22:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-20 22:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-20 22:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-20 22:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 12:01 . 2012-08-21 12:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 12:01 . 2012-08-21 12:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-21 09:12 . 2012-09-20 22:13 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-20 17:38 . 2012-10-11 11:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-20 22:12 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-20 22:12 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2010-09-30 48752]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-13 662016]
"DeskUpdateNotifier"="c:\fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe" [2012-07-25 101288]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2009-07-08 162912]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files\Fujitsu\LaunchCenter\LaunchCenter.exe [2011-4-12 375296]
newreminderdialog.lnk - c:\program files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe [2012-9-21 931096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 250808]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 116648]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-03-24 34200]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-27 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys [2009-06-24 21104]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-10-07 331776]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2010-06-17 63336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys [2006-11-01 7296]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-22 59904]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\Netwsw00.sys [2012-06-03 11499008]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-07 245792]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-03-24 42392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 07:07]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 09:39]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 09:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2010-06-08 45680]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2010-11-13 199528]
"PfNet"="c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe" [2010-10-07 6311424]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-07 11663464]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-13 662016]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2010-07-16 162416]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2010-07-09 21616]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page =
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-25 13:56:16
ComboFix-quarantined-files.txt 2012-10-25 12:56
.
Pre-Run: 328,268,677,120 bytes free
Post-Run: 327,907,467,264 bytes free
.
- - End Of File - - 961989EBAF6498CD551F654EB76C11C8
ken545
2012-10-25, 18:30
The only thing I see to remove is this

C:\Users\YR\AppData\Local\Google\Chrome\User Data\Default\Preferences <--Open the folder and delete its contents but not the folder itself

If it messes with Chrome, just go ahead and reinstall Chrome
ken545
2012-10-25, 23:16
Open up Chrome

1. click the wench icon in the top right hand corner.
2. go to settings
3. at the left hand side of the page you have three options, history, extensions and settings, click extensions
4. delete all extensions
003294
2012-10-26, 10:16
Open up Chrome

1. click the wench icon in the top right hand corner.
2. go to settings
3. at the left hand side of the page you have three options, history, extensions and settings, click extensions
4. delete all extensions

After doing above it has finally got rid of the bug!! Can you assist with what I do next? In particularly removing combo fix
ken545
2012-10-26, 11:45
Wonderful :bigthumb:



Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.


http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png




Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken
003294
2012-10-27, 19:47
Thanks for you patience, help and persistence! I thought at one point you were going to say I don't know what to do. I know how I got the bug. I tried d.loading a film from a torrent and clicked, d.laoded and run a bug instead of d.loading what I wanted.

I'll give torrents a miss after this episode, next time i might not be so lucky!

At least with my situation everyone will know how to get rid should it occur to anyone else again!
ken545
2012-10-27, 23:38
Your welcome, glad we could help and with your help it will be easier to remove this pest from other systems in the future.

Take Care,

Ken :)
ken545
2012-10-29, 09:10
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.