Page 2 of 6 FirstFirst 123456 LastLast
Results 11 to 20 of 55

Thread: Incredibar

  1. 2012-10-08, 18:11 #11
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.





    Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Firefox::


    Code:
    Firefox::
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQKBEoZ6o&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 4e18d11e0000000000002eb70d3f194a
FF - user.js: extensions.incredibar_i.instlDay - 15607
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:07:47
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQKBEoZ6o
FF - user.js: extensions.incredibar_i.upn2n - 92543635926693664
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
    Save this as CFScript to your desktop.

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




    This will start ComboFix . After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
    Last edited by ken545; 2012-10-08 at 18:24.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  2. 2012-10-08, 20:06 #12
    russwilsonau
    russwilsonau is offline
    Member
    Join Date
    Sep 2012
    Posts
    32

    Default

    sorry, "suspended" responding yesterday due to late hour of working -- please don't respond until after I've finished running the programs but to keep you up to date here's output of otl.txt --- no extras.txt this time?
    wish I knew what I was doing -- now I'll download combo fix
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    OTL logfile created on: 9/10/2012 2:40:02 a.m. - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Russell\Downloads\OTL
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

    1012.30 Mb Total Physical Memory | 284.09 Mb Available Physical Memory | 28.06% Memory free
    1.99 Gb Paging File | 0.77 Gb Available in Paging File | 38.61% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 283.95 Gb Total Space | 154.33 Gb Free Space | 54.35% Space Free | Partition Type: NTFS
    Drive D: | 13.84 Gb Total Space | 1.55 Gb Free Space | 11.18% Space Free | Partition Type: NTFS
    Drive E: | 99.00 Mb Total Space | 87.44 Mb Free Space | 88.33% Space Free | Partition Type: FAT32

    Computer Name: RUSSELL-HP | User Name: Russell | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Russell\Downloads\OTL\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Box Sync\UpdateService.exe (Box, Inc.)
    PRC - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
    PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
    PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
    PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
    PRC - C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
    PRC - C:\Program Files\GFI\GFI BackUp Freeware\GFIFInst.exe (GFI Software Ltd.)
    PRC - C:\Program Files\GFI\GFI BackUp Freeware\GFIFSched.exe (GFI Software Ltd.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
    PRC - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
    PRC - C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
    PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
    PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
    PRC - C:\Program Files\ThreatFire\TFService.exe (PC Tools)
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
    PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    PRC - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
    PRC - C:\Program Files\IDT\WDM\AESTSrv.exe (Andrea Electronics Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f489585d6cb29313a05dceac6ee1cde1\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f37a9277a565b368c4358befdce25080\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\6b97ba148f663f114bcbbfae7a2752e9\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7edca5be5fb91df4d5eb66097437f546\mscorlib.ni.dll ()


    ========== Services (SafeList) ==========

    SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (#UpdateService) -- C:\Program Files\Box Sync\UpdateService.exe (Box, Inc.)
    SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
    SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
    SRV - (BingDesktopUpdate) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
    SRV - (GFIBckFAtt) -- C:\Program Files\GFI\GFI BackUp Freeware\GFIFInst.exe (GFI Software Ltd.)
    SRV - (GFIBckFSched) -- C:\Program Files\GFI\GFI BackUp Freeware\GFIFSched.exe (GFI Software Ltd.)
    SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
    SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
    SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
    SRV - (AtherosSvc) -- C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
    SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
    SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
    SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    SRV - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
    SRV - (ThreatFire) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools)
    SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    SRV - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
    SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSrv.exe (Andrea Electronics Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
    DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
    DRV - (igddim32) -- C:\Windows\System32\drivers\igddim32.sys (Intel Corporation)
    DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
    DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros)
    DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros)
    DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros)
    DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros)
    DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros)
    DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros)
    DRV - (btath_avdt) -- C:\Windows\System32\drivers\btath_avdt.sys (Atheros)
    DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros)
    DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
    DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
    DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
    DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
    DRV - (clwvd) -- C:\Windows\System32\drivers\clwvd.sys (CyberLink Corporation)
    DRV - (TfSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys (PC Tools)
    DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)
    DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys (PC Tools)
    DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
    DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
    DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
    DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/116
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{1EB53970-B557-5025-3244-737B4FF514AF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}


    IE - HKU\.DEFAULT\..\URLSearchHook: {D0CF9C3B-2C4F-4C99-ACED-3CDF9AEEFF7E} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {D0CF9C3B-2C4F-4C99-ACED-3CDF9AEEFF7E} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.msn.com/?pc=BDT3&ocid=bdtdhp
    IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/116
    IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes,Backup.Old.DefaultScope = {9655317D-B950-475F-9450-73A32684CFEC}
    IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{1EB53970-B557-5025-3244-737B4FF514AF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7ITVB_enNZ475
    IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{4306E828-4997-4C8E-9FE4-9E46CC3276E4}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.openintab: true
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://au.yahoo.com/"
    FF - prefs.js..extensions.enabledAddons: save-as-pdf-ff@pdfcrowd.com:1.5
    FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0
    FF - prefs.js..extensions.enabledAddons: tabutilslite@ithinc.cn:1.1.5
    FF - prefs.js..extensions.enabledAddons: zotero@chnm.gmu.edu:3.0.8
    FF - prefs.js..extensions.enabledAddons: zoteroOpenOfficeIntegration@zotero.org:3.5.3
    FF - prefs.js..extensions.enabledAddons: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:2.0.6
    FF - prefs.js..extensions.enabledAddons: {ada4b710-8346-4b82-8199-5de2b400a6ae}:2.0.1
    FF - prefs.js..extensions.enabledAddons: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.7.5
    FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
    FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
    FF - prefs.js..extensions.enabledAddons: {d37dc5d0-431d-44e5-8c91-49419370caa1}:3.1.26
    FF - prefs.js..extensions.enabledAddons: zotfile@columbia.edu:2.2.1
    FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
    FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\LibreOffice 3.4\program File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Russell\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Russell\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin [2012/09/28 18:41:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/27 23:47:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 13:34:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/24 19:22:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles/xfb27j5f.default\extensions\superfish@superfish.com
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files\WordWeb\WCaptureMoz [2012/02/27 19:17:18 | 000,000,000 | ---D | M]

    [2012/08/03 07:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Extensions
    [2012/10/05 14:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions
    [2012/08/26 03:57:18 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
    [2012/09/18 18:03:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/09/20 13:35:40 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
    [2012/10/03 08:37:27 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\foxmarks@kei.com
    [2012/08/03 08:00:26 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\support@lastpass.com
    [2012/08/03 07:28:39 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\zotero@chnm.gmu.edu
    [2012/08/03 07:45:37 | 000,000,000 | ---D | M] (Zotero LibreOffice Integration) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\zoteroOpenOfficeIntegration@zotero.org
    [2012/08/03 08:00:22 | 000,057,194 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\save-as-pdf-ff@pdfcrowd.com.xpi
    [2012/08/26 03:57:11 | 000,024,946 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\tabutilslite@ithinc.cn.xpi
    [2012/09/26 17:08:59 | 000,406,180 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\zotfile@columbia.edu.xpi
    [2012/08/03 08:00:26 | 000,527,037 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi
    [2012/09/13 09:10:43 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
    [2012/08/03 08:00:27 | 000,324,289 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
    [2012/08/11 00:32:56 | 000,000,822 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\xpi-details.xsl
    [2012/09/09 13:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/09/09 13:34:36 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/07/10 15:52:26 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/08/03 03:09:47 | 000,002,361 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2012/09/04 11:36:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/15 23:57:58 | 000,001,478 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\emclient_igeared.xml
    [2012/09/04 11:36:54 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.co.nz/
    CHR - default_search_provider: MyStart Search (Enabled)
    CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb178/?loc=IB_DS&search={searchTerms}&a=6PQKBEoZ6o&i=26
    CHR - default_search_provider: suggest_url = ,
    CHR - homepage: http://www.google.co.nz/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
    CHR - plugin: Free Studio (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll
    CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
    CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\10.11.21.5_0\plugins/np-cwmp.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
    CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: Xmarks Bookmark Sync = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\
    CHR - Extension: Xmarks Bookmark Sync = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak
    CHR - Extension: YouTube = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Adblock Plus (Beta) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
    CHR - Extension: Google Search = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Proxy SwitchySharp = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\1.9.48_0\
    CHR - Extension: SaveFrom.net helper lite = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gekjjfhbnbhfgmnmkocnnfapjpdcpbok\1.47_0\
    CHR - Extension: LastPass = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.10_0\
    CHR - Extension: No name found = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
    CHR - Extension: Search for YouTube Videos = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kabfoagjjgbakjgadhcpoleecfkmhpjm\0.1.0.6_0\
    CHR - Extension: Save as PDF = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc\1.6_0\
    CHR - Extension: Incredible StartPage - Productive Start Page for Chrome! = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.5.2_0\
    CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
    CHR - Extension: Gmail = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/10/09 02:24:09 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\Toolbar\WebBrowser: (Freecorder 6) - {6B34ACCF-1B63-4E1A-8633-461917C75544} - C:\Program Files\Freecorder 6\tbcore3.dll ()
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
    O4 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.7.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\osf - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 10:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/09 02:23:10 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/10/08 20:13:14 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\GAD
    [2012/10/07 09:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
    [2012/10/07 01:53:17 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\EMAIL IDs
    [2012/10/07 00:21:44 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\MEDITATION -- SELF-COMPASSION
    [2012/10/06 11:50:53 | 000,000,000 | ---D | C] -- C:\8e07ef0f1fb298627a7ae926aaec3f
    [2012/09/29 20:38:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/09/29 20:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/09/29 20:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/09/28 20:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012/09/28 20:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/09/28 20:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2012/09/28 17:12:52 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Malwarebytes
    [2012/09/28 17:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/28 17:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/28 17:12:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/09/28 17:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/09/26 21:03:11 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
    [2012/09/26 13:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2012/09/26 13:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/09/26 03:15:58 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\CX
    [2012/09/26 03:15:11 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CX
    [2012/09/26 03:14:37 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\CX
    [2012/09/25 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
    [2012/09/24 03:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr Smoozles Goes Nutso
    [2012/09/24 03:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mr Smoozles Goes Nutso
    [2012/09/24 01:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
    [2012/09/24 01:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com
    [2012/09/23 19:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/09/23 19:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/09/23 19:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/09/23 19:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2012/09/22 12:35:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012/09/22 12:34:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012/09/22 12:34:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012/09/22 12:34:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012/09/22 12:34:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2012/09/22 12:34:50 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2012/09/22 12:34:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012/09/22 12:34:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2012/09/20 22:57:10 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\MSSAT TRUST OTAGO
    [2012/09/17 14:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigma Team
    [2012/09/17 14:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sigma Team
    [2012/09/17 14:07:36 | 000,000,000 | ---D | C] -- C:\Counter-Strike 2D
    [2012/09/17 11:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cave Story Deluxe
    [2012/09/17 11:57:56 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cave Story Deluxe
    [2012/09/17 11:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Cave Story Deluxe
    [2012/09/17 03:34:27 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
    [2012/09/17 03:34:25 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
    [2012/09/17 03:34:24 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
    [2012/09/17 03:34:23 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
    [2012/09/17 03:34:22 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
    [2012/09/17 03:34:22 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
    [2012/09/17 03:34:21 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
    [2012/09/17 03:33:54 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
    [2012/09/17 03:33:53 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
    [2012/09/17 03:33:53 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
    [2012/09/17 03:33:52 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
    [2012/09/17 03:33:50 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
    [2012/09/17 03:33:48 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
    [2012/09/17 03:33:47 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
    [2012/09/17 03:33:45 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
    [2012/09/17 03:33:43 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
    [2012/09/16 23:31:22 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Punkbuster
    [2012/09/16 23:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Wolfenstein - Enemy Territory
    [2012/09/15 16:54:15 | 000,000,000 | -HSD | C] -- C:\found.002
    [2012/09/13 21:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/09/13 21:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2012/09/13 21:12:25 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2012/09/12 17:03:38 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
    [2012/09/12 17:03:37 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
    [2012/09/12 17:03:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
    [2012/09/12 17:03:23 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
    [2012/09/12 16:49:35 | 000,000,000 | ---D | C] -- C:\09470b656efc966851db
    [2012/09/09 13:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/09 02:35:29 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/09 02:35:29 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/09 02:27:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/09 02:27:21 | 796,102,656 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/09 02:24:09 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2012/10/08 23:06:26 | 000,408,820 | ---- | M] () -- C:\Users\Russell\Desktop\(2) acceptance and commitment therapy — Facebook search.maff
    [2012/10/08 22:56:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/10/08 14:52:58 | 008,067,631 | ---- | M] () -- C:\Users\Russell\Desktop\At_the_Heart_of_Intimacy_Susan_Johnson.flv
    [2012/10/07 22:17:17 | 000,071,313 | ---- | M] () -- C:\Users\Russell\Desktop\Storied Mind Newsletter The Anger in Depression.maff
    [2012/10/06 12:20:39 | 000,153,870 | ---- | M] () -- C:\Users\Russell\Desktop\Most Psychotropic Meds Increase Driving Risk.maff
    [2012/10/06 06:02:54 | 000,126,494 | ---- | M] () -- C:\Users\Russell\Desktop\Neuropathy_Treatment.pdf
    [2012/10/04 15:28:51 | 000,000,013 | ---- | M] () -- C:\Windows\System32\WinSys32.crc
    [2012/10/02 12:01:56 | 000,665,232 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/10/02 12:01:56 | 000,125,678 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/09/25 00:07:50 | 000,000,712 | ---- | M] () -- C:\user.js
    [2012/09/16 21:47:00 | 000,001,947 | ---- | M] () -- C:\Users\Russell\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
    [2012/09/13 23:52:19 | 000,002,060 | ---- | M] () -- C:\Users\Russell\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk

    ========== Files Created - No Company Name ==========

    [2012/10/08 23:06:07 | 000,408,820 | ---- | C] () -- C:\Users\Russell\Desktop\(2) acceptance and commitment therapy — Facebook search.maff
    [2012/10/08 14:50:56 | 008,067,631 | ---- | C] () -- C:\Users\Russell\Desktop\At_the_Heart_of_Intimacy_Susan_Johnson.flv
    [2012/10/07 22:16:51 | 000,071,313 | ---- | C] () -- C:\Users\Russell\Desktop\Storied Mind Newsletter The Anger in Depression.maff
    [2012/10/06 12:20:18 | 000,153,870 | ---- | C] () -- C:\Users\Russell\Desktop\Most Psychotropic Meds Increase Driving Risk.maff
    [2012/10/06 06:02:07 | 000,126,494 | ---- | C] () -- C:\Users\Russell\Desktop\Neuropathy_Treatment.pdf
    [2012/09/16 23:31:58 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
    [2012/08/25 10:31:42 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
    [2012/08/24 14:02:51 | 000,001,729 | ---- | C] () -- C:\Users\Russell\AppData\Local\recently-used.xbel
    [2012/07/29 19:16:38 | 000,000,061 | ---- | C] () -- C:\ProgramData\DoremisoftSWFSetting.ini
    [2012/06/21 06:30:48 | 000,093,696 | ---- | C] () -- C:\Windows\System32\lua5.1a.dll
    [2012/05/10 00:38:50 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
    [2012/05/08 00:43:43 | 000,001,089 | ---- | C] () -- C:\Users\Russell\Documents - Shortcut.lnk
    [2012/05/07 13:48:05 | 000,042,120 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
    [2012/04/20 23:30:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2012/03/18 22:00:51 | 000,000,000 | ---- | C] () -- C:\Users\Russell\hsqlprefs.dat
    [2012/03/14 18:56:02 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
    [2012/03/01 23:57:34 | 000,000,165 | ---- | C] () -- C:\Users\Russell\.gtkrc-2.0
    [2012/02/27 19:17:40 | 002,216,480 | ---- | C] () -- C:\Windows\wweb32.dll
    [2012/02/23 00:31:43 | 000,011,776 | ---- | C] () -- C:\Users\Russell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/15 01:44:00 | 000,003,504 | ---- | C] () -- C:\Users\Russell\Financial Accounts.gnucash
    [2012/02/14 23:08:04 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
    [2012/02/05 03:29:28 | 000,000,224 | ---- | C] () -- C:\Users\Russell\.languagetool-ooo.cfg
    [2012/02/02 23:23:25 | 000,899,072 | ---- | C] () -- C:\Users\Russell\AppData\Roaming\SharedSettings.ccs
    [2011/12/21 22:42:09 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2011/12/14 11:57:16 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
    [2011/12/12 03:22:22 | 000,000,101 | ---- | C] () -- C:\Windows\System32\ud-boot-time.ini
    [2011/10/22 22:24:58 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin
    [2011/09/15 16:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
    [2011/09/07 09:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
    [2011/03/29 21:00:00 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2011/03/25 08:35:18 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2011/03/02 23:43:46 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

    ========== ZeroAccess Check ==========

    [2012/08/11 00:32:56 | 000,000,596 | ---- | M] () -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
    [2009/07/14 17:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 17:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 10:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 14:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/04/18 04:27:57 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\.calligra
    [2012/05/27 14:48:23 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\.gephi
    [2012/07/28 13:06:35 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AnvSoft
    [2012/10/07 21:57:37 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Applian FLV and Media Player
    [2012/03/06 10:32:13 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Ashampoo
    [2012/07/29 05:10:41 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AVCWare
    [2012/05/16 14:47:51 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AVG
    [2012/02/02 17:21:16 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Blio
    [2012/09/08 18:54:50 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Box Desktop
    [2012/09/09 23:55:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Box Sync
    [2012/02/13 06:07:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\calibre
    [2012/08/04 03:21:52 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CBS Interactive
    [2012/02/05 15:41:23 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Cocoon Software
    [2012/10/04 15:25:35 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CoffeeCup Software
    [2012/05/20 17:48:43 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\ColorCop
    [2012/09/26 03:15:58 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CX
    [2012/02/14 21:15:38 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DAZ 3D
    [2012/09/08 02:35:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Docear
    [2012/08/04 05:05:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Downloaded Installations
    [2012/09/08 18:02:55 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Dropbox
    [2012/08/30 02:11:01 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DVDVideoSoft
    [2012/08/29 01:34:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers
    [2012/02/04 02:13:30 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\E-Z Contact Book
    [2012/06/19 23:12:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Eltima Software
    [2012/08/20 00:43:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\eM Client
    [2012/03/21 20:03:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\eM Client for SoftMaker
    [2012/05/16 02:09:12 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\enchant
    [2012/05/27 21:46:26 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\EndNote
    [2012/06/25 18:07:07 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FileOpen
    [2012/10/03 22:43:26 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FileZilla
    [2012/08/04 07:27:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Foxit
    [2012/06/16 19:51:33 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Foxit Software
    [2012/08/08 06:57:37 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Free Sound Recorder
    [2012/02/07 07:27:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FreeCommander
    [2012/08/08 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Audio
    [2012/08/08 08:47:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Converter
    [2012/08/08 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Screen
    [2012/08/08 08:48:07 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Video
    [2012/02/03 23:44:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FreeFLVConverter
    [2012/08/13 07:27:27 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FTPSynchronize
    [2012/09/13 23:54:11 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\GlarySoft
    [2012/04/29 10:49:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\gtk-2.0
    [2012/05/27 15:29:02 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\HistCite
    [2012/05/15 13:28:06 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\inkscape
    [2012/03/03 23:11:37 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\IObit
    [2012/05/17 09:41:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\IrfanView
    [2012/05/31 05:01:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\JabRef 2.8
    [2012/10/08 00:41:03 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Jarte
    [2012/07/28 14:57:39 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\KompoZer
    [2012/07/28 15:50:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\kompozer.net
    [2012/02/02 17:55:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\LibreOffice
    [2012/05/25 03:38:20 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\LyX2.0
    [2012/10/06 20:41:35 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\MegaCloud
    [2012/09/09 23:20:54 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\MegaCloudBackup
    [2012/07/29 07:46:20 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Moyea
    [2012/10/08 00:40:38 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Nitro PDF
    [2012/04/18 12:23:41 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\onOne Software
    [2012/07/04 08:52:39 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\OpenCandy
    [2012/05/19 02:07:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\OpenOffice.org
    [2012/07/29 00:35:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Opera
    [2012/07/04 08:57:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Paltalk
    [2012/05/20 23:08:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\picpick
    [2012/02/15 05:43:06 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\postgresql
    [2012/05/28 02:01:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Publish or Perish
    [2012/02/07 22:06:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Quantisle
    [2012/08/04 04:17:17 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RapidTyping
    [2012/07/28 14:51:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RecoolTec
    [2012/04/17 15:54:04 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RegistryKeys
    [2012/08/13 00:55:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RiseFly
    [2012/06/25 16:28:27 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Smart PDF Converter Pro
    [2012/07/17 13:55:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\SoftGrid Client
    [2012/03/21 20:42:01 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\SoftMaker
    [2012/02/02 16:41:42 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Synaptics
    [2012/08/13 01:43:49 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Sync App Settings
    [2012/08/11 00:05:26 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Thunderbird
    [2012/03/14 06:42:58 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Titler
    [2012/02/02 18:09:58 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\TP
    [2012/05/05 19:15:14 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\uTorrent
    [2012/07/28 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\VIP Video Converter
    [2012/02/03 19:21:42 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Windows Live Writer
    [2012/07/28 14:12:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Wondershare Video Converter Ultimate
    [2012/07/29 05:35:51 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Xilisoft
    [2012/02/03 00:55:24 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Zotero
    [2012/03/16 15:07:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\ZScreen

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4

    < End of report >
  3. 2012-10-08, 20:59 #13
    russwilsonau
    russwilsonau is offline
    Member
    Join Date
    Sep 2012
    Posts
    32

    Default

    not sure if I'm doing this right --
    you didn't mention the Admin window opening, so I ignored it and proceeded;
    CF didn't say to re-boot but Firefox wouldn't work properly so I re-booted;
    no ComboFix.txt file created automatically that I could find, so re-ran CF to see if it would create it -- awaiting operations -- this closes Ff down so will get back to you after that
  4. 2012-10-08, 21:57 #14
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    You should be able to find the combofix file here
    C:\ComboFix.txt
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  5. 2012-10-09, 09:23 #15
    russwilsonau
    russwilsonau is offline
    Member
    Join Date
    Sep 2012
    Posts
    32

    Default

    see screen capture -- missing menu bar to fit "everything" in -- attached contents of combofix.txt -- looks ok? but??
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    ComboFix 12-10-08.03 - Russell 09/10/2012 8:18:44.1.4 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.1012.185 [GMT 13:00]
    Running from: C:\Users\Russell\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\install.exe
    C:\Users\Russell\AppData\Local\assembly\tmp
    C:\Users\Russell\AppData\Local\TempDIR
    C:\Windows\iun6002.exe
    C:\Windows\system32\wpcap.dll


    ((((((((((((((((((((((((( Files Created from 2012-09-08 to 2012-10-08 )))))))))))))))))))))))))))))))
  6. 2012-10-09, 09:56 #16
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Your screen capture is bogus, I need to see the entire Combofix log , if you cant find it then run DDS again and post that new log please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  7. 2012-10-09, 12:24 #17
    russwilsonau
    russwilsonau is offline
    Member
    Join Date
    Sep 2012
    Posts
    32

    Default

    I did a Windows search and what you see is what was in combofix.txt

    bogus? don't know what you mean, it's a real screen capture, not sure I mocked up

    DDS -- could you remind me what that is, please?
  8. 2012-10-09, 12:26 #18
    russwilsonau
    russwilsonau is offline
    Member
    Join Date
    Sep 2012
    Posts
    32

    Default

    that should have read "not SOMETHING I mocked up"
  9. 2012-10-09, 13:02 #19
    russwilsonau
    russwilsonau is offline
    Member
    Join Date
    Sep 2012
    Posts
    32

    Default

    did search and found DDS referred to as having something to do with Malwarebytes (on BleepingComputer.com, and you've had me run that before) so am attaching that log below -- but can't see any useful info.

    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.09.02

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Russell :: RUSSELL-HP [administrator]

    Protection: Disabled

    9/10/2012 11:38:03 p.m.
    mbam-log-2012-10-09 (23-38-03).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 207179
    Time elapsed: 14 minute(s), 6 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  10. 2012-10-09, 13:09 #20
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hey Russell,

    Looking at the screen capture again and thought it was just from a bogus site, my bad. DDS is the first log you posted when you originally posted in the forum

    Download DDS from one of the links below to your desktop

    Link 1
    Link 2

    • Double click the tool to run it.
    • A black Screen will open, just read the contents and do nothing.
    • When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
    • Copy/Paste the contents of 'DDS.txt' into your post.
    • 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)



    After running Combofix, is incredibar gone ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules