Incredibar

Status
Not open for further replies.
R

russwilsonau

New member
trying to remove Incredibar -- SB said it removed it but didn't -- when re-starting Ff 15.0.1 it returns when i open a new tab: MyStart Incredibar appears

hope I've got this right this time: sure you'll let me know if I haven't

the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Russell at 19:40:26 on 2012-09-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.1012.66 [GMT 12:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Box Sync\UpdateService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~1\GFI\GFIBAC~1\GFIFInst.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIFSC~1.EXE
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\ThreatFire\TFService.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\conhost.exe
C:\Program Files\ThreatFire\TFUN.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page =
uSearch Bar =
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0E0Czy0AyByEyD0EtByCyB0E0DtCtC0EtN0D0TzutBtDtCtBtDyCtCyD&cr=1530279376
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {93a3111f-4f74-4ed8-895e-d9708497629e} - c:\program files\videodownloadconverter_4z\bar\1.bin\4zSrcAs.dll
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\freecorder 6\tbhelper.dll
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
TB: Freecorder 6: {6b34accf-1b63-4e1a-8633-461917c75544} - c:\program files\freecorder 6\tbcore3.dll
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\program files\microsoft office 15\root\office15\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\russell\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll/105
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7}\37071627B6630314C647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7}\4457E6564696E602C4962627162797021337470264C6F6F627 : DhcpNameServer = 10.10.10.1
TCP: Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7}\642554540294E4455425E454450213 : DhcpNameServer = 192.168.11.1 8.8.8.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\russell\appdata\roaming\mozilla\firefox\profiles\bylhdpoc.default\
FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com/
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitroie.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\videodownloadconverter_4z\bar\1.bin\NP4zStub.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\russell\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQKBEoZ6o&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 4e18d11e0000000000002eb70d3f194a
FF - user.js: extensions.incredibar_i.instlDay - 15607
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:07:47
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQKBEoZ6o
FF - user.js: extensions.incredibar_i.upn2n - 92543635926693664
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
============= SERVICES / DRIVERS ===============
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-5-20 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-5-20 69392]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-17 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-17 355632]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-17 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-17 58680]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-10-22 25248]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2012-8-4 27760]
R3 igddim32;igddim32;c:\windows\system32\drivers\igddim32.sys [2012-4-20 1344512]
R3 igdkmd32;igdkmd32;c:\windows\system32\drivers\igdkmd32.sys [2012-4-20 419328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-28 22856]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-12-21 197224]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-12-21 394856]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-5-20 33552]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-10-22 35488]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-10-22 290976]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-10-22 97440]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-10-22 147616]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-10-22 60064]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-10-22 263968]
S3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-10-22 445088]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-28 40776]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-09-28 17:31:54 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{78b2374f-2b17-4b23-b40c-f61cff0d9315}\offreg.dll
2012-09-28 15:43:20 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{78b2374f-2b17-4b23-b40c-f61cff0d9315}\mpengine.dll
2012-09-28 07:03:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-28 07:03:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-28 04:15:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-28 04:12:52 -------- d-----w- c:\users\russell\appdata\roaming\Malwarebytes
2012-09-28 04:12:10 -------- d-----w- c:\programdata\Malwarebytes
2012-09-28 04:12:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 04:12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-26 08:03:11 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-26 00:54:09 -------- d-----w- c:\program files\CCleaner
2012-09-25 14:15:58 -------- d-----w- c:\users\russell\appdata\roaming\CX
2012-09-25 14:14:37 -------- d-----w- c:\users\russell\appdata\local\CX
2012-09-24 11:09:26 -------- d-----w- c:\program files\Perion
2012-09-23 14:39:22 -------- d-----w- c:\program files\Mr Smoozles Goes Nutso
2012-09-23 12:29:25 -------- d-----w- c:\program files\GOG.com
2012-09-23 06:15:50 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-23 06:12:28 -------- d-----w- c:\program files\iPod
2012-09-23 06:12:07 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-23 06:12:07 -------- d-----w- c:\program files\iTunes
2012-09-21 23:41:24 0 ----a-w- c:\windows\system32\sho5B78.tmp
2012-09-21 23:35:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-21 23:35:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-09-21 23:35:02 140936 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-09-21 23:35:01 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-09-17 01:19:26 -------- d-----w- c:\program files\Sigma Team
2012-09-17 01:07:36 -------- d-----w- C:\Counter-Strike 2D
2012-09-16 22:57:04 -------- d-----w- c:\program files\Cave Story Deluxe
2012-09-16 14:34:27 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2012-09-16 14:34:25 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-09-16 14:34:24 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2012-09-16 14:34:23 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2012-09-16 14:33:47 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-09-16 10:31:58 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-09-16 10:31:22 -------- d-----w- c:\users\russell\appdata\local\Punkbuster
2012-09-16 10:30:00 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2012-09-15 03:54:15 -------- d-sh--w- C:\found.002
2012-09-13 08:12:25 -------- d-----r- c:\program files\Skype
2012-09-12 20:39:00 0 ----a-w- c:\windows\system32\sho4144.tmp
2012-09-12 04:03:39 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 04:03:38 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 04:03:37 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 04:03:31 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 04:03:29 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 04:03:23 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 03:49:35 -------- d-----w- C:\09470b656efc966851db
2012-09-09 00:33:48 15632352 ----a-w- c:\program files\mozilla firefox\xul.dll
2012-09-09 00:33:47 19424 ----a-w- c:\program files\mozilla firefox\xpcom.dll
2012-09-09 00:33:46 270304 ----a-w- c:\program files\mozilla firefox\updater.exe
2012-09-09 00:33:41 883896 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2012-09-09 00:33:41 145376 ----a-w- c:\program files\mozilla firefox\ssl3.dll
2012-09-09 00:33:40 155104 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2012-09-09 00:33:39 91104 ----a-w- c:\program files\mozilla firefox\smime3.dll
2012-09-09 00:33:29 15672645 ----a-w- c:\program files\mozilla firefox\protext\texmakerx\texmakerx21_win32-install.exe
2012-09-09 00:33:27 131584 ----a-w- c:\program files\mozilla firefox\protext\Setup.exe
2012-09-09 00:33:24 2149888 ----a-w- c:\program files\mozilla firefox\protext\python26.dll
2012-09-09 00:32:08 5779456 ----a-w- c:\program files\mozilla firefox\protext\miktex\tm\packages\setup-2.9.3959.exe
2012-09-09 00:25:23 5779456 ----a-w- c:\program files\mozilla firefox\protext\miktex\setup\setup-2.9.3959.exe
2012-09-09 00:25:21 655872 ----a-w- c:\program files\mozilla firefox\protext\microsoft.vc90.crt\msvcr90.dll
2012-09-09 00:25:19 568832 ----a-w- c:\program files\mozilla firefox\protext\microsoft.vc90.crt\msvcp90.dll
2012-09-09 00:25:18 224768 ----a-w- c:\program files\mozilla firefox\protext\microsoft.vc90.crt\msvcm90.dll
2012-09-09 00:25:10 1502208 ----a-w- c:\program files\mozilla firefox\protext\gsv\gsv49w32.exe
2012-09-09 00:25:08 2188288 ----a-w- c:\program files\mozilla firefox\protext\gsv\gsv491w64.exe
2012-09-09 00:25:06 2042368 ----a-w- c:\program files\mozilla firefox\protext\gsv\gsv491w32.exe
2012-09-09 00:25:03 12592939 ----a-w- c:\program files\mozilla firefox\protext\gsv\gs902w64.exe
2012-09-08 08:27:38 -------- d--h--w- C:\.cache
2012-09-08 08:23:09 -------- d-----r- c:\users\russell\MegaCloud
2012-09-08 08:22:37 -------- d-----w- c:\users\russell\appdata\roaming\MegaCloudBackup
2012-09-08 08:20:14 -------- d-----w- c:\users\russell\appdata\roaming\MegaCloud
2012-09-08 08:17:11 -------- d-----w- c:\programdata\Web Installer
2012-09-08 05:51:55 -------- d-----w- c:\users\russell\appdata\roaming\Box Sync
2012-09-08 05:51:31 -------- d-----w- c:\users\russell\appdata\roaming\Box Desktop
2012-09-08 05:41:06 -------- d-----w- c:\program files\Box Sync
2012-09-08 05:27:22 -------- d-----w- c:\users\russell\appdata\local\Box Sync
2012-09-08 01:18:22 -------- d-----w- c:\users\russell\appdata\local\SugarSync
2012-09-08 01:16:45 -------- d-----w- c:\program files\SugarSync
2012-09-07 21:36:25 -------- d-----w- c:\users\russell\appdata\local\Tracker Software
2012-09-07 13:32:03 -------- d-----w- c:\users\russell\docear_workspace
2012-09-07 13:29:01 -------- d-----w- c:\users\russell\appdata\roaming\Docear
2012-09-07 12:44:04 -------- d-----w- c:\program files\Docear
2012-09-07 12:16:13 -------- d-----w- c:\program files\Tracker Software
2012-09-01 19:00:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-30 11:21:11 -------- d-----w- c:\program files\LibreOffice 3.6
.
==================== Find3M ====================
.
2012-09-01 19:38:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-01 19:38:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-01 18:59:57 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-01 18:59:56 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 03:58:36 405152 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-08-21 16:48:32 737280 ----a-w- c:\windows\iun6002.exe
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13:14 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13:14 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 01:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-15 15:58:49 0 ----a-w- c:\windows\system32\sho6E5C.tmp
2012-08-07 18:54:04 0 ----a-w- c:\windows\system32\sho864F.tmp
2012-07-31 20:46:53 0 ----a-w- c:\windows\system32\sho145B.tmp
2012-07-28 09:32:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-28 09:32:23 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-26 02:39:12 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-07-26 02:39:10 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-07-23 07:20:25 0 ----a-w- c:\windows\system32\sho5CFC.tmp
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 00:27:53 2216480 ------w- c:\windows\wweb32.dll
2012-07-06 19:23:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-06 05:34:14 0 ----a-w- c:\windows\system32\shoBAB9.tmp
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
.
============= FINISH: 19:48:53.31 ===============
 
:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR





Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAMCapture.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
 
attached: Malwarebytes txt report file

please advise further -- problem persists

but neither SB not MWB report any problems


ken545 said:
:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR





Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAMCapture.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Click to expand...


Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.04.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Russell :: RUSSELL-HP [administrator]

Protection: Disabled

5/10/2012 5:30:34 p.m.
mbam-log-2012-10-05 (17-30-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207327
Time elapsed: 9 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Last edited by a moderator:
Hi,

No need to post what I have posted and if you can copy and paste the logs asked for into this thread in lew of attaching them


Go into your Programs and Features tab inside the control panel and uninstall any referernce to incredibar.

OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
INCREDIBAR -- OTL.txt file contents

OTL logfile created on: 7/10/2012 8:40:34 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Russell\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1012.30 Mb Total Physical Memory | 93.00 Mb Available Physical Memory | 9.19% Memory free
1.99 Gb Paging File | 0.79 Gb Available in Paging File | 39.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.95 Gb Total Space | 154.78 Gb Free Space | 54.51% Space Free | Partition Type: NTFS
Drive D: | 13.84 Gb Total Space | 1.55 Gb Free Space | 11.18% Space Free | Partition Type: NTFS
Drive E: | 99.00 Mb Total Space | 87.44 Mb Free Space | 88.33% Space Free | Partition Type: FAT32

Computer Name: RUSSELL-HP | User Name: Russell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Russell\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Box Sync\UpdateService.exe (Box, Inc.)
PRC - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Program Files\GFI\GFI BackUp Freeware\GFIFInst.exe (GFI Software Ltd.)
PRC - C:\Program Files\GFI\GFI BackUp Freeware\GFIFSched.exe (GFI Software Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
PRC - C:\Program Files\IDT\WDM\AESTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ae1551d0edae77ab6ccc6b5dc3a90919\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c9bf903caf3cdbad651e4254c8fc78ab\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f489585d6cb29313a05dceac6ee1cde1\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f37a9277a565b368c4358befdce25080\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\6b97ba148f663f114bcbbfae7a2752e9\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7edca5be5fb91df4d5eb66097437f546\mscorlib.ni.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()


========== Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (#UpdateService) -- C:\Program Files\Box Sync\UpdateService.exe (Box, Inc.)
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (BingDesktopUpdate) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (GFIBckFAtt) -- C:\Program Files\GFI\GFI BackUp Freeware\GFIFInst.exe (GFI Software Ltd.)
SRV - (GFIBckFSched) -- C:\Program Files\GFI\GFI BackUp Freeware\GFIFSched.exe (GFI Software Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ThreatFire) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (igddim32) -- C:\Windows\System32\drivers\igddim32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros)
DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros)
DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros)
DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros)
DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros)
DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros)
DRV - (btath_avdt) -- C:\Windows\System32\drivers\btath_avdt.sys (Atheros)
DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (clwvd) -- C:\Windows\System32\drivers\clwvd.sys (CyberLink Corporation)
DRV - (TfSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys (PC Tools)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/116
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ir...DtCtC0EtN0D0TzutBtDtCtBtDyCtCyD&cr=1530279376
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKLM\..\URLSearchHook: {81fae9c9-cfbd-4cb3-8322-412e72f55f65} - No CLSID value found
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{1EB53970-B557-5025-3244-737B4FF514AF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0E0Czy0AyByEyD0EtByCyB0E0DtCtC0EtN0D0TzutBtDtCtBtDyCtCyD&cr=1530279376
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {D0CF9C3B-2C4F-4C99-ACED-3CDF9AEEFF7E} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {D0CF9C3B-2C4F-4C99-ACED-3CDF9AEEFF7E} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.msn.com/?pc=BDT3&ocid=bdtdhp
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/116
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {81fae9c9-cfbd-4cb3-8322-412e72f55f65} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {93a3111f-4f74-4ed8-895e-d9708497629e} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Freecorder 6\tbhelper.dll ()
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes,Backup.Old.DefaultScope = {9655317D-B950-475F-9450-73A32684CFEC}
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{1EB53970-B557-5025-3244-737B4FF514AF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7ITVB_enNZ475
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{4306E828-4997-4C8E-9FE4-9E46CC3276E4}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://au.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: save-as-pdf-ff@pdfcrowd.com:1.5
FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: tabutilslite@ithinc.cn:1.1.5
FF - prefs.js..extensions.enabledAddons: zotero@chnm.gmu.edu:3.0.8
FF - prefs.js..extensions.enabledAddons: zoteroOpenOfficeIntegration@zotero.org:3.5.3
FF - prefs.js..extensions.enabledAddons: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:2.0.6
FF - prefs.js..extensions.enabledAddons: {ada4b710-8346-4b82-8199-5de2b400a6ae}:2.0.1
FF - prefs.js..extensions.enabledAddons: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.7.5
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: {d37dc5d0-431d-44e5-8c91-49419370caa1}:3.1.26
FF - prefs.js..extensions.enabledAddons: zotfile@columbia.edu:2.2.1
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\LibreOffice 3.4\program File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Russell\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Russell\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin [2012/09/28 18:41:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/27 23:47:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 13:34:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/24 19:22:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles/xfb27j5f.default\extensions\superfish@superfish.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files\WordWeb\WCaptureMoz [2012/02/27 19:17:18 | 000,000,000 | ---D | M]

[2012/08/03 07:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Extensions
[2012/10/05 14:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions
[2012/08/26 03:57:18 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/09/18 18:03:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/20 13:35:40 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012/10/03 08:37:27 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\foxmarks@kei.com
[2012/08/03 08:00:26 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\support@lastpass.com
[2012/08/03 07:28:39 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\zotero@chnm.gmu.edu
[2012/08/03 07:45:37 | 000,000,000 | ---D | M] (Zotero LibreOffice Integration) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\zoteroOpenOfficeIntegration@zotero.org
[2012/08/03 08:00:22 | 000,057,194 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\save-as-pdf-ff@pdfcrowd.com.xpi
[2012/08/26 03:57:11 | 000,024,946 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\tabutilslite@ithinc.cn.xpi
[2012/09/26 17:08:59 | 000,406,180 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\zotfile@columbia.edu.xpi
[2012/08/03 08:00:26 | 000,527,037 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi
[2012/09/13 09:10:43 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/08/03 08:00:27 | 000,324,289 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
[2012/08/11 00:32:56 | 000,000,822 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\xpi-details.xsl
[2012/09/09 13:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/09 13:34:36 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/10 15:52:26 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/03 03:09:47 | 000,002,361 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/09/04 11:36:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/15 23:57:58 | 000,001,478 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\emclient_igeared.xml
[2012/09/04 11:36:54 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.co.nz/
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb178/?loc=IB_DS&search={searchTerms}&a=6PQKBEoZ6o&i=26
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.co.nz/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak
CHR - Extension: YouTube = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Proxy SwitchySharp = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\1.9.48_0\
CHR - Extension: SaveFrom.net helper lite = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gekjjfhbnbhfgmnmkocnnfapjpdcpbok\1.47_0\
CHR - Extension: LastPass = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.10_0\
CHR - Extension: No name found = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Search for YouTube Videos = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kabfoagjjgbakjgadhcpoleecfkmhpjm\0.1.0.6_0\
CHR - Extension: Save as PDF = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc\1.6_0\
CHR - Extension: Incredible StartPage - Productive Start Page for Chrome! = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.5.2_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Gmail = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 10:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\Toolbar\WebBrowser: (Freecorder 6) - {6B34ACCF-1B63-4E1A-8633-461917C75544} - C:\Program Files\Freecorder 6\tbcore3.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 10:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/07 09:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012/10/07 01:53:17 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\EMAIL IDs
[2012/10/07 00:21:44 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\MEDITATION -- SELF-COMPASSION
[2012/10/06 11:50:53 | 000,000,000 | ---D | C] -- C:\8e07ef0f1fb298627a7ae926aaec3f
[2012/09/29 20:38:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/09/29 20:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/09/29 20:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/09/28 20:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/09/28 20:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/09/28 20:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/09/28 17:12:52 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Malwarebytes
[2012/09/28 17:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/28 17:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/28 17:12:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/28 17:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/26 21:03:11 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012/09/26 13:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/26 13:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/26 03:15:58 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\CX
[2012/09/26 03:15:11 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CX
[2012/09/26 03:14:37 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\CX
[2012/09/25 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012/09/24 03:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr Smoozles Goes Nutso
[2012/09/24 03:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mr Smoozles Goes Nutso
[2012/09/24 01:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2012/09/24 01:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com
[2012/09/23 19:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/23 19:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/23 19:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/23 19:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/22 12:35:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/22 12:34:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/22 12:34:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/22 12:34:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/22 12:34:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/22 12:34:50 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/22 12:34:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/22 12:34:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/20 22:57:10 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\MSSAT TRUST OTAGO
[2012/09/17 14:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigma Team
[2012/09/17 14:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sigma Team
[2012/09/17 14:07:36 | 000,000,000 | ---D | C] -- C:\Counter-Strike 2D
[2012/09/17 11:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cave Story Deluxe
[2012/09/17 11:57:56 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cave Story Deluxe
[2012/09/17 11:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Cave Story Deluxe
[2012/09/17 03:34:27 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2012/09/17 03:34:25 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2012/09/17 03:34:24 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2012/09/17 03:34:23 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2012/09/17 03:34:22 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2012/09/17 03:34:22 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2012/09/17 03:34:21 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2012/09/17 03:33:54 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2012/09/17 03:33:53 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2012/09/17 03:33:53 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2012/09/17 03:33:52 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2012/09/17 03:33:50 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2012/09/17 03:33:48 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2012/09/17 03:33:47 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2012/09/17 03:33:45 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2012/09/17 03:33:43 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2012/09/16 23:31:22 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Punkbuster
[2012/09/16 23:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Wolfenstein - Enemy Territory
[2012/09/15 16:54:15 | 000,000,000 | -HSD | C] -- C:\found.002
[2012/09/13 21:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/13 21:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/13 21:12:25 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/09/12 17:03:38 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/12 17:03:37 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/12 17:03:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/12 17:03:23 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/12 16:49:35 | 000,000,000 | ---D | C] -- C:\09470b656efc966851db
[2012/09/09 13:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/08 21:27:38 | 000,000,000 | -H-D | C] -- C:\.cache
[2012/09/08 21:23:09 | 000,000,000 | R--D | C] -- C:\Users\Russell\MegaCloud
[2012/09/08 21:22:45 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MegaCloud Backup
[2012/09/08 21:22:37 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\MegaCloudBackup
[2012/09/08 21:20:35 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MegaCloud
[2012/09/08 21:20:14 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\MegaCloud
[2012/09/08 21:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Web Installer
[2012/09/08 18:54:50 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\My Box Files
[2012/09/08 18:51:55 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Box Sync
[2012/09/08 18:51:31 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Box Desktop
[2012/09/08 18:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
[2012/09/08 18:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\Box Sync
[2012/09/08 18:27:22 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Box Sync
[2012/09/08 14:22:01 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\SUGARSYNC
[2012/09/08 14:21:26 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\Magic Briefcase
[2012/09/08 14:18:22 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\SugarSync
[2012/09/08 14:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\SugarSync
[2012/09/08 10:36:25 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Tracker Software
[2012/09/08 02:32:03 | 000,000,000 | ---D | C] -- C:\Users\Russell\docear_workspace
[2012/09/08 02:29:01 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Docear
[2012/09/08 01:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Docear
[2012/09/08 01:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Docear
[2012/09/08 01:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
[2012/09/08 01:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[18 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/07 20:36:08 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 20:36:07 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 20:27:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/07 20:27:19 | 796,102,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/07 18:34:15 | 000,501,657 | ---- | M] () -- C:\Users\Russell\Desktop\Anger and depression.maff
[2012/10/07 18:29:35 | 000,413,469 | ---- | M] () -- C:\Users\Russell\Desktop\Busch 2009 Anger and depression.PDF
[2012/10/07 05:21:28 | 000,053,624 | ---- | M] () -- C:\Users\Russell\Desktop\Spermon 2012 Complex Posttraumatic Stress Disorder -- Voices.maff
[2012/10/06 12:20:39 | 000,153,870 | ---- | M] () -- C:\Users\Russell\Desktop\Most Psychotropic Meds Increase Driving Risk.maff
[2012/10/06 06:02:54 | 000,126,494 | ---- | M] () -- C:\Users\Russell\Desktop\Neuropathy_Treatment.pdf
[2012/10/04 15:28:51 | 000,000,013 | ---- | M] () -- C:\Windows\System32\WinSys32.crc
[2012/10/02 12:01:56 | 000,665,232 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/02 12:01:56 | 000,125,678 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/25 00:07:50 | 000,000,712 | ---- | M] () -- C:\user.js
[2012/09/16 21:47:00 | 000,001,947 | ---- | M] () -- C:\Users\Russell\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2012/09/13 23:52:19 | 000,002,060 | ---- | M] () -- C:\Users\Russell\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/09/08 21:21:48 | 000,001,870 | ---- | M] () -- C:\Users\Russell\Application Data\Microsoft\Internet Explorer\Quick Launch\MegaCloud.lnk
[18 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/07 18:33:43 | 000,501,657 | ---- | C] () -- C:\Users\Russell\Desktop\Anger and depression.maff
[2012/10/07 18:31:32 | 000,413,469 | ---- | C] () -- C:\Users\Russell\Desktop\Busch 2009 Anger and depression.PDF
[2012/10/07 05:21:11 | 000,053,624 | ---- | C] () -- C:\Users\Russell\Desktop\Spermon 2012 Complex Posttraumatic Stress Disorder -- Voices.maff
[2012/10/06 12:20:18 | 000,153,870 | ---- | C] () -- C:\Users\Russell\Desktop\Most Psychotropic Meds Increase Driving Risk.maff
[2012/10/06 06:02:07 | 000,126,494 | ---- | C] () -- C:\Users\Russell\Desktop\Neuropathy_Treatment.pdf
[2012/09/16 23:31:58 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/09/08 21:21:48 | 000,001,870 | ---- | C] () -- C:\Users\Russell\Application Data\Microsoft\Internet Explorer\Quick Launch\MegaCloud.lnk
[2012/09/08 14:18:07 | 000,001,872 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SugarSync Manager.lnk
[2012/08/25 10:31:42 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012/08/24 14:02:51 | 000,001,729 | ---- | C] () -- C:\Users\Russell\AppData\Local\recently-used.xbel
[2012/07/29 19:16:38 | 000,000,061 | ---- | C] () -- C:\ProgramData\DoremisoftSWFSetting.ini
[2012/06/21 06:30:48 | 000,093,696 | ---- | C] () -- C:\Windows\System32\lua5.1a.dll
[2012/06/15 22:34:02 | 000,302,425 | ---- | C] () -- C:\Users\Russell\AppData\Local\funmoods-speeddial.crx
[2012/05/10 00:38:50 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2012/05/08 00:43:43 | 000,001,089 | ---- | C] () -- C:\Users\Russell\Documents - Shortcut.lnk
[2012/05/07 13:48:05 | 000,042,120 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2012/04/20 23:30:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/03/18 22:00:51 | 000,000,000 | ---- | C] () -- C:\Users\Russell\hsqlprefs.dat
[2012/03/14 18:56:02 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2012/03/01 23:57:34 | 000,000,165 | ---- | C] () -- C:\Users\Russell\.gtkrc-2.0
[2012/02/27 19:17:40 | 002,216,480 | ---- | C] () -- C:\Windows\wweb32.dll
[2012/02/23 00:31:43 | 000,011,776 | ---- | C] () -- C:\Users\Russell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 01:44:00 | 000,003,504 | ---- | C] () -- C:\Users\Russell\Financial Accounts.gnucash
[2012/02/14 23:08:04 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/02/05 03:29:28 | 000,000,224 | ---- | C] () -- C:\Users\Russell\.languagetool-ooo.cfg
[2012/02/02 23:23:25 | 000,899,072 | ---- | C] () -- C:\Users\Russell\AppData\Roaming\SharedSettings.ccs
[2011/12/21 22:42:09 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/12/14 11:57:16 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/12/12 03:22:22 | 000,000,101 | ---- | C] () -- C:\Windows\System32\ud-boot-time.ini
[2011/10/22 22:24:58 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin
[2011/09/15 16:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/09/07 09:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/03/29 21:00:00 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/03/25 08:35:18 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/02 23:43:46 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== ZeroAccess Check ==========

[2012/08/11 00:32:56 | 000,000,596 | ---- | M] () -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/14 17:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 17:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 10:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 14:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/04/18 04:27:57 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\.calligra
[2012/05/27 14:48:23 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\.gephi
[2012/07/28 13:06:35 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AnvSoft
[2012/10/05 22:18:16 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Applian FLV and Media Player
[2012/03/06 10:32:13 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Ashampoo
[2012/07/29 05:10:41 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AVCWare
[2012/05/16 14:47:51 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AVG
[2012/02/02 17:21:16 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Blio
[2012/09/08 18:54:50 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Box Desktop
[2012/09/09 23:55:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Box Sync
[2012/02/13 06:07:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\calibre
[2012/08/04 03:21:52 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CBS Interactive
[2012/02/05 15:41:23 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Cocoon Software
[2012/10/04 15:25:35 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CoffeeCup Software
[2012/05/20 17:48:43 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\ColorCop
[2012/09/26 03:15:58 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CX
[2012/02/14 21:15:38 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DAZ 3D
[2012/09/08 02:35:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Docear
[2012/08/04 05:05:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Downloaded Installations
[2012/09/08 18:02:55 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Dropbox
[2012/08/30 02:11:01 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DVDVideoSoft
[2012/08/29 01:34:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/02/04 02:13:30 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\E-Z Contact Book
[2012/06/19 23:12:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Eltima Software
[2012/08/20 00:43:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\eM Client
[2012/03/21 20:03:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\eM Client for SoftMaker
[2012/05/16 02:09:12 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\enchant
[2012/05/27 21:46:26 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\EndNote
[2012/06/25 18:07:07 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FileOpen
[2012/10/03 22:43:26 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FileZilla
[2012/08/04 07:27:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Foxit
[2012/06/16 19:51:33 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Foxit Software
[2012/08/08 06:57:37 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Free Sound Recorder
[2012/02/07 07:27:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FreeCommander
[2012/08/08 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Audio
[2012/08/08 08:47:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Converter
[2012/08/08 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Screen
[2012/08/08 08:48:07 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Video
[2012/02/03 23:44:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FreeFLVConverter
[2012/08/13 07:27:27 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FTPSynchronize
[2012/09/13 23:54:11 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\GlarySoft
[2012/04/29 10:49:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\gtk-2.0
[2012/05/27 15:29:02 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\HistCite
[2012/05/15 13:28:06 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\inkscape
[2012/03/03 23:11:37 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\IObit
[2012/05/17 09:41:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\IrfanView
[2012/05/31 05:01:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\JabRef 2.8
[2012/10/07 02:25:41 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Jarte
[2012/07/28 14:57:39 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\KompoZer
[2012/07/28 15:50:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\kompozer.net
[2012/02/02 17:55:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\LibreOffice
[2012/05/25 03:38:20 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\LyX2.0
[2012/10/06 20:41:35 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\MegaCloud
[2012/09/09 23:20:54 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\MegaCloudBackup
[2012/07/29 07:46:20 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Moyea
[2012/10/07 02:01:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Nitro PDF
[2012/04/18 12:23:41 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\onOne Software
[2012/07/04 08:52:39 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\OpenCandy
[2012/05/19 02:07:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\OpenOffice.org
[2012/07/29 00:35:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Opera
[2012/07/04 08:57:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Paltalk
[2012/05/20 23:08:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\picpick
[2012/02/15 05:43:06 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\postgresql
[2012/05/28 02:01:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Publish or Perish
[2012/02/07 22:06:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Quantisle
[2012/08/04 04:17:17 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RapidTyping
[2012/07/28 14:51:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RecoolTec
[2012/04/17 15:54:04 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RegistryKeys
[2012/08/13 00:55:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RiseFly
[2012/06/25 16:28:27 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Smart PDF Converter Pro
[2012/07/17 13:55:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\SoftGrid Client
[2012/03/21 20:42:01 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\SoftMaker
[2012/02/02 16:41:42 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Synaptics
[2012/08/13 01:43:49 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Sync App Settings
[2012/08/11 00:05:26 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Thunderbird
[2012/03/14 06:42:58 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Titler
[2012/02/02 18:09:58 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\TP
[2012/05/05 19:15:14 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\uTorrent
[2012/07/28 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\VIP Video Converter
[2012/02/03 19:21:42 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Windows Live Writer
[2012/07/28 14:12:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/07/29 05:35:51 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Xilisoft
[2012/02/03 00:55:24 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Zotero
[2012/03/16 15:07:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\ZScreen

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >
 
Extras.txt file contents

OTL Extras logfile created on: 7/10/2012 8:40:34 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Russell\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1012.30 Mb Total Physical Memory | 93.00 Mb Available Physical Memory | 9.19% Memory free
1.99 Gb Paging File | 0.79 Gb Available in Paging File | 39.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.95 Gb Total Space | 154.78 Gb Free Space | 54.51% Space Free | Partition Type: NTFS
Drive D: | 13.84 Gb Total Space | 1.55 Gb Free Space | 11.18% Space Free | Partition Type: NTFS
Drive E: | 99.00 Mb Total Space | 87.44 Mb Free Space | 88.33% Space Free | Partition Type: FAT32

Computer Name: RUSSELL-HP | User Name: Russell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D574239-F5E9-457F-971F-4D6B1A522642}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0DA39A31-D545-4EAB-B163-650570D3526A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1A1AE848-3CAA-4ED0-8363-DDC6C27F1E39}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28351781-E972-4BEE-AAB8-174CF85CC889}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2FA112C4-5E5D-4932-BB63-53E666C2B379}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{5B3EB09F-5045-4915-89E4-EFC76C4F6CEC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{607595E8-8062-4BB1-8086-97FD001DF58D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A37EAB57-E16B-436C-839A-FA3F2157F4EB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7B6F770-0C50-4230-9E9E-2080E55E4F92}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D3C0C5E9-50EA-4D4E-B69E-F5FD79197DB4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDBF0956-3DC6-49C8-90B6-5FAAA3CA2027}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F144D439-194E-42CD-98E5-75B55C3ADD87}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F79E1714-8BA5-4B45-9717-4A532F970489}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FEA7B8D1-EA33-461A-8929-DD92505894E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CF31DF-17D6-4424-BDEC-0545E3B71D20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0B52B059-6361-4854-8F33-982A342E0703}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gnucash.exe |
"{163186A5-406F-4A6C-AAE2-13BF81156039}" = protocol=17 | dir=in | app=c:\users\russell\appdata\roaming\dropbox\bin\dropbox.exe |
"{2ED5C7A1-20D3-47CE-A125-B113CC4E14DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3BD07616-692A-4D64-A3C5-B0EB6CEFBCFC}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe |
"{3C357F8F-F0E7-4045-B53E-4C4BABA4B37F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{471B0CF0-AE6C-4F54-A31C-3BA8A008BA9D}" = protocol=6 | dir=out | app=system |
"{56781A6F-F112-4B02-8398-5A5158C509EA}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{57070553-CCCE-4CB4-BA9B-8BBF382A5686}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E1B1A1A-0573-4AC7-A5E9-D2A763E9AFAE}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{70687391-A921-4D13-9CF9-264B0CDE94C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{761DCD48-FEB4-4846-931F-1087C2734CF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8047008B-E0BE-4571-A33F-4F4FE133EF64}" = protocol=6 | dir=in | app=c:\users\russell\appdata\roaming\dropbox\bin\dropbox.exe |
"{8108117A-7C34-4F1C-A15B-E24C08041DB8}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{82391835-2DCE-44DB-8284-0C4984CF9BFC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{843D8CAD-EF94-4B98-AC3C-B26EFA521C92}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{91C8CF7B-04C9-494A-A9D9-B2BABF0E8138}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A4690E8-C5CD-4598-A687-440A54DE8EFF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AFCD5E69-AE8D-40CF-BFA2-79197EF57C3D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AFE69B11-E07F-44B9-B6F2-6987F71AFF27}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B3C21527-D811-4C5B-9CD3-F1580D658C24}" = protocol=6 | dir=in | app=c:\users\russell\appdata\local\microsoft\skydrive\skydrive.exe |
"{BB1E92D2-2ADB-428C-997B-1E121A32BAC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C770CAD6-9FD6-4622-AD95-526EF2FC990B}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gnucash.exe |
"{D07DA48C-F372-435D-B872-3FFDB06DEC7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D539B881-AC1C-4742-8558-B8E9C95DD5CD}" = protocol=17 | dir=in | app=c:\users\russell\appdata\local\microsoft\skydrive\skydrive.exe |
"{E25EC379-236A-4296-A3E1-21B0AA82990E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ECBDBDC1-7A36-4E99-859F-1BD66E4F211F}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe |
"{FD9B1DB8-CA11-4815-81F8-A0C1DD1B9D0A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1C637BAE-A69E-4DCD-8E70-4317BC7D3396}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{341FD0DB-3033-4335-98AB-AA5CF62863F5}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{3812CB32-29B2-4354-BE55-D13F95BB18E6}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{499C5504-6C36-44F0-BB25-CF4CC5AF6E42}C:\users\russell\appdata\local\aptana studio 3\aptanastudio3.exe" = protocol=6 | dir=in | app=c:\users\russell\appdata\local\aptana studio 3\aptanastudio3.exe |
"TCP Query User{64F54C13-CB19-4584-A583-DF62F6E4DD79}C:\users\russell\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\russell\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{79212712-319F-46D8-BFD2-1FB1DF50078A}C:\program files\daz 3d\brycelightning7\lightning.exe" = protocol=6 | dir=in | app=c:\program files\daz 3d\brycelightning7\lightning.exe |
"TCP Query User{8828BF10-0FCC-4E75-ADAA-273C4D47D443}C:\program files\coffeecup software\direct ftp\directftp.exe" = protocol=6 | dir=in | app=c:\program files\coffeecup software\direct ftp\directftp.exe |
"TCP Query User{8CED79F7-B956-43D1-8792-2637CE279001}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{B76AEEE5-7007-4264-A786-B79F35A4C6B9}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{C2155265-7429-466F-92C4-AEACA4029572}C:\program files\onone software\perfect effects free\perfecteffects.exe" = protocol=6 | dir=in | app=c:\program files\onone software\perfect effects free\perfecteffects.exe |
"TCP Query User{CA01DA1C-4D5C-4B2A-9780-8F433B28E82C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{DCD8D1FB-171A-4480-B6C0-A82E867F0380}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{E186ADD0-77B3-45E5-9D79-41D6A7A8AF96}C:\users\russell\appdata\local\aptana studio 3\aptanastudio3.exe" = protocol=6 | dir=in | app=c:\users\russell\appdata\local\aptana studio 3\aptanastudio3.exe |
"UDP Query User{0DF3BE3A-F4A4-4EB0-84ED-81FABE2EA08F}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{2680ED4C-EFE5-4FAB-BACD-B08EA18EBF0B}C:\program files\onone software\perfect effects free\perfecteffects.exe" = protocol=17 | dir=in | app=c:\program files\onone software\perfect effects free\perfecteffects.exe |
"UDP Query User{29CCA711-6FAB-43CF-B3B3-1813B91EF9A8}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{39BAA35A-3EF5-4F8B-B221-E6633E7C2AE3}C:\program files\coffeecup software\direct ftp\directftp.exe" = protocol=17 | dir=in | app=c:\program files\coffeecup software\direct ftp\directftp.exe |
"UDP Query User{40576483-9AB5-4436-B9CE-D8A1EF2B0AF6}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{4A343C0D-02B7-422D-8D91-5471C782E742}C:\program files\daz 3d\brycelightning7\lightning.exe" = protocol=17 | dir=in | app=c:\program files\daz 3d\brycelightning7\lightning.exe |
"UDP Query User{556DA3DC-9F6C-4B18-A05F-8A24C509498D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{7CFC5DC9-FBEF-46C8-85AF-CB0D68ECC333}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{8036DA6D-D8EE-4EA6-B815-3E5F7196AC26}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{970C2F08-87BA-4606-8BCE-6C6DCEE341E3}C:\users\russell\appdata\local\aptana studio 3\aptanastudio3.exe" = protocol=17 | dir=in | app=c:\users\russell\appdata\local\aptana studio 3\aptanastudio3.exe |
"UDP Query User{C2DC9C7A-8D9F-415F-AA14-26B16893326A}C:\users\russell\appdata\local\aptana studio 3\aptanastudio3.exe" = protocol=17 | dir=in | app=c:\users\russell\appdata\local\aptana studio 3\aptanastudio3.exe |
"UDP Query User{CAD3DDD8-3D9F-40A5-863E-AC9634F410C2}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{DF8AE8FA-F6B2-4B58-89F9-5BB07A042E85}C:\users\russell\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\russell\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Atheros Bluetooth Suite
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B90DADD-3136-45C9-B913-1DAEBDE8A585}" = Nitro Reader 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2300A0B6-11F7-4CB9-811F-055919BF5D59}" = LibreOffice 3.6 Help Pack (English)
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DB8743E-A513-4AE5-A617-BD42D0653969}" = HP Launch Box
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{30C7F6E8-D7DF-4162-BFE0-72796148D589}_is1" = Moyea SWF to MPEG Converter version 4.0.0.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC3AD66-3B4C-4122-805F-C03E8A680583}" = HP Security Assistant
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62A211E4-CE6F-4EEB-AACC-7EF75335413F}_is1" = Mr Smoozles Goes Nutso version 1.6
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66209054-3985-4125-B0CB-C69F75D2F0D9}" = Amazon Cloud Drive
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}" = Microsoft Small Basic v1.0
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85DE30D0-AEC8-4799-A56A-14267C421A76}" = CoffeeCup Web Form Builder Lite
"{860C8A24-AA98-476C-90D3-5046C0787987}" = HP Documentation
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88741A14-4C9D-469F-BA36-8FDF6037BB68}" = CoffeeCup Direct FTP
"{89C0BD38-4496-4721-9381-2BE0F2AC80F6}" = GI Contact Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC9F4D8-D938-412B-B67D-A28FA7BDB8AA}" = Jing
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED5BF38-B9BF-4F2D-AF42-9037574A254F}_is1" = Moyea Free Flash Downloader version 1.3.0.0
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99AF0582-482B-4E5E-BB11-675354BF5E77}_is1" = Qiqqa
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}" = Bing Bar
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B3EBF7DE-2A5B-4E10-9438-931EE6B22C05}" = eM Client
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5BF7B43-E13D-4A76-9F8F-E933817131EC}" = calibre
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B8D92680-34AC-4B76-8D95-7E95B11B5121}" = Perfect Effects 3 Free
"{BCE2B68D-8543-4ED6-8BF8-DB125A11A929}" = ESU for Microsoft Windows 7 SP1
"{BEF91C17-A5F9-4CF6-9624-873542421EC7}_is1" = Resource Scheduler version 1.1
"{C2F438B6-7010-453B-93EC-B2FC053AA97B}" = LibreOffice 3.6
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDE1F7BF-9B4B-44AB-9788-A9EBF9453F13}" = Harzing's Publish or Perish 3.6.4520
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3ECCDC8-B7ED-4BFA-BAEB-9778E3804FA2}" = Box Sync
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE718DF0-3874-4873-9BC3-3A94944C916E}_is1" = Wondershare PDF to Word (Build 3.6.0)
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF9DAE00-F582-42F6-9537-B5F1F6858AE1}" = HP Software Framework
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EACCC042-848D-4166-9D97-B13D1D108722}" = Google Drive
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0222-0618-0114-4896" = Review Manager 5.1.7
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Allway Sync_is1" = Allway Sync version 12.2.3
"Amaya" = Amaya
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"Aptana Studio 3" = Aptana Studio 3
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v10.0.15
"Ask Toolbar_is1" = Foxit Toolbar
"Audacity_is1" = Audacity 2.0
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Bryce Lightning 7.0 7.1.0.109" = Bryce Lightning 7.0
"Cave Story Deluxe" = Cave Story Deluxe
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Docear" = Docear
"ERUNT_is1" = ERUNT 1.1j
"eSpeak_is1" = eSpeak version 1.46.02
"FileZilla Client" = FileZilla Client 3.5.3
"Foxit Reader_is1" = Foxit Reader
"Free CSS Toolbox_is1" = Free CSS Toolbox 1.2
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Free HTML5 Video Player and Converter_is1" = Free HTML5 Video Player and Converter version 5.0.17.824
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.26.825
"Free Video Dub_is1" = Free Video Dub version 2.0.14.825
"Free YouTube Download_is1" = Free YouTube Download version 3.1.34.825
"FreeCommander_is1" = FreeCommander 2009.02b
"Freecorder 6" = Freecorder 6
"Freecorder 6 Add-on for Firefox" = Freecorder 6 Add-on for Firefox
"Freecorder 6 Applications" = Freecorder 6 Applications (6.0.0.40)
"Freecorder_1.0" = Freecorder 2.3 (with Skype Call Recording)
"GFI BackUp Freeware" = GFI BackUp Freeware
"GIMP-2_is1" = GIMP 2.8.2
"GnuCash_is1" = GnuCash 2.4.11
"HTMLKit_is1" = HTML-Kit 292
"HyperCam 2" = HyperCam 2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"IrfanView" = IrfanView (remove only)
"Jarte_is1" = Jarte 4.5
"Kiran's Typing Tutor_is1" = Kiran's Typing Tutor 1.0
"LimeSurvey on XAMPP_is1" = LimeSurvey v1.92 on XAMPP
"Lynx_is1" = Lynx 2.8.7rel.1
"LyX20" = LyX 2.0.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mendeley Desktop" = Mendeley Desktop 1.5.2
"MicrOsiris_is1" = MicrOsiris 17.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"Mozilla Thunderbird 15.0.1 (x86 en-US)" = Mozilla Thunderbird 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PalTalk8.2" = Paltalk Messenger
"PhotoStage" = PhotoStage Slideshow Producer
"RapidTyping" = RapidTyping
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SMRecorder" = SMRecorder 1.2.4
"Stamina" = Stamina 2.5
"SugarSync" = SugarSync Manager
"SynTPDeinstKey" = Synaptics TouchPad Driver
"Theseus - Return of the Hero_is1" = Theseus - Return of the Hero v 1.2
"Tyrian 2000_is1" = Tyrian 2000
"UltraDefrag" = Ultra Defragmenter
"VideoDownloadConverter_4zbar Uninstall" = VideoDownloadConverter Toolbar
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.0.3
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WordWeb" = WordWeb
"WTA-176614f2-9295-4f2a-91de-ae797e8ad6a8" = Insaniquarium Deluxe
"Zotero Standalone 3.0.8 (x86 en-US)" = Zotero Standalone 3.0.8 (x86 en-US)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"14d4807920ca8445" = TableMaker for Psychological Evaluation Reports
"2D857E8472D5CE6389E3ABD8FDE97BC8130D96A3" = Atheros Outlook Addin 2010
"CNET TechTracker" = CNET TechTracker
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"CX" = CX
"Dropbox" = Dropbox
"Gnumeric" = Gnumeric Spreadsheet 1.10.16-20110616
"Google Chrome" = Google Chrome
"MegaCloud" = MegaCloud
"QUICKMEDIACONVERTER" = Quick Media Converter
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/10/2012 2:26:23 p.m. | Computer Name = Russell-HP | Source = WinMgmt | ID = 10
Description =

Error - 6/10/2012 2:26:31 p.m. | Computer Name = Russell-HP | Source = CVHSVC | ID = 100
Description = Information only. The action cannot be completed. Try the action again.
If the problem continues, contact Microsoft Product Support.

Error - 6/10/2012 2:38:28 p.m. | Computer Name = Russell-HP | Source = WinMgmt | ID = 10
Description =

Error - 6/10/2012 2:42:11 p.m. | Computer Name = Russell-HP | Source = WinMgmt | ID = 10
Description =

Error - 6/10/2012 2:50:26 p.m. | Computer Name = Russell-HP | Source = VSS | ID = 8193
Description =

Error - 6/10/2012 3:20:51 p.m. | Computer Name = Russell-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/10/2012 3:20:52 p.m. | Computer Name = Russell-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 135908

Error - 6/10/2012 3:20:52 p.m. | Computer Name = Russell-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 135908

Error - 7/10/2012 2:00:25 a.m. | Computer Name = Russell-HP | Source = Windows Backup | ID = 4103
Description =

Error - 7/10/2012 3:28:09 a.m. | Computer Name = Russell-HP | Source = WinMgmt | ID = 10
Description =

[ Hewlett-Packard Events ]
Error - 8/06/2012 12:55:51 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 8/06/2012 12:59:47 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 8/06/2012 1:00:35 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 8/06/2012 1:03:02 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 8/06/2012 1:03:52 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 8/06/2012 1:11:27 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 8/06/2012 1:13:49 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 8/06/2012 1:14:29 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 8/06/2012 1:14:45 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 8/06/2012 1:19:32 a.m. | Computer Name = Russell-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Connection Manager Events ]
Error - 4/02/2012 2:33:55 a.m. | Computer Name = Russell-HP | Source = hpMobile | ID = 5
Description = 2012/02/04 19:33:55.260|0000137C|Error |[HP.Mobile]Wimax::.ctor{}|Retrieving
the COM class factory for component with CLSID {DCF1FC65-DA3B-404B-B4CC-BF8669E4947C}
failed due to the following error: 80040154.

Error - 4/02/2012 2:33:55 a.m. | Computer Name = Russell-HP | Source = hpMobile | ID = 5
Description = 2012/02/04 19:33:55.260|0000137C|Error |[HP.Mobile]DeviceException::ShowError{void(HP.Mobile.Devices.Device,System.Exception)}|WiMAX:
The device returned an error (Retrieving the COM class factory for component with
CLSID {DCF1FC65-DA3B-404B-B4CC-BF8669E4947C} failed due to the following error:
80040154.)

Error - 4/02/2012 2:33:55 a.m. | Computer Name = Russell-HP | Source = hpMobile | ID = 5
Description = 2012/02/04 19:33:55.275|0000137C|Error |[HP.Mobile]Wlan::.ctor{}|Retrieving
the COM class factory for component with CLSID {000098D5-6857-477B-B1D2-8B04CD9EB234}
failed due to the following error: 80040154.

Error - 4/02/2012 2:33:55 a.m. | Computer Name = Russell-HP | Source = hpMobile | ID = 5
Description = 2012/02/04 19:33:55.291|0000137C|Error |[HP.Mobile]DeviceException::ShowError{void(HP.Mobile.Devices.Device,System.Exception)}|Wi-Fi
(Wireless LAN): The device returned an error (Retrieving the COM class factory
for component with CLSID {000098D5-6857-477B-B1D2-8B04CD9EB234} failed due to the
following error: 80040154.)

Error - 4/02/2012 2:33:55 a.m. | Computer Name = Russell-HP | Source = hpMobile | ID = 5
Description = 2012/02/04 19:33:55.307|0000137C|Error |[HP.Mobile]Bluetooth::.ctor{}|Retrieving
the COM class factory for component with CLSID {2A8DDB1F-EE72-4FB7-A2F8-7B1530D94850}
failed due to the following error: 80040154.

Error - 4/02/2012 2:33:55 a.m. | Computer Name = Russell-HP | Source = hpMobile | ID = 5
Description = 2012/02/04 19:33:55.307|0000137C|Error |[HP.Mobile]DeviceException::ShowError{void(HP.Mobile.Devices.Device,System.Exception)}|Bluetooth®:
The device returned an error (Retrieving the COM class factory for component with
CLSID {2A8DDB1F-EE72-4FB7-A2F8-7B1530D94850} failed due to the following error:
80040154.)

Error - 4/02/2012 2:39:20 a.m. | Computer Name = Russell-HP | Source = HPConnectionManager | ID = 5
Description = 2012/02/04 19:39:20.175|00000E34|Error |App::ExitIfServiceIsNotInstalled{void()}|Application
is exiting because the service is not installed

Error - 4/02/2012 10:10:15 a.m. | Computer Name = Russell-HP | Source = HPConnectionManager | ID = 5
Description = 2012/02/05 03:10:15.948|0000155C|Error |App::ExitIfServiceIsNotInstalled{void()}|Application
is exiting because the service is not installed

Error - 4/02/2012 12:48:45 p.m. | Computer Name = Russell-HP | Source = HPConnectionManager | ID = 5
Description = 2012/02/05 05:48:45.791|0000134C|Error |App::ExitIfServiceIsNotInstalled{void()}|Application
is exiting because the service is not installed

Error - 4/02/2012 11:27:43 p.m. | Computer Name = Russell-HP | Source = HPConnectionManager | ID = 5
Description = 2012/02/05 16:27:43.256|000010A8|Error |App::ExitIfServiceIsNotInstalled{void()}|Application
is exiting because the service is not installed

[ HP Software Framework Events ]
Error - 8/01/2012 12:33:09 a.m. | Computer Name = GR961DHE5I9FE | Source = CaslWmi | ID = 5
Description = 2012/01/07 20:33:09.220|00000FB0|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

[ System Events ]
Error - 7/10/2012 3:28:58 a.m. | Computer Name = Russell-HP | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 7/10/2012 3:28:58 a.m. | Computer Name = Russell-HP | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 7/10/2012 3:28:58 a.m. | Computer Name = Russell-HP | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 7/10/2012 3:42:41 a.m. | Computer Name = Russell-HP | Source = PNRPSvc | ID = 102
Description =

Error - 7/10/2012 3:42:42 a.m. | Computer Name = Russell-HP | Source = PNRPSvc | ID = 102
Description =

Error - 7/10/2012 3:42:41 a.m. | Computer Name = Russell-HP | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 7/10/2012 3:42:41 a.m. | Computer Name = Russell-HP | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 7/10/2012 3:42:42 a.m. | Computer Name = Russell-HP | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 7/10/2012 3:42:42 a.m. | Computer Name = Russell-HP | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 7/10/2012 4:12:29 a.m. | Computer Name = Russell-HP | Source = BROWSER | ID = 8032
Description =


< End of report >
 
Hi,

Tracker Software <--Is this something you installed and know about ?

Was incredibar in your lists of Programs and Features ?

Is this a company computer ?
 
did not knowingly install Tracker Software (until it's something CNET installed to track updates of other software I've installed - can't remember name of that software)

tried to uninstall Incredibar -- did so with CCleaner but now

despite checks with CCleaner, Advanced System Care, SB, MalwareBytes, it's not showing up as an installed program, but my Firefox newtab button keeps on bringing it up "MyStart Incredibar ..." etc --- see attached screen capture -- not showing but there's an advertisement that appears in the lower portion of the screen -- in this case for a US Green Card -- obviously it checks what country the user is in -- I'm in New Zealand


this is NOT a company computer -- despite the occasional computer designation Russell-HP if you see that -- but it is an HP model computer

but thanks for all the attention -- Incredibar is sure a problem these days -- given how much internet discussion there is of it
 
Hi,

Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iro...&cr=1530279376
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKLM\..\URLSearchHook: {81fae9c9-cfbd-4cb3-8322-412e72f55f65} - No CLSID value found
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0E0Czy0AyByEyD0EtByCyB0E0DtCtC0EtN0D0TzutBtDtCtBtDyCtCyD&cr=1530279376
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {81fae9c9-cfbd-4cb3-8322-412e72f55f65} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {93a3111f-4f74-4ed8-895e-d9708497629e} - No CLSID value found
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Freecorder 6\tbhelper.dll ()
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes,Backup.Old.DefaultScope = {9655317D-B950-475F-9450-73A32684CFEC}
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb178/?loc=IB_DS&search={searchTerms}&a=6PQKBEoZ6o&i=26
[2012/06/15 22:34:02 | 000,302,425 | ---- | C] () -- C:\Users\Russell\AppData\Local\funmoods-speeddial.crx


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces
  • Then run a new scan and post a new log please
 
for now -- just the log of the initial log of "run fix' -- problem persists

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{81fae9c9-cfbd-4cb3-8322-412e72f55f65} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81fae9c9-cfbd-4cb3-8322-412e72f55f65}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_USERS\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
Registry value HKEY_USERS\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Registry value HKEY_USERS\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81fae9c9-cfbd-4cb3-8322-412e72f55f65} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81fae9c9-cfbd-4cb3-8322-412e72f55f65}\ not found.
Registry value HKEY_USERS\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry value HKEY_USERS\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CA3EB689-8F09-4026-AA10-B9534C691CE0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ deleted successfully.
C:\Program Files\Freecorder 6\tbhelper.dll moved successfully.
HKEY_USERS\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
C:\Users\Russell\AppData\Local\funmoods-speeddial.crx moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Russell\Downloads\OTL\cmd.bat deleted successfully.
C:\Users\Russell\Downloads\OTL\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Russell
->Temp folder emptied: 8390443 bytes
->Temporary Internet Files folder emptied: 1883352 bytes
->Java cache emptied: 66961966 bytes
->FireFox cache emptied: 123947210 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 4265 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1109830 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 371860352 bytes

Total Files Cleaned = 548.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10092012_022310

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.




Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Firefox::


Code: 
Firefox::
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQKBEoZ6o&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 4e18d11e0000000000002eb70d3f194a
FF - user.js: extensions.incredibar_i.instlDay - 15607
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:07:47
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQKBEoZ6o
FF - user.js: extensions.incredibar_i.upn2n - 92543635926693664
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif



This will start ComboFix . After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
 
Last edited:
sorry, "suspended" responding yesterday due to late hour of working -- please don't respond until after I've finished running the programs but to keep you up to date here's output of otl.txt --- no extras.txt this time?
wish I knew what I was doing -- now I'll download combo fix
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

OTL logfile created on: 9/10/2012 2:40:02 a.m. - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Russell\Downloads\OTL
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1012.30 Mb Total Physical Memory | 284.09 Mb Available Physical Memory | 28.06% Memory free
1.99 Gb Paging File | 0.77 Gb Available in Paging File | 38.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.95 Gb Total Space | 154.33 Gb Free Space | 54.35% Space Free | Partition Type: NTFS
Drive D: | 13.84 Gb Total Space | 1.55 Gb Free Space | 11.18% Space Free | Partition Type: NTFS
Drive E: | 99.00 Mb Total Space | 87.44 Mb Free Space | 88.33% Space Free | Partition Type: FAT32

Computer Name: RUSSELL-HP | User Name: Russell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Russell\Downloads\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Box Sync\UpdateService.exe (Box, Inc.)
PRC - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Program Files\GFI\GFI BackUp Freeware\GFIFInst.exe (GFI Software Ltd.)
PRC - C:\Program Files\GFI\GFI BackUp Freeware\GFIFSched.exe (GFI Software Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
PRC - C:\Program Files\IDT\WDM\AESTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f489585d6cb29313a05dceac6ee1cde1\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f37a9277a565b368c4358befdce25080\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\6b97ba148f663f114bcbbfae7a2752e9\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7edca5be5fb91df4d5eb66097437f546\mscorlib.ni.dll ()


========== Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (#UpdateService) -- C:\Program Files\Box Sync\UpdateService.exe (Box, Inc.)
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (BingDesktopUpdate) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (GFIBckFAtt) -- C:\Program Files\GFI\GFI BackUp Freeware\GFIFInst.exe (GFI Software Ltd.)
SRV - (GFIBckFSched) -- C:\Program Files\GFI\GFI BackUp Freeware\GFIFSched.exe (GFI Software Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ThreatFire) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (igddim32) -- C:\Windows\System32\drivers\igddim32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros)
DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros)
DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros)
DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros)
DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros)
DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros)
DRV - (btath_avdt) -- C:\Windows\System32\drivers\btath_avdt.sys (Atheros)
DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (clwvd) -- C:\Windows\System32\drivers\clwvd.sys (CyberLink Corporation)
DRV - (TfSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys (PC Tools)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/116
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{1EB53970-B557-5025-3244-737B4FF514AF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {D0CF9C3B-2C4F-4C99-ACED-3CDF9AEEFF7E} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {D0CF9C3B-2C4F-4C99-ACED-3CDF9AEEFF7E} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.msn.com/?pc=BDT3&ocid=bdtdhp
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/116
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes,Backup.Old.DefaultScope = {9655317D-B950-475F-9450-73A32684CFEC}
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{1EB53970-B557-5025-3244-737B4FF514AF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7ITVB_enNZ475
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{4306E828-4997-4C8E-9FE4-9E46CC3276E4}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://au.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: save-as-pdf-ff@pdfcrowd.com:1.5
FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: tabutilslite@ithinc.cn:1.1.5
FF - prefs.js..extensions.enabledAddons: zotero@chnm.gmu.edu:3.0.8
FF - prefs.js..extensions.enabledAddons: zoteroOpenOfficeIntegration@zotero.org:3.5.3
FF - prefs.js..extensions.enabledAddons: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:2.0.6
FF - prefs.js..extensions.enabledAddons: {ada4b710-8346-4b82-8199-5de2b400a6ae}:2.0.1
FF - prefs.js..extensions.enabledAddons: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.7.5
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: {d37dc5d0-431d-44e5-8c91-49419370caa1}:3.1.26
FF - prefs.js..extensions.enabledAddons: zotfile@columbia.edu:2.2.1
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\LibreOffice 3.4\program File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Russell\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Russell\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin [2012/09/28 18:41:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/27 23:47:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 13:34:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/24 19:22:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles/xfb27j5f.default\extensions\superfish@superfish.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files\WordWeb\WCaptureMoz [2012/02/27 19:17:18 | 000,000,000 | ---D | M]

[2012/08/03 07:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Extensions
[2012/10/05 14:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions
[2012/08/26 03:57:18 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/09/18 18:03:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/20 13:35:40 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012/10/03 08:37:27 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\foxmarks@kei.com
[2012/08/03 08:00:26 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\support@lastpass.com
[2012/08/03 07:28:39 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\zotero@chnm.gmu.edu
[2012/08/03 07:45:37 | 000,000,000 | ---D | M] (Zotero LibreOffice Integration) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\zoteroOpenOfficeIntegration@zotero.org
[2012/08/03 08:00:22 | 000,057,194 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\save-as-pdf-ff@pdfcrowd.com.xpi
[2012/08/26 03:57:11 | 000,024,946 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\tabutilslite@ithinc.cn.xpi
[2012/09/26 17:08:59 | 000,406,180 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\zotfile@columbia.edu.xpi
[2012/08/03 08:00:26 | 000,527,037 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi
[2012/09/13 09:10:43 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/08/03 08:00:27 | 000,324,289 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
[2012/08/11 00:32:56 | 000,000,822 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\xpi-details.xsl
[2012/09/09 13:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/09 13:34:36 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/10 15:52:26 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/03 03:09:47 | 000,002,361 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/09/04 11:36:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/15 23:57:58 | 000,001,478 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\emclient_igeared.xml
[2012/09/04 11:36:54 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.co.nz/
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb178/?loc=IB_DS&search={searchTerms}&a=6PQKBEoZ6o&i=26
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.co.nz/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak
CHR - Extension: YouTube = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Proxy SwitchySharp = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\1.9.48_0\
CHR - Extension: SaveFrom.net helper lite = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gekjjfhbnbhfgmnmkocnnfapjpdcpbok\1.47_0\
CHR - Extension: LastPass = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.10_0\
CHR - Extension: No name found = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Search for YouTube Videos = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kabfoagjjgbakjgadhcpoleecfkmhpjm\0.1.0.6_0\
CHR - Extension: Save as PDF = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc\1.6_0\
CHR - Extension: Incredible StartPage - Productive Start Page for Chrome! = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.5.2_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Gmail = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/09 02:24:09 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\Toolbar\WebBrowser: (Freecorder 6) - {6B34ACCF-1B63-4E1A-8633-461917C75544} - C:\Program Files\Freecorder 6\tbcore3.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 10:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/09 02:23:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/08 20:13:14 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\GAD
[2012/10/07 09:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012/10/07 01:53:17 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\EMAIL IDs
[2012/10/07 00:21:44 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\MEDITATION -- SELF-COMPASSION
[2012/10/06 11:50:53 | 000,000,000 | ---D | C] -- C:\8e07ef0f1fb298627a7ae926aaec3f
[2012/09/29 20:38:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/09/29 20:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/09/29 20:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/09/28 20:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/09/28 20:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/09/28 20:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/09/28 17:12:52 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Malwarebytes
[2012/09/28 17:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/28 17:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/28 17:12:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/28 17:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/26 21:03:11 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012/09/26 13:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/26 13:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/26 03:15:58 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\CX
[2012/09/26 03:15:11 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CX
[2012/09/26 03:14:37 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\CX
[2012/09/25 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012/09/24 03:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr Smoozles Goes Nutso
[2012/09/24 03:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mr Smoozles Goes Nutso
[2012/09/24 01:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2012/09/24 01:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com
[2012/09/23 19:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/23 19:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/23 19:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/23 19:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/22 12:35:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/22 12:34:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/22 12:34:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/22 12:34:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/22 12:34:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/22 12:34:50 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/22 12:34:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/22 12:34:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/20 22:57:10 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\MSSAT TRUST OTAGO
[2012/09/17 14:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigma Team
[2012/09/17 14:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sigma Team
[2012/09/17 14:07:36 | 000,000,000 | ---D | C] -- C:\Counter-Strike 2D
[2012/09/17 11:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cave Story Deluxe
[2012/09/17 11:57:56 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cave Story Deluxe
[2012/09/17 11:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Cave Story Deluxe
[2012/09/17 03:34:27 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2012/09/17 03:34:25 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2012/09/17 03:34:24 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2012/09/17 03:34:23 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2012/09/17 03:34:22 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2012/09/17 03:34:22 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2012/09/17 03:34:21 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2012/09/17 03:33:54 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2012/09/17 03:33:53 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2012/09/17 03:33:53 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2012/09/17 03:33:52 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2012/09/17 03:33:50 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2012/09/17 03:33:48 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2012/09/17 03:33:47 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2012/09/17 03:33:45 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2012/09/17 03:33:43 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2012/09/16 23:31:22 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Punkbuster
[2012/09/16 23:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Wolfenstein - Enemy Territory
[2012/09/15 16:54:15 | 000,000,000 | -HSD | C] -- C:\found.002
[2012/09/13 21:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/13 21:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/13 21:12:25 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/09/12 17:03:38 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/12 17:03:37 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/12 17:03:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/12 17:03:23 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/12 16:49:35 | 000,000,000 | ---D | C] -- C:\09470b656efc966851db
[2012/09/09 13:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/09 02:35:29 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/09 02:35:29 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/09 02:27:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/09 02:27:21 | 796,102,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/09 02:24:09 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/10/08 23:06:26 | 000,408,820 | ---- | M] () -- C:\Users\Russell\Desktop\(2) acceptance and commitment therapy — Facebook search.maff
[2012/10/08 22:56:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/10/08 14:52:58 | 008,067,631 | ---- | M] () -- C:\Users\Russell\Desktop\At_the_Heart_of_Intimacy_Susan_Johnson.flv
[2012/10/07 22:17:17 | 000,071,313 | ---- | M] () -- C:\Users\Russell\Desktop\Storied Mind Newsletter The Anger in Depression.maff
[2012/10/06 12:20:39 | 000,153,870 | ---- | M] () -- C:\Users\Russell\Desktop\Most Psychotropic Meds Increase Driving Risk.maff
[2012/10/06 06:02:54 | 000,126,494 | ---- | M] () -- C:\Users\Russell\Desktop\Neuropathy_Treatment.pdf
[2012/10/04 15:28:51 | 000,000,013 | ---- | M] () -- C:\Windows\System32\WinSys32.crc
[2012/10/02 12:01:56 | 000,665,232 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/02 12:01:56 | 000,125,678 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/25 00:07:50 | 000,000,712 | ---- | M] () -- C:\user.js
[2012/09/16 21:47:00 | 000,001,947 | ---- | M] () -- C:\Users\Russell\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2012/09/13 23:52:19 | 000,002,060 | ---- | M] () -- C:\Users\Russell\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk

========== Files Created - No Company Name ==========

[2012/10/08 23:06:07 | 000,408,820 | ---- | C] () -- C:\Users\Russell\Desktop\(2) acceptance and commitment therapy — Facebook search.maff
[2012/10/08 14:50:56 | 008,067,631 | ---- | C] () -- C:\Users\Russell\Desktop\At_the_Heart_of_Intimacy_Susan_Johnson.flv
[2012/10/07 22:16:51 | 000,071,313 | ---- | C] () -- C:\Users\Russell\Desktop\Storied Mind Newsletter The Anger in Depression.maff
[2012/10/06 12:20:18 | 000,153,870 | ---- | C] () -- C:\Users\Russell\Desktop\Most Psychotropic Meds Increase Driving Risk.maff
[2012/10/06 06:02:07 | 000,126,494 | ---- | C] () -- C:\Users\Russell\Desktop\Neuropathy_Treatment.pdf
[2012/09/16 23:31:58 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/08/25 10:31:42 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012/08/24 14:02:51 | 000,001,729 | ---- | C] () -- C:\Users\Russell\AppData\Local\recently-used.xbel
[2012/07/29 19:16:38 | 000,000,061 | ---- | C] () -- C:\ProgramData\DoremisoftSWFSetting.ini
[2012/06/21 06:30:48 | 000,093,696 | ---- | C] () -- C:\Windows\System32\lua5.1a.dll
[2012/05/10 00:38:50 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2012/05/08 00:43:43 | 000,001,089 | ---- | C] () -- C:\Users\Russell\Documents - Shortcut.lnk
[2012/05/07 13:48:05 | 000,042,120 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2012/04/20 23:30:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/03/18 22:00:51 | 000,000,000 | ---- | C] () -- C:\Users\Russell\hsqlprefs.dat
[2012/03/14 18:56:02 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2012/03/01 23:57:34 | 000,000,165 | ---- | C] () -- C:\Users\Russell\.gtkrc-2.0
[2012/02/27 19:17:40 | 002,216,480 | ---- | C] () -- C:\Windows\wweb32.dll
[2012/02/23 00:31:43 | 000,011,776 | ---- | C] () -- C:\Users\Russell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 01:44:00 | 000,003,504 | ---- | C] () -- C:\Users\Russell\Financial Accounts.gnucash
[2012/02/14 23:08:04 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/02/05 03:29:28 | 000,000,224 | ---- | C] () -- C:\Users\Russell\.languagetool-ooo.cfg
[2012/02/02 23:23:25 | 000,899,072 | ---- | C] () -- C:\Users\Russell\AppData\Roaming\SharedSettings.ccs
[2011/12/21 22:42:09 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/12/14 11:57:16 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/12/12 03:22:22 | 000,000,101 | ---- | C] () -- C:\Windows\System32\ud-boot-time.ini
[2011/10/22 22:24:58 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin
[2011/09/15 16:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/09/07 09:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/03/29 21:00:00 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/03/25 08:35:18 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/02 23:43:46 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== ZeroAccess Check ==========

[2012/08/11 00:32:56 | 000,000,596 | ---- | M] () -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/14 17:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 17:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 10:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 14:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/04/18 04:27:57 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\.calligra
[2012/05/27 14:48:23 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\.gephi
[2012/07/28 13:06:35 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AnvSoft
[2012/10/07 21:57:37 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Applian FLV and Media Player
[2012/03/06 10:32:13 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Ashampoo
[2012/07/29 05:10:41 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AVCWare
[2012/05/16 14:47:51 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AVG
[2012/02/02 17:21:16 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Blio
[2012/09/08 18:54:50 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Box Desktop
[2012/09/09 23:55:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Box Sync
[2012/02/13 06:07:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\calibre
[2012/08/04 03:21:52 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CBS Interactive
[2012/02/05 15:41:23 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Cocoon Software
[2012/10/04 15:25:35 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CoffeeCup Software
[2012/05/20 17:48:43 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\ColorCop
[2012/09/26 03:15:58 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CX
[2012/02/14 21:15:38 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DAZ 3D
[2012/09/08 02:35:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Docear
[2012/08/04 05:05:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Downloaded Installations
[2012/09/08 18:02:55 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Dropbox
[2012/08/30 02:11:01 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DVDVideoSoft
[2012/08/29 01:34:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/02/04 02:13:30 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\E-Z Contact Book
[2012/06/19 23:12:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Eltima Software
[2012/08/20 00:43:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\eM Client
[2012/03/21 20:03:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\eM Client for SoftMaker
[2012/05/16 02:09:12 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\enchant
[2012/05/27 21:46:26 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\EndNote
[2012/06/25 18:07:07 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FileOpen
[2012/10/03 22:43:26 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FileZilla
[2012/08/04 07:27:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Foxit
[2012/06/16 19:51:33 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Foxit Software
[2012/08/08 06:57:37 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Free Sound Recorder
[2012/02/07 07:27:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FreeCommander
[2012/08/08 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Audio
[2012/08/08 08:47:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Converter
[2012/08/08 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Screen
[2012/08/08 08:48:07 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Video
[2012/02/03 23:44:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FreeFLVConverter
[2012/08/13 07:27:27 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FTPSynchronize
[2012/09/13 23:54:11 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\GlarySoft
[2012/04/29 10:49:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\gtk-2.0
[2012/05/27 15:29:02 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\HistCite
[2012/05/15 13:28:06 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\inkscape
[2012/03/03 23:11:37 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\IObit
[2012/05/17 09:41:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\IrfanView
[2012/05/31 05:01:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\JabRef 2.8
[2012/10/08 00:41:03 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Jarte
[2012/07/28 14:57:39 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\KompoZer
[2012/07/28 15:50:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\kompozer.net
[2012/02/02 17:55:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\LibreOffice
[2012/05/25 03:38:20 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\LyX2.0
[2012/10/06 20:41:35 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\MegaCloud
[2012/09/09 23:20:54 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\MegaCloudBackup
[2012/07/29 07:46:20 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Moyea
[2012/10/08 00:40:38 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Nitro PDF
[2012/04/18 12:23:41 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\onOne Software
[2012/07/04 08:52:39 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\OpenCandy
[2012/05/19 02:07:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\OpenOffice.org
[2012/07/29 00:35:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Opera
[2012/07/04 08:57:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Paltalk
[2012/05/20 23:08:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\picpick
[2012/02/15 05:43:06 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\postgresql
[2012/05/28 02:01:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Publish or Perish
[2012/02/07 22:06:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Quantisle
[2012/08/04 04:17:17 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RapidTyping
[2012/07/28 14:51:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RecoolTec
[2012/04/17 15:54:04 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RegistryKeys
[2012/08/13 00:55:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RiseFly
[2012/06/25 16:28:27 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Smart PDF Converter Pro
[2012/07/17 13:55:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\SoftGrid Client
[2012/03/21 20:42:01 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\SoftMaker
[2012/02/02 16:41:42 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Synaptics
[2012/08/13 01:43:49 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Sync App Settings
[2012/08/11 00:05:26 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Thunderbird
[2012/03/14 06:42:58 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Titler
[2012/02/02 18:09:58 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\TP
[2012/05/05 19:15:14 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\uTorrent
[2012/07/28 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\VIP Video Converter
[2012/02/03 19:21:42 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Windows Live Writer
[2012/07/28 14:12:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/07/29 05:35:51 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Xilisoft
[2012/02/03 00:55:24 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Zotero
[2012/03/16 15:07:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\ZScreen

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >
 
not sure if I'm doing this right --
you didn't mention the Admin window opening, so I ignored it and proceeded;
CF didn't say to re-boot but Firefox wouldn't work properly so I re-booted;
no ComboFix.txt file created automatically that I could find, so re-ran CF to see if it would create it -- awaiting operations -- this closes Ff down so will get back to you after that
 
see screen capture -- missing menu bar to fit "everything" in -- attached contents of combofix.txt -- looks ok? but??
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ComboFix 12-10-08.03 - Russell 09/10/2012 8:18:44.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.1012.185 [GMT 13:00]
Running from: C:\Users\Russell\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\install.exe
C:\Users\Russell\AppData\Local\assembly\tmp
C:\Users\Russell\AppData\Local\TempDIR
C:\Windows\iun6002.exe
C:\Windows\system32\wpcap.dll


((((((((((((((((((((((((( Files Created from 2012-09-08 to 2012-10-08 )))))))))))))))))))))))))))))))
 
Your screen capture is bogus, I need to see the entire Combofix log , if you cant find it then run DDS again and post that new log please
 
I did a Windows search and what you see is what was in combofix.txt

bogus? don't know what you mean, it's a real screen capture, not sure I mocked up

DDS -- could you remind me what that is, please?
 
did search and found DDS referred to as having something to do with Malwarebytes (on BleepingComputer.com, and you've had me run that before) so am attaching that log below -- but can't see any useful info.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.09.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Russell :: RUSSELL-HP [administrator]

Protection: Disabled

9/10/2012 11:38:03 p.m.
mbam-log-2012-10-09 (23-38-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207179
Time elapsed: 14 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Hey Russell,

Looking at the screen capture again and thought it was just from a bogus site, my bad. DDS is the first log you posted when you originally posted in the forum

Download DDS from one of the links below to your desktop

Link 1
Link 2

  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
  • Copy/Paste the contents of 'DDS.txt' into your post.
  • 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)


After running Combofix, is incredibar gone ?
 
Status
Not open for further replies.
Back
Top