Incredibar

Status
Not open for further replies.
THANKS FOR THE EXPLANATION

here're the two files
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Russell at 0:27:52 on 2012-10-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.1012.117 [GMT 13:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Box Sync\UpdateService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~1\GFI\GFIBAC~1\GFIFInst.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIFSC~1.EXE
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Freecorder 6: {6b34accf-1b63-4e1a-8633-461917c75544} - c:\program files\freecorder 6\tbcore3.dll
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\program files\microsoft office 15\root\office15\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\russell\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll/105
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7}\37071627B6630314C647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7}\4457E6564696E602C4962627162797021337470264C6F6F627 : DhcpNameServer = 10.10.10.1
TCP: Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7}\642554540294E4455425E454450213 : DhcpNameServer = 192.168.11.1 8.8.8.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\russell\appdata\roaming\mozilla\firefox\profiles\bylhdpoc.default\
FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com/
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitroie.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\videodownloadconverter_4z\bar\1.bin\NP4zStub.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\russell\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQKBEoZ6o&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 4e18d11e0000000000002eb70d3f194a
FF - user.js: extensions.incredibar_i.instlDay - 15607
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:07:47
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQKBEoZ6o
FF - user.js: extensions.incredibar_i.upn2n - 92543635926693664
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
============= SERVICES / DRIVERS ===============
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-5-20 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-5-20 69392]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-17 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-17 355632]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 #UpdateService;Box Sync Auto-updater;c:\program files\box sync\UpdateService.exe [2012-8-18 8704]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-6-1 913792]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AESTSrv.exe [2011-12-21 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-17 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-17 58680]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-10-22 85152]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-27 44808]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-7-21 249648]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 GFIBckFAtt;GFI BackUp Freeware Attendant Service;c:\progra~1\gfi\gfibac~1\GFIFInst.exe [2012-6-26 1011056]
R2 GFIBckFSched;GFI BackUp Freeware Scheduler Service;c:\progra~1\gfi\gfibac~1\GFIFSC~1.EXE [2012-6-26 2664816]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-9-10 86072]
R2 HPClientSvc;HP Client Services;c:\program files\hewlett-packard\hp client services\HPClientServices.exe [2010-10-11 246840]
R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2011-7-12 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-12-21 13336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-28 399432]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-7-26 184848]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-6-20 69640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-9-28 1153368]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2011-10-22 158880]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-10-22 25248]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2012-8-4 27760]
R3 igddim32;igddim32;c:\windows\system32\drivers\igddim32.sys [2012-4-20 1344512]
R3 igdkmd32;igdkmd32;c:\windows\system32\drivers\igdkmd32.sys [2012-4-20 419328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-28 22856]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-12-21 197224]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-12-21 394856]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-5-20 33552]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-11 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-28 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-18 250056]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-10-22 35488]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-8-2 195320]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-10-22 290976]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-10-22 97440]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-10-22 147616]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-10-22 60064]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-10-22 263968]
S3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-10-22 445088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-11 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-3 114144]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2012-6-23 4846168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-3 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 51040]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-10-09 11:20:19 0 ----a-w- c:\windows\system32\sho2636.tmp
2012-10-09 07:52:16 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3026ec6d-ac11-4658-ae3b-dc6228560d8a}\mpengine.dll
2012-10-08 20:07:04 -------- d-----w- C:\$RECYCLE.BIN
2012-10-08 20:03:45 -------- d-----w- c:\users\russell\appdata\local\temp
2012-10-08 19:10:19 -------- d-----w- C:\ComboFix
2012-10-08 18:24:42 518144 ----a-w- c:\windows\SWREG.exe
2012-10-08 18:24:42 256000 ----a-w- c:\windows\PEV.exe
2012-10-08 18:24:42 208896 ----a-w- c:\windows\MBR.exe
2012-10-08 18:24:41 98816 ----a-w- c:\windows\sed.exe
2012-10-08 13:23:10 -------- d-----w- C:\_OTL
2012-10-05 22:50:53 -------- d-----w- C:\8e07ef0f1fb298627a7ae926aaec3f
2012-09-28 07:03:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-28 07:03:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-28 04:12:52 -------- d-----w- c:\users\russell\appdata\roaming\Malwarebytes
2012-09-28 04:12:10 -------- d-----w- c:\programdata\Malwarebytes
2012-09-28 04:12:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 04:12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-26 08:03:11 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-26 00:54:09 -------- d-----w- c:\program files\CCleaner
2012-09-25 14:15:58 -------- d-----w- c:\users\russell\appdata\roaming\CX
2012-09-25 14:14:37 -------- d-----w- c:\users\russell\appdata\local\CX
2012-09-24 11:09:26 -------- d-----w- c:\program files\Perion
2012-09-23 14:39:22 -------- d-----w- c:\program files\Mr Smoozles Goes Nutso
2012-09-23 12:29:25 -------- d-----w- c:\program files\GOG.com
2012-09-23 06:15:50 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-23 06:12:28 -------- d-----w- c:\program files\iPod
2012-09-23 06:12:07 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-23 06:12:07 -------- d-----w- c:\program files\iTunes
2012-09-21 23:35:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-21 23:35:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-09-21 23:35:02 140936 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-09-21 23:35:01 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-09-17 01:19:26 -------- d-----w- c:\program files\Sigma Team
2012-09-17 01:07:36 -------- d-----w- C:\Counter-Strike 2D
2012-09-16 22:57:04 -------- d-----w- c:\program files\Cave Story Deluxe
2012-09-16 14:34:27 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2012-09-16 14:34:25 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-09-16 14:34:24 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2012-09-16 14:34:23 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2012-09-16 14:33:47 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-09-16 10:31:58 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-09-16 10:31:22 -------- d-----w- c:\users\russell\appdata\local\Punkbuster
2012-09-16 10:30:00 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2012-09-15 03:54:15 -------- d-----w- C:\found.002
2012-09-13 08:12:25 -------- d-----r- c:\program files\Skype
2012-09-12 04:03:39 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 04:03:38 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 04:03:37 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 04:03:31 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 04:03:29 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 04:03:23 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 03:49:35 -------- d-----w- C:\09470b656efc966851db
.
==================== Find3M ====================
.
2012-09-01 19:38:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-01 19:38:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-01 19:00:07 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-01 18:59:57 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-01 18:59:56 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 03:58:36 405152 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13:14 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13:14 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 01:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-28 09:32:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-28 09:32:23 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-26 02:39:12 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-07-26 02:39:10 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 00:27:53 2216480 ------w- c:\windows\wweb32.dll
.
============= FINISH: 0:36:06.52 ===============
 
Incredibar is still on your DDS log


Look for Incredibar
At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
In the Add-ons Manager tab, select the Extensions or Appearance or Plugins panel.
Select the add-on you wish to disable.
Click the Disable button.
Click Restart now if it pops up. Your tabs will be saved and restored after the restart.




Drag Combofix to the trash and lets download a fresh new copy and run it without a script, also go and delete C:\ComboFix.txt


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
Last edited:
didn't "stick around" to check if recovery manager installed but here's ComboFix.txt
++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ComboFix 12-10-09.01 - Russell 10/10/2012 8:46.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.1012.229 [GMT 13:00]
Running from: c:\users\Russell\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\install.exe
c:\windows\iun6002.exe
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2012-10-09 20:30 . 2012-10-09 20:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-09 11:20 . 2012-10-09 11:20 0 ----a-w- c:\windows\system32\sho2636.tmp
2012-10-09 07:52 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3026EC6D-AC11-4658-AE3B-DC6228560D8A}\mpengine.dll
2012-10-08 20:03 . 2012-10-09 20:30 -------- d-----w- c:\users\Russell\AppData\Local\temp
2012-10-08 13:23 . 2012-10-08 13:23 -------- d-----w- C:\_OTL
2012-10-05 22:50 . 2012-10-05 22:50 -------- d-----w- C:\8e07ef0f1fb298627a7ae926aaec3f
2012-09-29 07:36 . 2012-09-29 07:36 -------- d-----w- c:\program files\ERUNT
2012-09-28 07:03 . 2012-10-07 06:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-28 07:03 . 2012-09-28 07:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-28 04:12 . 2012-09-28 04:12 -------- d-----w- c:\users\Russell\AppData\Roaming\Malwarebytes
2012-09-28 04:12 . 2012-09-28 04:12 -------- d-----w- c:\programdata\Malwarebytes
2012-09-28 04:12 . 2012-09-28 04:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-28 04:12 . 2012-09-07 05:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 08:03 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-26 00:54 . 2012-09-26 00:54 -------- d-----w- c:\program files\CCleaner
2012-09-25 14:15 . 2012-09-25 14:15 -------- d-----w- c:\users\Russell\AppData\Roaming\CX
2012-09-25 14:14 . 2012-09-25 14:15 -------- d-----w- c:\users\Russell\AppData\Local\CX
2012-09-24 11:09 . 2012-09-24 11:09 -------- d-----w- c:\program files\Perion
2012-09-23 14:39 . 2012-09-23 14:39 -------- d-----w- c:\program files\Mr Smoozles Goes Nutso
2012-09-23 12:29 . 2012-10-05 04:29 -------- d-----w- c:\program files\GOG.com
2012-09-23 06:15 . 2012-08-21 01:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-23 06:12 . 2012-09-23 06:12 -------- d-----w- c:\program files\iPod
2012-09-23 06:12 . 2012-09-23 06:15 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-23 06:12 . 2012-09-23 06:15 -------- d-----w- c:\program files\iTunes
2012-09-21 23:35 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-21 23:35 . 2012-08-24 07:34 140936 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-09-21 23:35 . 2012-08-24 06:47 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-09-21 23:35 . 2012-08-24 06:48 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-09-17 01:19 . 2012-09-17 03:57 -------- d-----w- c:\program files\Sigma Team
2012-09-17 01:07 . 2012-09-17 01:12 -------- d-----w- C:\Counter-Strike 2D
2012-09-16 22:57 . 2012-09-16 22:57 -------- d-----w- c:\program files\Cave Story Deluxe
2012-09-16 14:34 . 2006-09-28 04:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2012-09-16 14:34 . 2006-09-28 04:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-09-16 14:34 . 2006-07-27 21:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2012-09-16 14:34 . 2006-07-27 21:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2012-09-16 14:33 . 2005-05-26 03:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-09-16 10:31 . 2012-09-16 10:49 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-09-16 10:31 . 2012-09-16 10:31 -------- d-----w- c:\users\Russell\AppData\Local\Punkbuster
2012-09-16 10:30 . 2012-09-16 11:55 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2012-09-15 03:54 . 2012-09-15 03:54 -------- d-----w- C:\found.002
2012-09-13 08:12 . 2012-09-13 08:12 -------- d-----w- c:\program files\Common Files\Skype
2012-09-13 08:12 . 2012-09-13 08:12 -------- d-----r- c:\program files\Skype
2012-09-12 04:03 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 04:03 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 04:03 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 04:03 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 04:03 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 04:03 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 03:49 . 2012-09-12 03:50 -------- d-----w- C:\09470b656efc966851db
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 19:38 . 2012-06-17 16:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-01 19:38 . 2012-06-17 16:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-01 19:00 . 2012-09-01 19:00 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-01 18:59 . 2012-03-20 01:19 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-01 18:59 . 2012-02-02 05:03 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-29 13:37 . 2012-08-29 13:37 39424 ----a-r- c:\users\Russell\AppData\Roaming\Microsoft\Installer\{88741A14-4C9D-469F-BA36-8FDF6037BB68}\Icon88741A14.exe
2012-08-24 03:58 . 2012-08-03 17:05 405152 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-08-21 09:13 . 2012-07-16 14:47 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-07-16 14:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-07-16 14:47 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-07-16 14:47 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-07-16 14:47 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-07-16 14:47 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-07-16 14:45 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-07-16 14:45 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-21 01:01 . 2012-02-02 07:20 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-01 04:02 . 2012-07-18 02:37 460424 ------w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2012-07-28 09:32 . 2012-03-01 16:59 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-28 09:32 . 2012-03-01 16:59 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-26 02:39 . 2012-08-03 16:12 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-07-26 02:39 . 2012-08-03 16:12 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-07-18 17:47 . 2012-08-15 10:20 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 00:27 . 2012-02-27 06:17 2216480 ------w- c:\windows\wweb32.dll
2012-09-09 00:34 . 2012-09-09 00:24 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6B34ACCF-1B63-4E1A-8633-461917C75544}"= "c:\program files\Freecorder 6\tbcore3.dll" [2012-08-01 2711928]
.
[HKEY_CLASSES_ROOT\clsid\{6b34accf-1b63-4e1a-8633-461917c75544}]
[HKEY_CLASSES_ROOT\TBSB00808.TBSB00808.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00808.TBSB00808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-17 16:40 220608 ----a-w- c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-17 16:40 220608 ----a-w- c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-17 16:40 220608 ----a-w- c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]
@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"
[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]
@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"
[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal]
@="{03FB4211-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}]
2012-08-31 02:45 242864 ----a-w- c:\users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified]
@="{03FB4212-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}]
2012-08-31 02:45 242864 ----a-w- c:\users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError]
@="{03FB4213-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}]
2012-08-31 02:45 242864 ----a-w- c:\users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-11-11 2307368]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
c:\windows\system32 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
c:\windows\system32 [X]
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 #UpdateService;Box Sync Auto-updater;c:\program files\Box Sync\UpdateService.exe [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 GFIBckFAtt;GFI BackUp Freeware Attendant Service;c:\progra~1\GFI\GFIBAC~1\GFIFInst.exe [x]
S2 GFIBckFSched;GFI BackUp Freeware Scheduler Service;c:\progra~1\GFI\GFIBAC~1\GFIFSC~1.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [x]
S3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\
FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com/
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQKBEoZ6o&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 4e18d11e0000000000002eb70d3f194a
FF - user.js: extensions.incredibar_i.instlDay - 15607
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:07
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQKBEoZ6o
FF - user.js: extensions.incredibar_i.upn2n - 92543635926693664
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{8BA85C75-763B-4103-94EB-9470F12FE0F7} - (no file)
ShellIconOverlayIdentifiers-{CD55129A-B1A1-438E-A425-CEBC7DC684EE} - (no file)
ShellIconOverlayIdentifiers-{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} - (no file)
HKLM_ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
AddRemove-Freecorder_1.0 - c:\windows\iun6002.exe
AddRemove-2D857E8472D5CE6389E3ABD8FDE97BC8130D96A3 - c:\program files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(660)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'Explorer.exe'(5828)
c:\program files\ThreatFire\TfWah.dll
c:\windows\system32\prnfldr.dll
c:\windows\system32\dxp.dll
c:\windows\System32\QUtil.dll
.
Completion time: 2012-10-10 09:46:31
ComboFix-quarantined-files.txt 2012-10-09 20:46
.
Pre-Run: 162,872,561,664 bytes free
Post-Run: 162,774,302,720 bytes free
.
- - End Of File - - 13E96276EF9804C214AD5B876EC5CF68
 
to clarify, though I did state this at the start -- am using Windows 7 (Home Premium, in fact) and, as I understand it, System Recovery doesn't work in the same way as with the older System Recovery Console
 
Well, we dont need the recovery tool but Win 7 has a nice option for it if ever needed, lets try one more time to see if Combofix can remove those incredibar entries from your Firefox profile


Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Firefox::


Code: 
Firefox::
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQKBEoZ6o&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 4e18d11e0000000000002eb70d3f194a
FF - user.js: extensions.incredibar_i.instlDay - 15607
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:07
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6PQKBEoZ6o
FF - user.js: extensions.incredibar_i.upn2n - 92543635926693664
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
 
ComboFix 12-10-09.01 - Russell 10/10/2012 22:13:09.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.1012.91 [GMT 13:00]
Running from: c:\users\Russell\Desktop\ComboFix.exe
Command switches used :: c:\users\Russell\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 09:57 . 2012-10-10 09:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 00:34 . 2012-10-10 00:34 -------- d-----w- C:\found.003
2012-10-09 11:20 . 2012-10-09 11:20 0 ----a-w- c:\windows\system32\sho2636.tmp
2012-10-09 07:52 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3026EC6D-AC11-4658-AE3B-DC6228560D8A}\mpengine.dll
2012-10-08 20:03 . 2012-10-10 09:57 -------- d-----w- c:\users\Russell\AppData\Local\temp
2012-10-08 13:23 . 2012-10-08 13:23 -------- d-----w- C:\_OTL
2012-10-05 22:50 . 2012-10-05 22:50 -------- d-----w- C:\8e07ef0f1fb298627a7ae926aaec3f
2012-09-29 07:36 . 2012-09-29 07:36 -------- d-----w- c:\program files\ERUNT
2012-09-28 07:03 . 2012-10-07 06:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-28 07:03 . 2012-09-28 07:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-28 04:12 . 2012-09-28 04:12 -------- d-----w- c:\users\Russell\AppData\Roaming\Malwarebytes
2012-09-28 04:12 . 2012-09-28 04:12 -------- d-----w- c:\programdata\Malwarebytes
2012-09-28 04:12 . 2012-09-28 04:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-28 04:12 . 2012-09-07 05:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 08:03 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-26 00:54 . 2012-09-26 00:54 -------- d-----w- c:\program files\CCleaner
2012-09-25 14:15 . 2012-09-25 14:15 -------- d-----w- c:\users\Russell\AppData\Roaming\CX
2012-09-25 14:14 . 2012-09-25 14:15 -------- d-----w- c:\users\Russell\AppData\Local\CX
2012-09-24 11:09 . 2012-09-24 11:09 -------- d-----w- c:\program files\Perion
2012-09-23 14:39 . 2012-09-23 14:39 -------- d-----w- c:\program files\Mr Smoozles Goes Nutso
2012-09-23 12:29 . 2012-10-05 04:29 -------- d-----w- c:\program files\GOG.com
2012-09-23 06:15 . 2012-08-21 01:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-23 06:12 . 2012-09-23 06:12 -------- d-----w- c:\program files\iPod
2012-09-23 06:12 . 2012-09-23 06:15 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-23 06:12 . 2012-09-23 06:15 -------- d-----w- c:\program files\iTunes
2012-09-21 23:35 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-21 23:35 . 2012-08-24 07:34 140936 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-09-21 23:35 . 2012-08-24 06:47 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-09-21 23:35 . 2012-08-24 06:48 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-09-17 01:19 . 2012-09-17 03:57 -------- d-----w- c:\program files\Sigma Team
2012-09-17 01:07 . 2012-09-17 01:12 -------- d-----w- C:\Counter-Strike 2D
2012-09-16 22:57 . 2012-09-16 22:57 -------- d-----w- c:\program files\Cave Story Deluxe
2012-09-16 14:34 . 2006-09-28 04:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2012-09-16 14:34 . 2006-09-28 04:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-09-16 14:34 . 2006-07-27 21:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2012-09-16 14:34 . 2006-07-27 21:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2012-09-16 14:33 . 2005-05-26 03:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-09-16 10:31 . 2012-09-16 10:49 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-09-16 10:31 . 2012-09-16 10:31 -------- d-----w- c:\users\Russell\AppData\Local\Punkbuster
2012-09-16 10:30 . 2012-09-16 11:55 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2012-09-15 03:54 . 2012-09-15 03:54 -------- d-----w- C:\found.002
2012-09-13 08:12 . 2012-09-13 08:12 -------- d-----w- c:\program files\Common Files\Skype
2012-09-13 08:12 . 2012-09-13 08:12 -------- d-----r- c:\program files\Skype
2012-09-12 04:03 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 04:03 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 04:03 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 04:03 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 04:03 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 04:03 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 03:49 . 2012-09-12 03:50 -------- d-----w- C:\09470b656efc966851db
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 19:38 . 2012-06-17 16:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-01 19:38 . 2012-06-17 16:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-01 19:00 . 2012-09-01 19:00 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-01 18:59 . 2012-03-20 01:19 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-01 18:59 . 2012-02-02 05:03 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-29 13:37 . 2012-08-29 13:37 39424 ----a-r- c:\users\Russell\AppData\Roaming\Microsoft\Installer\{88741A14-4C9D-469F-BA36-8FDF6037BB68}\Icon88741A14.exe
2012-08-24 03:58 . 2012-08-03 17:05 405152 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-08-21 09:13 . 2012-07-16 14:47 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-07-16 14:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-07-16 14:47 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-07-16 14:47 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-07-16 14:47 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-07-16 14:47 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-07-16 14:45 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-07-16 14:45 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-21 01:01 . 2012-02-02 07:20 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-01 04:02 . 2012-07-18 02:37 460424 ------w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2012-07-28 09:32 . 2012-03-01 16:59 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-28 09:32 . 2012-03-01 16:59 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-26 02:39 . 2012-08-03 16:12 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-07-26 02:39 . 2012-08-03 16:12 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-07-18 17:47 . 2012-08-15 10:20 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 00:27 . 2012-02-27 06:17 2216480 ------w- c:\windows\wweb32.dll
2012-09-09 00:34 . 2012-09-09 00:24 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6B34ACCF-1B63-4E1A-8633-461917C75544}"= "c:\program files\Freecorder 6\tbcore3.dll" [2012-08-01 2711928]
.
[HKEY_CLASSES_ROOT\clsid\{6b34accf-1b63-4e1a-8633-461917c75544}]
[HKEY_CLASSES_ROOT\TBSB00808.TBSB00808.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00808.TBSB00808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-17 16:40 220608 ----a-w- c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-17 16:40 220608 ----a-w- c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-17 16:40 220608 ----a-w- c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]
@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"
[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]
@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"
[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal]
@="{03FB4211-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}]
2012-08-31 02:45 242864 ----a-w- c:\users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified]
@="{03FB4212-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}]
2012-08-31 02:45 242864 ----a-w- c:\users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError]
@="{03FB4213-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}]
2012-08-31 02:45 242864 ----a-w- c:\users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-11-11 2307368]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
c:\windows\system32 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
c:\windows\system32 [X]
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 #UpdateService;Box Sync Auto-updater;c:\program files\Box Sync\UpdateService.exe [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 GFIBckFAtt;GFI BackUp Freeware Attendant Service;c:\progra~1\GFI\GFIBAC~1\GFIFInst.exe [x]
S2 GFIBckFSched;GFI BackUp Freeware Scheduler Service;c:\progra~1\GFI\GFIBAC~1\GFIFSC~1.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [x]
S3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\bylhdpoc.default\
FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com/
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQKBEoZ6o&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 4e18d11e0000000000002eb70d3f194a
FF - user.js: extensions.incredibar_i.instlDay - 15607
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:07
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQKBEoZ6o
FF - user.js: extensions.incredibar_i.upn2n - 92543635926693664
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(664)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'Explorer.exe'(2656)
c:\program files\ThreatFire\TfWah.dll
c:\windows\system32\timedate.cpl
c:\windows\system32\MsftEdit.dll
c:\program files\Common Files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\CRYPTUI.dll
c:\windows\System32\UIAnimation.dll
c:\windows\system32\stobject.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\System32\QUtil.dll
c:\windows\System32\hcproviders.dll
.
Completion time: 2012-10-10 23:13:52
ComboFix-quarantined-files.txt 2012-10-10 10:13
ComboFix2.txt 2012-10-09 20:46
.
Pre-Run: 161,586,810,880 bytes free
Post-Run: 161,538,367,488 bytes free
.
- - End Of File - - 449CB27A23F557CE80BD67E82E779FFD
 
Still there, the user profile from Firefox is hard to remove or edit, lets do this, it may be the easier thing to do.

Go into Programs and Features in the Control Panel and uninstall Firefox, then reboot

The go to Start > Run and copy and paste this in %APPDATA% and hit enter, then go to the Mozilla folder and delete it because there is where incredibar is in your profile.


Then go here and download and install the latest version of Firefox nice and clean

http://www.mozilla.org/en-US/firefox/new/


Let me know how it went ?
 
Start > Run and copy and paste this in %APPDATA% ??

"this" -- what's this?



incidentally, I don't often use chrome but after removing Ff, before re-installing (which I have yet to do) there was a new extension Chrome was asking if I wanted to install "Newtab for Chrome / Firefox" -- different name, same crap -- it had set up Mystart Incredibar in a new tab but I think I prevented its installation -- but to be safe, removed Ff and Chrome -- didn't have this problem with IE -- I write for the web so have several browsers installed -- removeNewtab from Chrome, using Chrome, but also using Advanced System Care removed Chrome, with all leftovers in registry etc (I hope)

but now, what you were saying about "this"??

now back to removing folders from AppData -- just as well I store my Zotero library elsewhere (100Mb+) -- importance of knowing your programs ;-)
 
If type or copy %APPDATA% into the run box and hit enter it will take you to the Mozilla folder if its still present after the uninstall of Firefox
 
oh, is that all, I did it somewhat differently -- revealed hidden folders/files -- folder removed from AppData Local, also removed it from AppData Roaming --

BUT on re-installing the program hadn't removed the extensions -- so the problem remained unresolved -- still Incredibar there!

obviously installed into one of the extensions, but not by itself

currently re-running SB as I discovered on surveying contents of AppData that PriceGong and Toolbar4 also there -- which SB hadn't reported on earlier

wondering if I "shred" these folders, and all Firefox folders if that will help

not sure where the extensions get installed

proving to be a troublesome little beggar!
 
The extensions folder was inside the Mozilla folder, did you delete Mozilla ?



Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :filefind
incredibar

:folderfind
incredibar

:Regfind
incredibar
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
well, fingers crossed, it's working properly again -- a pain to fix, but thanks to LastPass and XMarks soon back up to speed

thanks for the assistance
 
Great, but I would run SystemLook and let me take a peak. Either way I will keep this thread open for you for a few days so post back in a few days with an update
 
here's the log -- don't know if this affects other programs, still affects them that is -- opened Google Chrome earlier and it opened a new tab with Incredibar! -- so I've tried to delete the google AppData directory -- twice now -- it started with incredibar after the first deletion -- but I haven't tried again yet
++++++++++++++++++++++++++++++++++++++++++++++++++++++++

SystemLook 30.07.11 by jpshortstuff
Log created at 14:58 on 11/10/2012 by Russell
Administrator - Elevation successful

========== filefind ==========

Searching for "incredibar"
No files found.

========== folderfind ==========

Searching for "incredibar"
No folders found.

========== Regfind ==========

Searching for "incredibar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc\CurVer]
@="esrv.IncredibarESrvc.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd\CurVer]
@="Incredibar.dskBnd.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\0\win32]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\HELPDIR]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppName"="incredibarsrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppPath"="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS]

-= EOF =-
 
problems continue with google chrome, despite uninstalling and re-installing chrome (about three times now!) -- here's the log -- not sure if it shows anything different from before -- can't find any incredibar files or folders, but some registry entries
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

SystemLook 30.07.11 by jpshortstuff
Log created at 19:06 on 11/10/2012 by Russell
Administrator - Elevation successful

========== filefind ==========

Searching for "incredibar"
No files found.

========== folderfind ==========

Searching for "incredibar"
No folders found.

========== Regfind ==========

Searching for "incredibar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc\CurVer]
@="esrv.IncredibarESrvc.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd\CurVer]
@="Incredibar.dskBnd.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\0\win32]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\HELPDIR]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppName"="incredibarsrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppPath"="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS]

-= EOF =-
 
some people have claimed in discussions on other forums that it's the New Tab extension, but this seems a legitimate extension in the chrome "repository" (or app store, I guess you could call it) but I don't think it is that extension, despite its name/function

despite uninstalling and installing chrome it auto-detects what extensions have been installed before and re-installs them automatically, including, I guess, the contaminated one?

so where are the installed extensions if not under chrome?
 
Hi,

Where going to make changes to your registry so we need to back it up first

Backup Your Registry with ERUNT:
  • Download erunt.zip to your Desktop from here:
    http://aumha.org/downloads/erunt.zip
  • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
  • Inside the new folder, double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: to restore your registry, go to the backup folder and start ERDNT.exe




Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::


Code: 
Regisry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Incredibar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc\CurVer]
@="esrv.IncredibarESrvc.1"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd\CurVer]
@="Incredibar.dskBnd.1"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\0\win32]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\HELPDIR]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppName"="incredibarsrv.exe"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppPath"="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS]

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
 
thanks, you've been really patient BUT, just to "prove" I'm not making this up
am attaching files created after the attempted fix -- combofix.txt and capture of screen of relaunch of google chrome -- which still has problems -- still no problems with Firefox or IE -- below -- contents of combofix.txt

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ComboFix 12-10-11.01 - Russell 12/10/2012 0:05.4.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.1012.281 [GMT 13:00]
Running from: c:\users\Russell\Desktop\ComboFix.exe
Command switches used :: c:\users\Russell\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\system32\MSVCR100.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-11 to 2012-10-11 )))))))))))))))))))))))))))))))
.
.
2012-10-11 11:56 . 2012-10-11 12:02 -------- d-----w- c:\users\Russell\AppData\Local\temp
2012-10-11 11:56 . 2012-10-11 11:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 17:58 . 2012-10-10 17:58 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3026EC6D-AC11-4658-AE3B-DC6228560D8A}\offreg.dll
2012-10-10 14:28 . 2012-10-10 14:28 0 ----a-w- c:\windows\system32\sho2396.tmp
2012-10-10 14:23 . 2012-10-10 14:23 -------- d-----w- c:\users\Russell\AppData\Local\Mozilla
2012-10-10 03:01 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 03:01 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 02:59 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 02:59 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 02:59 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 02:59 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 02:59 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 02:58 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 02:58 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 00:34 . 2012-10-10 00:34 -------- d-----w- C:\found.003
2012-10-09 11:20 . 2012-10-09 11:20 0 ----a-w- c:\windows\system32\sho2636.tmp
2012-10-09 07:52 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3026EC6D-AC11-4658-AE3B-DC6228560D8A}\mpengine.dll
2012-10-08 13:23 . 2012-10-08 13:23 -------- d-----w- C:\_OTL
2012-10-05 22:50 . 2012-10-05 22:50 -------- d-----w- C:\8e07ef0f1fb298627a7ae926aaec3f
2012-09-29 07:36 . 2012-09-29 07:36 -------- d-----w- c:\program files\ERUNT
2012-09-28 07:03 . 2012-10-07 06:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-28 07:03 . 2012-09-28 07:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-28 04:12 . 2012-09-28 04:12 -------- d-----w- c:\users\Russell\AppData\Roaming\Malwarebytes
2012-09-28 04:12 . 2012-09-28 04:12 -------- d-----w- c:\programdata\Malwarebytes
2012-09-28 04:12 . 2012-09-28 04:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-28 04:12 . 2012-09-07 05:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 08:03 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-26 00:54 . 2012-09-26 00:54 -------- d-----w- c:\program files\CCleaner
2012-09-25 14:15 . 2012-10-11 01:07 -------- d-----w- c:\users\Russell\AppData\Roaming\CX
2012-09-25 14:14 . 2012-09-25 14:15 -------- d-----w- c:\users\Russell\AppData\Local\CX
2012-09-24 11:09 . 2012-09-24 11:09 -------- d-----w- c:\program files\Perion
2012-09-23 14:39 . 2012-09-23 14:39 -------- d-----w- c:\program files\Mr Smoozles Goes Nutso
2012-09-23 12:29 . 2012-10-05 04:29 -------- d-----w- c:\program files\GOG.com
2012-09-23 06:15 . 2012-08-21 01:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-23 06:12 . 2012-09-23 06:12 -------- d-----w- c:\program files\iPod
2012-09-23 06:12 . 2012-09-23 06:15 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-23 06:12 . 2012-09-23 06:15 -------- d-----w- c:\program files\iTunes
2012-09-21 23:35 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-21 23:35 . 2012-08-24 07:34 140936 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-09-21 23:35 . 2012-08-24 06:47 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-09-21 23:35 . 2012-08-24 06:48 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-09-17 01:19 . 2012-09-17 03:57 -------- d-----w- c:\program files\Sigma Team
2012-09-17 01:07 . 2012-09-17 01:12 -------- d-----w- C:\Counter-Strike 2D
2012-09-16 22:57 . 2012-09-16 22:57 -------- d-----w- c:\program files\Cave Story Deluxe
2012-09-16 14:34 . 2006-09-28 04:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2012-09-16 14:34 . 2006-09-28 04:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-09-16 14:34 . 2006-07-27 21:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2012-09-16 14:34 . 2006-07-27 21:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2012-09-16 14:33 . 2005-05-26 03:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-09-16 10:31 . 2012-09-16 10:49 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-09-16 10:31 . 2012-09-16 10:31 -------- d-----w- c:\users\Russell\AppData\Local\Punkbuster
2012-09-16 10:30 . 2012-09-16 11:55 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2012-09-15 03:54 . 2012-09-15 03:54 -------- d-----w- C:\found.002
2012-09-13 08:12 . 2012-09-13 08:12 -------- d-----w- c:\program files\Common Files\Skype
2012-09-13 08:12 . 2012-09-13 08:12 -------- d-----r- c:\program files\Skype
2012-09-12 04:03 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 04:03 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 04:03 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 04:03 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 04:03 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 04:03 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 03:49 . 2012-09-12 03:50 -------- d-----w- C:\09470b656efc966851db
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 19:38 . 2012-06-17 16:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-01 19:38 . 2012-06-17 16:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-01 19:00 . 2012-09-01 19:00 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-01 18:59 . 2012-03-20 01:19 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-01 18:59 . 2012-02-02 05:03 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-29 13:37 . 2012-08-29 13:37 39424 ----a-r- c:\users\Russell\AppData\Roaming\Microsoft\Installer\{88741A14-4C9D-469F-BA36-8FDF6037BB68}\Icon88741A14.exe
2012-08-24 03:58 . 2012-08-03 17:05 405152 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-08-21 09:13 . 2012-07-16 14:47 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-07-16 14:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-07-16 14:47 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-07-16 14:47 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-07-16 14:47 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-07-16 14:47 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-07-16 14:45 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-07-16 14:45 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-21 01:01 . 2012-02-02 07:20 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-01 04:02 . 2012-07-18 02:37 460424 ------w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2012-07-28 09:32 . 2012-03-01 16:59 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-28 09:32 . 2012-03-01 16:59 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-26 02:39 . 2012-08-03 16:12 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-07-26 02:39 . 2012-08-03 16:12 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-07-18 17:47 . 2012-08-15 10:20 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 00:27 . 2012-02-27 06:17 2216480 ------w- c:\windows\wweb32.dll
2012-10-06 02:15 . 2012-10-10 14:22 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-17 16:40 220608 ----a-w- c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-17 16:40 220608 ----a-w- c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-17 16:40 220608 ----a-w- c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]
@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"
[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]
@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"
[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal]
@="{03FB4211-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}]
2012-08-31 02:45 242864 ----a-w- c:\users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified]
@="{03FB4212-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}]
2012-08-31 02:45 242864 ----a-w- c:\users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError]
@="{03FB4213-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}]
2012-08-31 02:45 242864 ----a-w- c:\users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 03:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-08-17 21:18 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-11-11 2307368]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
c:\windows\system32 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
c:\windows\system32 [X]
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 #UpdateService;Box Sync Auto-updater;c:\program files\Box Sync\UpdateService.exe [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 GFIBckFAtt;GFI BackUp Freeware Attendant Service;c:\progra~1\GFI\GFIBAC~1\GFIFInst.exe [x]
S2 GFIBckFSched;GFI BackUp Freeware Scheduler Service;c:\progra~1\GFI\GFIBAC~1\GFIFSC~1.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [x]
S3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\
FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com/?cmp=fcb|http://nz.yahoo.com/
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(624)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(652)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'Explorer.exe'(1224)
c:\program files\ThreatFire\TfWah.dll
c:\users\Russell\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\MSVCR110.dll
c:\windows\system32\timedate.cpl
c:\windows\system32\actxprxy.dll
c:\windows\System32\shdocvw.dll
c:\windows\System32\gameux.dll
c:\windows\System32\shacct.dll
c:\windows\system32\MsftEdit.dll
c:\windows\system32\msls31.dll
c:\program files\Common Files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\authui.dll
c:\windows\system32\NetworkExplorer.dll
c:\windows\System32\UIAnimation.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ntshrui.dll
c:\windows\system32\Syncreg.dll
c:\windows\ehome\ehSSO.dll
c:\windows\System32\AltTab.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Bluetooth Suite\AthCopyHook.dll
c:\program files\Box Sync\BoxCopyHookHandler.dll
c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c9bf903caf3cdbad651e4254c8fc78ab\System.Drawing.ni.dll
c:\windows\system32\wwanapi.dll
c:\windows\System32\wscui.cpl
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThreatFire\TFService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-10-12 01:20:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-11 12:20
ComboFix2.txt 2012-10-10 10:14
ComboFix3.txt 2012-10-09 20:46
.
Pre-Run: 156,395,098,112 bytes free
Post-Run: 156,963,450,880 bytes free
.
- - End Of File - - 5D58FBB101C3B593072ADB79DB06CFBE
 
Rerun SystemLook and lets see if those entries are gone, then run OTL again and post a new log please
 
Last edited:
I'm hoping to NOT have to reformat the hard disk and re-install everything BUT


here's the result from SystemLook -- looks exactly the same as before, but haven't checked in detail -- will run OTL now

++++++++++++++++++++++++++++++++++++++++++++++++++++++

SystemLook 30.07.11 by jpshortstuff
Log created at 05:17 on 12/10/2012 by Russell
Administrator - Elevation successful

========== filefind ==========

Searching for "incredibar"
No files found.

========== folderfind ==========

Searching for "incredibar"
No folders found.

========== Regfind ==========

Searching for "incredibar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc\CurVer]
@="esrv.IncredibarESrvc.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd\CurVer]
@="Incredibar.dskBnd.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\0\win32]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\HELPDIR]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppName"="incredibarsrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppPath"="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS]

-= EOF =-
 
Status
Not open for further replies.
Back
Top