Incredibar

ken545 · Oct 11, 2012

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Incredibar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc\CurVer]
@="esrv.IncredibarESrvc.1"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.IncredibarESrvc.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd\CurVer]
@="Incredibar.dskBnd.1"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Incredibar.dskBnd.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\0\win32]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}\1.0\HELPDIR]
@="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppName"="incredibarsrv.exe"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}]
"AppPath"="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS]

Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this

Make sure to back up with ERUNT first

Then lets look over OTL and go from there

russwilsonau · Oct 11, 2012

contents of OTL.txt

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

TL logfile created on: 12/10/2012 6:47:24 a.m. - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Russell\Downloads\OTL
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1012.30 Mb Total Physical Memory | 69.52 Mb Available Physical Memory | 6.87% Memory free
1.99 Gb Paging File | 0.46 Gb Available in Paging File | 23.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.95 Gb Total Space | 148.35 Gb Free Space | 52.24% Space Free | Partition Type: NTFS
Drive D: | 13.84 Gb Total Space | 1.55 Gb Free Space | 11.18% Space Free | Partition Type: NTFS
Drive E: | 99.00 Mb Total Space | 87.44 Mb Free Space | 88.33% Space Free | Partition Type: FAT32

Computer Name: RUSSELL-HP | User Name: Russell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Russell\Downloads\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Box Sync\UpdateService.exe (Box, Inc.)
PRC - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Program Files\GFI\GFI BackUp Freeware\GFIFInst.exe (GFI Software Ltd.)
PRC - C:\Program Files\GFI\GFI BackUp Freeware\GFIFSched.exe (GFI Software Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
PRC - C:\Program Files\IDT\WDM\AESTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Russell\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll ()
MOD - C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ae1551d0edae77ab6ccc6b5dc3a90919\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c9bf903caf3cdbad651e4254c8fc78ab\System.Drawing.ni.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d37b6a5c0576b73e54e2027ea1eaf940\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f489585d6cb29313a05dceac6ee1cde1\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f37a9277a565b368c4358befdce25080\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\6b97ba148f663f114bcbbfae7a2752e9\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7edca5be5fb91df4d5eb66097437f546\mscorlib.ni.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()

========== Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (#UpdateService) -- C:\Program Files\Box Sync\UpdateService.exe (Box, Inc.)
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (BingDesktopUpdate) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (GFIBckFAtt) -- C:\Program Files\GFI\GFI BackUp Freeware\GFIFInst.exe (GFI Software Ltd.)
SRV - (GFIBckFSched) -- C:\Program Files\GFI\GFI BackUp Freeware\GFIFSched.exe (GFI Software Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ThreatFire) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSrv.exe (Andrea Electronics Corporation)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\Russell\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (igddim32) -- C:\Windows\System32\drivers\igddim32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros)
DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros)
DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros)
DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros)
DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros)
DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros)
DRV - (btath_avdt) -- C:\Windows\System32\drivers\btath_avdt.sys (Atheros)
DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (clwvd) -- C:\Windows\System32\drivers\clwvd.sys (CyberLink Corporation)
DRV - (TfSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys (PC Tools)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{1EB53970-B557-5025-3244-737B4FF514AF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKU\.DEFAULT\..\URLSearchHook: {D0CF9C3B-2C4F-4C99-ACED-3CDF9AEEFF7E} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {D0CF9C3B-2C4F-4C99-ACED-3CDF9AEEFF7E} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.msn.com/?pc=BDT3&ocid=bdtdhp
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes,Backup.Old.DefaultScope = {9655317D-B950-475F-9450-73A32684CFEC}
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes,DefaultScope = {1EB53970-B557-5025-3244-737B4FF514AF}
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{1EB53970-B557-5025-3244-737B4FF514AF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7ITVB_enNZ475
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{4306E828-4997-4C8E-9FE4-9E46CC3276E4}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "http://au.yahoo.com/?cmp=fcb|http://nz.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: {d37dc5d0-431d-44e5-8c91-49419370caa1}:3.1.26
FF - prefs.js..extensions.enabledAddons: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:2.0.6
FF - prefs.js..extensions.enabledAddons: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.7.5
FF - prefs.js..extensions.enabledAddons: {ada4b710-8346-4b82-8199-5de2b400a6ae}:2.0.1
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: tabutilslite@ithinc.cn:1.1.5
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.16
FF - prefs.js..extensions.enabledAddons: zotero@chnm.gmu.edu:3.0.8
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: artur.dubovoy@gmail.com:3.7.1
FF - prefs.js..extensions.enabledAddons: zotfile@columbia.edu:2.2.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\LibreOffice 3.4\program File not found
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin [2012/09/28 18:41:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/27 23:47:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/11 03:22:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/24 19:22:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles/xfb27j5f.default\extensions\superfish@superfish.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files\WordWeb\WCaptureMoz [2012/02/27 19:17:18 | 000,000,000 | ---D | M]

[2012/10/11 03:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Extensions
[2012/10/11 04:57:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions
[2012/10/11 04:04:18 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012/10/11 03:49:59 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/10/11 04:22:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/10/11 03:38:46 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012/10/11 03:52:07 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\foxmarks@kei.com
[2012/10/11 03:38:18 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\support@lastpass.com
[2012/10/11 04:22:21 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\zotero@chnm.gmu.edu
[2012/10/11 04:44:13 | 000,221,242 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\artur.dubovoy@gmail.com.xpi
[2012/10/11 03:55:18 | 000,024,946 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\tabutilslite@ithinc.cn.xpi
[2012/10/11 04:57:42 | 000,406,180 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\zotfile@columbia.edu.xpi
[2012/10/11 03:47:54 | 000,527,037 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi
[2012/10/11 03:57:34 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/10/11 03:47:54 | 000,324,289 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
[2012/08/11 00:32:56 | 000,000,822 | ---- | M] () (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\xpi-details.xsl
[2012/10/11 03:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/06 15:15:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/06 15:15:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/06 15:15:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.co.nz/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.co.nz/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak
CHR - Extension: YouTube = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Proxy SwitchySharp = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\1.9.48_0\
CHR - Extension: LastPass = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.12_0\
CHR - Extension: avast! WebRep = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Search for YouTube Videos = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kabfoagjjgbakjgadhcpoleecfkmhpjm\0.1.0.6_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Gmail = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/12 01:01:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1911284681-1753166069-4267012026-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74240472-D26B-436F-9D60-760C249DCFA7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 10:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/12 01:01:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/10/12 00:56:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/12 00:56:54 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\temp
[2012/10/11 23:47:19 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\ERUNT
[2012/10/11 23:45:36 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\erunt
[2012/10/11 16:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/10/11 14:07:29 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\CX Sync
[2012/10/11 03:23:53 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Mozilla
[2012/10/11 03:23:53 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Mozilla
[2012/10/11 03:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/10/10 16:01:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/10 16:00:43 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/10/10 16:00:42 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/10/10 16:00:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 16:00:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 16:00:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 16:00:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 16:00:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 16:00:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 16:00:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 16:00:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 16:00:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 16:00:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 16:00:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 16:00:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 16:00:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 16:00:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 16:00:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 16:00:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 16:00:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 16:00:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 16:00:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 16:00:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 16:00:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 16:00:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 16:00:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 16:00:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 16:00:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 16:00:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 16:00:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 16:00:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 15:58:57 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/10 15:58:55 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/10 15:29:47 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\NoiseTrade-Summer-Sampler
[2012/10/10 13:34:54 | 000,000,000 | ---D | C] -- C:\found.003
[2012/10/10 08:34:29 | 004,765,263 | R--- | C] (Swearware) -- C:\Users\Russell\Desktop\ComboFix.exe
[2012/10/10 00:32:39 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\INCREDIBAR TESTING
[2012/10/09 21:47:12 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\RICK HANSON VIDEOS
[2012/10/09 07:24:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/09 07:24:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/09 07:24:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/09 07:22:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/09 02:23:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/08 20:13:14 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\GAD
[2012/10/07 09:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012/10/07 01:53:17 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\EMAIL IDs
[2012/10/07 00:21:44 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\MEDITATION -- SELF-COMPASSION
[2012/10/06 11:50:53 | 000,000,000 | ---D | C] -- C:\8e07ef0f1fb298627a7ae926aaec3f
[2012/09/29 20:38:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/09/29 20:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/09/29 20:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/09/28 20:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/09/28 20:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/09/28 20:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/09/28 17:12:52 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Malwarebytes
[2012/09/28 17:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/28 17:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/28 17:12:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/28 17:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/26 21:03:11 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012/09/26 13:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/26 13:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/26 03:15:58 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\CX
[2012/09/26 03:15:11 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CX
[2012/09/26 03:14:37 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\CX
[2012/09/25 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012/09/24 03:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr Smoozles Goes Nutso
[2012/09/24 03:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mr Smoozles Goes Nutso
[2012/09/24 01:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2012/09/24 01:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com
[2012/09/23 19:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/23 19:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/23 19:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/23 19:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/22 12:35:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/22 12:34:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/22 12:34:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/22 12:34:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/22 12:34:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/22 12:34:50 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/22 12:34:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/22 12:34:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/20 22:57:10 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\MSSAT TRUST OTAGO
[2012/09/17 14:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigma Team
[2012/09/17 14:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sigma Team
[2012/09/17 14:07:36 | 000,000,000 | ---D | C] -- C:\Counter-Strike 2D
[2012/09/17 11:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cave Story Deluxe
[2012/09/17 11:57:56 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cave Story Deluxe
[2012/09/17 11:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Cave Story Deluxe
[2012/09/17 03:34:27 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2012/09/17 03:34:25 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2012/09/17 03:34:24 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2012/09/17 03:34:23 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2012/09/17 03:34:22 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2012/09/17 03:34:22 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2012/09/17 03:34:21 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2012/09/17 03:33:54 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2012/09/17 03:33:53 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2012/09/17 03:33:53 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2012/09/17 03:33:52 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2012/09/17 03:33:50 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2012/09/17 03:33:48 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2012/09/17 03:33:47 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2012/09/17 03:33:45 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2012/09/17 03:33:43 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2012/09/16 23:31:22 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Punkbuster
[2012/09/16 23:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Wolfenstein - Enemy Territory
[2012/09/15 16:54:15 | 000,000,000 | ---D | C] -- C:\found.002
[2012/09/13 21:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/13 21:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/13 21:12:25 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/09/12 17:03:38 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/12 17:03:37 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/12 17:03:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/12 17:03:23 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/12 16:49:35 | 000,000,000 | ---D | C] -- C:\09470b656efc966851db
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/12 06:50:32 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 06:50:32 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 06:29:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/12 06:29:25 | 796,102,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/12 06:15:12 | 000,001,477 | ---- | M] () -- C:\Users\Russell\Desktop\Regfix.reg
[2012/10/12 05:27:31 | 000,817,869 | ---- | M] () -- C:\Users\Russell\Desktop\How To Hide Your Personal Information On Facebook.maff
[2012/10/12 01:01:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/11 23:53:14 | 004,765,263 | R--- | M] (Swearware) -- C:\Users\Russell\Desktop\ComboFix.exe
[2012/10/11 10:16:05 | 000,734,576 | ---- | M] () -- C:\Users\Russell\Desktop\freecorder6-setup.exe
[2012/10/11 10:14:03 | 000,001,827 | ---- | M] () -- C:\Users\Russell\Desktop\Freecorder.lnk
[2012/10/11 10:12:56 | 000,985,904 | ---- | M] () -- C:\Users\Russell\Desktop\FreecorderSetup.exe
[2012/10/08 23:06:26 | 000,408,820 | ---- | M] () -- C:\Users\Russell\Desktop\(2) acceptance and commitment therapy — Facebook search.maff
[2012/10/08 22:56:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/10/08 14:52:58 | 008,067,631 | ---- | M] () -- C:\Users\Russell\Desktop\At_the_Heart_of_Intimacy_Susan_Johnson.flv
[2012/10/06 12:20:39 | 000,153,870 | ---- | M] () -- C:\Users\Russell\Desktop\Most Psychotropic Meds Increase Driving Risk.maff
[2012/10/04 15:28:51 | 000,000,013 | ---- | M] () -- C:\Windows\System32\WinSys32.crc
[2012/10/02 12:01:56 | 000,665,232 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/02 12:01:56 | 000,125,678 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/25 00:07:50 | 000,000,712 | ---- | M] () -- C:\user.js
[2012/09/16 21:47:00 | 000,001,947 | ---- | M] () -- C:\Users\Russell\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2012/09/15 07:28:53 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/09/13 23:52:19 | 000,002,060 | ---- | M] () -- C:\Users\Russell\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/12 06:15:10 | 000,001,477 | ---- | C] () -- C:\Users\Russell\Desktop\Regfix.reg
[2012/10/12 05:24:36 | 000,817,869 | ---- | C] () -- C:\Users\Russell\Desktop\How To Hide Your Personal Information On Facebook.maff
[2012/10/11 10:15:11 | 000,734,576 | ---- | C] () -- C:\Users\Russell\Desktop\freecorder6-setup.exe
[2012/10/11 10:14:03 | 000,001,827 | ---- | C] () -- C:\Users\Russell\Desktop\Freecorder.lnk
[2012/10/11 10:12:17 | 000,985,904 | ---- | C] () -- C:\Users\Russell\Desktop\FreecorderSetup.exe
[2012/10/11 03:23:00 | 000,001,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/09 07:24:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/09 07:24:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/09 07:24:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/09 07:24:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/09 07:24:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/08 23:06:07 | 000,408,820 | ---- | C] () -- C:\Users\Russell\Desktop\(2) acceptance and commitment therapy — Facebook search.maff
[2012/10/08 14:50:56 | 008,067,631 | ---- | C] () -- C:\Users\Russell\Desktop\At_the_Heart_of_Intimacy_Susan_Johnson.flv
[2012/10/06 12:20:18 | 000,153,870 | ---- | C] () -- C:\Users\Russell\Desktop\Most Psychotropic Meds Increase Driving Risk.maff
[2012/09/16 23:31:58 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/08/25 10:31:42 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012/08/24 14:02:51 | 000,001,729 | ---- | C] () -- C:\Users\Russell\AppData\Local\recently-used.xbel
[2012/07/29 19:16:38 | 000,000,061 | ---- | C] () -- C:\ProgramData\DoremisoftSWFSetting.ini
[2012/06/21 06:30:48 | 000,093,696 | ---- | C] () -- C:\Windows\System32\lua5.1a.dll
[2012/05/10 00:38:50 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2012/05/08 00:43:43 | 000,001,089 | ---- | C] () -- C:\Users\Russell\Documents - Shortcut.lnk
[2012/05/07 13:48:05 | 000,042,120 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2012/04/20 23:30:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/03/18 22:00:51 | 000,000,000 | ---- | C] () -- C:\Users\Russell\hsqlprefs.dat
[2012/03/14 18:56:02 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2012/03/01 23:57:34 | 000,000,165 | ---- | C] () -- C:\Users\Russell\.gtkrc-2.0
[2012/02/27 19:17:40 | 002,216,480 | ---- | C] () -- C:\Windows\wweb32.dll
[2012/02/23 00:31:43 | 000,011,776 | ---- | C] () -- C:\Users\Russell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 01:44:00 | 000,003,504 | ---- | C] () -- C:\Users\Russell\Financial Accounts.gnucash
[2012/02/14 23:08:04 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/02/05 03:29:28 | 000,000,224 | ---- | C] () -- C:\Users\Russell\.languagetool-ooo.cfg
[2012/02/02 23:23:25 | 000,899,072 | ---- | C] () -- C:\Users\Russell\AppData\Roaming\SharedSettings.ccs
[2011/12/21 22:42:09 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/12/14 11:57:16 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/12/12 03:22:22 | 000,000,101 | ---- | C] () -- C:\Windows\System32\ud-boot-time.ini
[2011/10/22 22:24:58 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin
[2011/09/15 16:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/09/07 09:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/03/29 21:00:00 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/03/25 08:35:18 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/02 23:43:46 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== ZeroAccess Check ==========

[2012/08/11 00:32:56 | 000,000,596 | ---- | M] () -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\tcyzurho.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/14 17:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 17:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 10:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 14:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/04/18 04:27:57 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\.calligra
[2012/05/27 14:48:23 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\.gephi
[2012/07/28 13:06:35 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AnvSoft
[2012/03/06 10:32:13 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Ashampoo
[2012/07/29 05:10:41 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AVCWare
[2012/05/16 14:47:51 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\AVG
[2012/02/02 17:21:16 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Blio
[2012/09/08 18:54:50 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Box Desktop
[2012/09/09 23:55:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Box Sync
[2012/02/13 06:07:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\calibre
[2012/08/04 03:21:52 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CBS Interactive
[2012/02/05 15:41:23 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Cocoon Software
[2012/10/04 15:25:35 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CoffeeCup Software
[2012/05/20 17:48:43 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\ColorCop
[2012/10/11 14:07:30 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\CX
[2012/02/14 21:15:38 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DAZ 3D
[2012/09/08 02:35:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Docear
[2012/08/04 05:05:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Downloaded Installations
[2012/09/08 18:02:55 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Dropbox
[2012/08/30 02:11:01 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DVDVideoSoft
[2012/08/29 01:34:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/02/04 02:13:30 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\E-Z Contact Book
[2012/06/19 23:12:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Eltima Software
[2012/08/20 00:43:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\eM Client
[2012/03/21 20:03:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\eM Client for SoftMaker
[2012/05/16 02:09:12 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\enchant
[2012/05/27 21:46:26 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\EndNote
[2012/06/25 18:07:07 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FileOpen
[2012/10/11 23:25:07 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FileZilla
[2012/08/04 07:27:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Foxit
[2012/06/16 19:51:33 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Foxit Software
[2012/08/08 06:57:37 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Free Sound Recorder
[2012/02/07 07:27:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FreeCommander
[2012/08/08 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Audio
[2012/08/08 08:47:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Converter
[2012/08/08 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Screen
[2012/08/08 08:48:07 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Freecorder 6 Video
[2012/02/03 23:44:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FreeFLVConverter
[2012/08/13 07:27:27 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\FTPSynchronize
[2012/09/13 23:54:11 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\GlarySoft
[2012/04/29 10:49:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\gtk-2.0
[2012/05/27 15:29:02 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\HistCite
[2012/05/15 13:28:06 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\inkscape
[2012/03/03 23:11:37 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\IObit
[2012/05/17 09:41:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\IrfanView
[2012/05/31 05:01:53 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\JabRef 2.8
[2012/10/08 00:41:03 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Jarte
[2012/07/28 14:57:39 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\KompoZer
[2012/07/28 15:50:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\kompozer.net
[2012/02/02 17:55:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\LibreOffice
[2012/05/25 03:38:20 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\LyX2.0
[2012/10/12 02:35:39 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\MegaCloud
[2012/09/09 23:20:54 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\MegaCloudBackup
[2012/07/29 07:46:20 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Moyea
[2012/10/08 00:40:38 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Nitro PDF
[2012/04/18 12:23:41 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\onOne Software
[2012/07/04 08:52:39 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\OpenCandy
[2012/05/19 02:07:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\OpenOffice.org
[2012/07/29 00:35:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Opera
[2012/07/04 08:57:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Paltalk
[2012/05/20 23:08:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\picpick
[2012/02/15 05:43:06 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\postgresql
[2012/05/28 02:01:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Publish or Perish
[2012/02/07 22:06:47 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Quantisle
[2012/08/04 04:17:17 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RapidTyping
[2012/07/28 14:51:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RecoolTec
[2012/04/17 15:54:04 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RegistryKeys
[2012/08/13 00:55:09 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\RiseFly
[2012/06/25 16:28:27 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Smart PDF Converter Pro
[2012/07/17 13:55:34 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\SoftGrid Client
[2012/03/21 20:42:01 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\SoftMaker
[2012/02/02 16:41:42 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Synaptics
[2012/08/13 01:43:49 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Sync App Settings
[2012/08/11 00:05:26 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Thunderbird
[2012/03/14 06:42:58 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Titler
[2012/02/02 18:09:58 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\TP
[2012/05/05 19:15:14 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\uTorrent
[2012/07/28 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\VIP Video Converter
[2012/02/03 19:21:42 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Windows Live Writer
[2012/07/28 14:12:36 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/07/29 05:35:51 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Xilisoft
[2012/02/03 00:55:24 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Zotero
[2012/03/16 15:07:45 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\ZScreen

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

russwilsonau · Oct 11, 2012

Google Chrome STILL producing new tabs with Incredibar

ken545 · Oct 11, 2012

This is what I would do, uninstall Chrome and then go to C:/Program Files and delete the Chrome folder if its still present

ken545 · Oct 12, 2012

Give this a shot

http://www.bleepingcomputer.com/download/adwcleaner/

russwilsonau · Oct 12, 2012

uninstalled chrome and re-installed several times, after checking with that program, and despite having the HOST PuPs program installed but still Incredibar is still there -- see graphic
and here's the report showing it's been trialled several times but not once did it report finding Incredibar
+++++++++++++++++++++++++++++++++++++++++++++++++++++

# AdwCleaner v2.004 - Logfile created 10/12/2012 at 20:33:03
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Russell - RUSSELL-HP
# Boot Mode : Normal
# Running from : C:\Users\Russell\Desktop\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\84emq8ne.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7042 octets] - [12/10/2012 15:21:08]
AdwCleaner[R2].txt - [7102 octets] - [12/10/2012 15:29:54]
AdwCleaner[S1].txt - [7026 octets] - [12/10/2012 15:33:20]
AdwCleaner[R3].txt - [1873 octets] - [12/10/2012 15:47:16]
AdwCleaner[R4].txt - [1933 octets] - [12/10/2012 16:20:18]
AdwCleaner[S2].txt - [2009 octets] - [12/10/2012 16:25:51]
AdwCleaner[R5].txt - [1189 octets] - [12/10/2012 17:25:04]
AdwCleaner[S3].txt - [1249 octets] - [12/10/2012 17:26:58]
AdwCleaner[R6].txt - [1464 octets] - [12/10/2012 18:07:44]
AdwCleaner[S4].txt - [1524 octets] - [12/10/2012 18:09:19]
AdwCleaner[R7].txt - [1287 octets] - [12/10/2012 18:37:31]
AdwCleaner[R8].txt - [1310 octets] - [12/10/2012 19:00:17]
AdwCleaner[R9].txt - [1551 octets] - [12/10/2012 19:20:49]
AdwCleaner[R10].txt - [1613 octets] - [12/10/2012 19:36:19]
AdwCleaner[R11].txt - [1674 octets] - [12/10/2012 20:13:00]
AdwCleaner[S5].txt - [1733 octets] - [12/10/2012 20:14:22]
AdwCleaner[R12].txt - [1819 octets] - [12/10/2012 20:33:03]

########## EOF - C:\AdwCleaner[R12].txt - [1880 octets] ##########

russwilsonau · Oct 12, 2012

problem persists in Google Chrome -- see attached

ken545 · Oct 12, 2012

Try this

Uninstall a program called WebAssistant, it comes with Incredimail / Incredibar and hides the search engine control program.

Remove MyStart in Google Chrome:
1. Open Google Chrome.
2. Click on the Wrench icon on top right corner of the browser.
3. Choose “Settings” from the drop down list.
4. Select “Basics.”
5. Click on “Manage search engines” under SEARCH settings area.
6. Hover your mouse to a preferred search engine and click “Make default.”
7. You can now remove MyStart by Incredibar search by clicking on the X mark.

russwilsonau · Oct 12, 2012

Thanks BUT

-- I wasn't happy with WebAssistant so un-installed it before I started corresponding with this forum

see attached JPGs for remaining problem

-- Google set up as default search by Google on install

-- only Yahoo and Bing available as search engines -- no other search engines "available"

problem persists

re-running AdwCleaner doesn't reveal Incredibar as adware -- never has, BUT

ken545 · Oct 12, 2012

Go to Start > Run and type in REGEDIT then OK

When it opens go to
HKEY_LOCAL_MACHINE and click on the + sign to open it

Then on the left pane click on Software and right click and delete Incredibar and WebAssistant

Then go to
HKEY_CURRENT_USER

Then on the left pane click on Software and right click and delete Incredibar and WebAssistant

Then I would uninstall Chrome ,

Go to C\Program Files and delete Chrome folder if still present

russwilsonau · Oct 12, 2012

thought I'd share something with you I never thought I'd see again -- see attached jpg

on starting re-installed Chrome I had three extensions that came up -- I've seen people talk about manually removing extensions using the address bar

about:config

and similar modifications to the way the program was installed

BUT I thought I'd remove the three extensions as a final last ditch attempt -- as I said I test pages for web creation and didn't want to do without Chrome if I could avoid it -- it is the most popular browser numerically

(sorry, I can't remember what the three extensions were, but one WAS New Tab)

one final thing -- one has to make sure MyStart is no longer one of the default pages openinng when Chrome starts -- it opened automatically and I thought I had mucked it up again! before it opened up with each new tab but after changing that option it's now working OK

so who knows what "the" effective step was -- or what combination BUT

ken545 · Oct 12, 2012

Great, prior to reinstalling Chrome, did you remove those entries with Regedit

russwilsonau · Oct 13, 2012

yep, followed all the steps you suggested, so it's hard to understand just what step, or steps, were effective, but that probably helped, so thanks for that -- I'm not experienced with editing the registry, just rely on the "packaged" programs, like Advanced System Care to rremove the "leftovers" from installs.
Thanks for everything

ken545 · Oct 13, 2012

It could have been any number of those fixes I posted but you also had a hand in it yourself trying to remove it :bigthumb:

Glad things are back to normal for you

Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.

Malwarebytes is the free version and yours to keep and will not be removed

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Safe Surfn
Ken

ken545 · Oct 14, 2012

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Incredibar

ken545

Emeritus-Security Expert

russwilsonau

New member

russwilsonau

New member

ken545

Emeritus-Security Expert

ken545

Emeritus-Security Expert

russwilsonau

New member

russwilsonau

New member

ken545

Emeritus-Security Expert

russwilsonau

New member

ken545

Emeritus-Security Expert

russwilsonau

New member

ken545

Emeritus-Security Expert

russwilsonau

New member

ken545

Emeritus-Security Expert

ken545

Emeritus-Security Expert