Jump to content

famulus

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by famulus

  1. Great - it seems to be fixed. Many, many thanks. It didn't work first time, but I tried again with 2 differences - I deleted my personal data as well as uninstallng firefox; and I rebooted between uninstall and reinstall. Don't know which of those did the trick but it's all fine now. Thanks so much for your help. I'll be making a donation - and I'll remember where you are next time. Famulus
  2. Now we're getting somewhere! I've done that, log below as requested. Mystart page no longer comes up as default, although I still have MyStart search in what used to be the Google search box. Firefox is still pretty slow, but everything else (working offline) seems pretty normal. Thanks Famulus ========================================================================================================================================== ComboFix 12-05-17.05 - Janet 20/05/2012 8:41.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6092.3790 [GMT 1:00] Running from: c:\users\Janet\Desktop\ComboFix.exe Command switches used :: c:\users\Janet\Desktop\CFScript.txt AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Janet\AppData\Local\Temp\{bf5eaec9-e547-40d0-8b19-42b2a40891b9}\Livedrive.Native.dll c:\users\Janet\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll . . ((((((((((((((((((((((((( Files Created from 2012-04-20 to 2012-05-20 ))))))))))))))))))))))))))))))) . . 2012-05-20 07:47 . 2012-05-20 07:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-19 18:16 . 2012-05-20 07:47 -------- d-----w- c:\windows\system32\drivers\NISx64\1307010.005 2012-05-16 11:42 . 2012-05-16 11:42 -------- d-----w- c:\users\Janet\AppData\Roaming\Malwarebytes 2012-05-16 11:42 . 2012-05-16 11:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-16 11:42 . 2012-05-16 11:42 -------- d-----w- c:\programdata\Malwarebytes 2012-05-16 11:42 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-15 10:25 . 2012-05-15 10:25 844 ----a-w- C:\user.js 2012-05-15 09:49 . 2012-05-15 09:56 -------- d-----w- c:\program files (x86)\GSP 2012-05-15 09:49 . 2012-05-15 09:51 -------- d-----w- c:\users\Janet\AppData\Roaming\Hemera 2012-05-09 08:42 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-09 08:42 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-09 08:42 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-09 08:42 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-07 09:07 . 2012-05-07 09:07 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-05-06 13:32 . 2012-05-06 13:32 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-05-06 13:32 . 2012-05-06 13:32 -------- d-----w- c:\users\Janet\AppData\Local\Apple 2012-05-06 13:32 . 2012-05-06 13:32 -------- d-----w- c:\programdata\Apple 2012-05-06 13:31 . 2012-05-06 13:31 -------- d-----w- c:\program files (x86)\Serif Draw Plus 2012-04-30 10:43 . 2012-04-30 10:43 -------- d-----w- c:\program files (x86)\GreenbeanSoft 2012-04-29 19:43 . 2012-04-29 19:43 -------- d-----w- c:\users\Janet\AppData\Roaming\KeePass 2012-04-29 19:41 . 2012-04-29 19:41 -------- d-----w- c:\program files (x86)\KeePass Password Safe 2012-04-29 19:20 . 2012-04-29 19:20 -------- d-----w- C:\~LD 2012-04-29 18:20 . 2010-02-16 11:44 191960 ----a-w- c:\windows\system32\drivers\cbfs.sys 2012-04-29 18:19 . 2012-05-20 07:33 -------- d-----w- c:\users\Janet\AppData\Local\Livedrive 2012-04-29 18:19 . 2012-04-29 18:20 -------- d-----w- c:\program files (x86)\Livedrive . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-26 11:52 . 2011-05-31 09:07 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-03-06 23:18 . 2012-03-06 23:18 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin 2012-03-01 06:54 . 2012-04-13 06:48 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:45 . 2012-04-13 06:48 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:40 . 2012-04-13 06:48 80896 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:35 . 2012-04-13 06:48 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:49 . 2012-04-13 06:48 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:45 . 2012-04-13 06:48 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:40 . 2012-04-13 06:48 5120 ----a-w- c:\windows\SysWow64\wmi.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-05-17_22.57.48 ))))))))))))))))))))))))))))))))))))))))) . + 2012-05-19 08:21 . 2012-02-28 05:38 67072 c:\windows\SysWOW64\mshtmled.dll - 2012-02-15 12:02 . 2011-12-16 07:59 67072 c:\windows\SysWOW64\mshtmled.dll + 2012-05-19 08:21 . 2012-02-28 05:35 12800 c:\windows\SysWOW64\msfeedssync.exe - 2012-02-15 12:02 . 2011-12-16 07:56 12800 c:\windows\SysWOW64\msfeedssync.exe - 2012-02-15 12:02 . 2011-12-16 07:59 64512 c:\windows\SysWOW64\msfeedsbs.dll + 2012-05-19 08:21 . 2012-02-28 05:38 64512 c:\windows\SysWOW64\msfeedsbs.dll - 2012-02-15 12:02 . 2011-12-16 08:02 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll + 2012-05-19 08:21 . 2012-02-28 05:40 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll - 2012-02-15 12:02 . 2011-12-16 07:58 44544 c:\windows\SysWOW64\licmgr10.dll + 2012-05-19 08:21 . 2012-02-28 05:38 44544 c:\windows\SysWOW64\licmgr10.dll + 2012-05-19 08:21 . 2012-02-28 05:38 48128 c:\windows\SysWOW64\jsproxy.dll - 2012-02-15 12:02 . 2011-12-16 07:58 48128 c:\windows\SysWOW64\jsproxy.dll + 2009-07-14 04:54 . 2012-05-20 07:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-05-17 22:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-05-20 07:48 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-05-17 22:57 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-05-20 07:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-05-17 22:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-01-28 00:39 . 2012-05-19 18:12 54142 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-05-19 18:13 37076 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-05-30 14:30 . 2012-05-19 18:13 14704 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3476798985-3891373694-2057737020-1000_UserData.bin + 2012-05-19 08:21 . 2012-02-28 06:33 97280 c:\windows\system32\mshtmled.dll - 2012-02-15 12:02 . 2011-12-16 08:42 97280 c:\windows\system32\mshtmled.dll - 2012-02-15 12:02 . 2011-12-16 08:38 12288 c:\windows\system32\msfeedssync.exe + 2012-05-19 08:21 . 2012-02-28 06:29 12288 c:\windows\system32\msfeedssync.exe - 2012-02-15 12:02 . 2011-12-16 08:42 82944 c:\windows\system32\msfeedsbs.dll + 2012-05-19 08:21 . 2012-02-28 06:33 82944 c:\windows\system32\msfeedsbs.dll - 2012-02-15 12:02 . 2011-12-16 08:45 95232 c:\windows\system32\migration\WininetPlugin.dll + 2012-05-19 08:21 . 2012-02-28 06:35 95232 c:\windows\system32\migration\WininetPlugin.dll + 2012-05-19 08:21 . 2012-02-28 06:33 57856 c:\windows\system32\licmgr10.dll - 2012-02-15 12:02 . 2011-12-16 08:41 57856 c:\windows\system32\licmgr10.dll + 2012-05-19 08:21 . 2012-02-28 06:32 64512 c:\windows\system32\jsproxy.dll - 2012-02-15 12:02 . 2011-12-16 08:41 64512 c:\windows\system32\jsproxy.dll + 2012-05-19 18:17 . 2012-03-29 06:03 37496 c:\windows\system32\drivers\NISx64\1307010.005\srtspx64.sys - 2011-05-30 22:24 . 2012-05-17 22:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-30 22:24 . 2012-05-20 07:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-30 22:24 . 2012-05-20 07:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-05-30 22:24 . 2012-05-17 22:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-05-20 07:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-05-17 22:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-05-30 19:26 . 2012-05-20 07:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-05-30 19:26 . 2012-05-17 22:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:46 . 2012-05-19 09:16 78552 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2011-05-30 19:26 . 2012-05-17 22:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-05-30 19:26 . 2012-05-20 07:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-05-30 19:26 . 2012-05-17 22:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-05-30 19:26 . 2012-05-20 07:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-05-30 14:31 . 2012-05-17 23:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-30 14:31 . 2012-05-20 07:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-30 14:31 . 2012-05-20 07:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-05-30 14:31 . 2012-05-17 23:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-05-19 18:16 . 2012-03-29 06:28 4782 c:\windows\system32\drivers\NISx64\1307010.005\symvtcer.dat - 2012-05-17 22:57 . 2012-05-17 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-05-20 07:48 . 2012-05-20 07:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-05-20 07:48 . 2012-05-20 07:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-05-17 22:57 . 2012-05-17 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-02-15 12:02 . 2011-12-16 08:02 981504 c:\windows\SysWOW64\wininet.dll + 2012-05-19 08:21 . 2012-02-28 05:40 981504 c:\windows\SysWOW64\wininet.dll - 2012-02-15 12:02 . 2011-12-16 08:02 132096 c:\windows\SysWOW64\url.dll + 2012-05-19 08:21 . 2012-02-28 05:40 132096 c:\windows\SysWOW64\url.dll + 2012-05-19 08:21 . 2012-02-28 05:38 606208 c:\windows\SysWOW64\mstime.dll - 2012-02-15 12:02 . 2011-12-16 07:59 606208 c:\windows\SysWOW64\mstime.dll + 2012-05-19 08:21 . 2012-02-28 05:38 599552 c:\windows\SysWOW64\msfeeds.dll - 2012-02-15 12:02 . 2011-12-16 07:59 599552 c:\windows\SysWOW64\msfeeds.dll - 2012-02-15 12:02 . 2011-12-16 07:58 176640 c:\windows\SysWOW64\ieui.dll + 2012-05-19 08:21 . 2012-02-28 05:37 176640 c:\windows\SysWOW64\ieui.dll + 2012-05-19 08:21 . 2012-02-28 05:37 185856 c:\windows\SysWOW64\iepeers.dll - 2012-02-15 12:02 . 2011-12-16 07:58 185856 c:\windows\SysWOW64\iepeers.dll + 2012-05-19 08:21 . 2012-02-28 05:37 381440 c:\windows\SysWOW64\iedkcs32.dll - 2012-02-15 12:02 . 2011-12-16 07:58 381440 c:\windows\SysWOW64\iedkcs32.dll + 2011-05-30 16:37 . 2012-05-20 07:28 335926 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2012-05-19 08:21 . 2012-02-28 06:35 134144 c:\windows\system32\url.dll - 2012-02-15 12:02 . 2011-12-16 08:45 134144 c:\windows\system32\url.dll - 2009-07-14 02:36 . 2012-05-17 21:51 730092 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-05-20 07:53 730092 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-05-17 21:51 149886 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-05-20 07:53 149886 c:\windows\system32\perfc009.dat + 2012-05-19 08:21 . 2012-02-28 06:33 703488 c:\windows\system32\msfeeds.dll - 2012-02-15 12:02 . 2011-12-16 08:42 703488 c:\windows\system32\msfeeds.dll - 2012-02-15 12:02 . 2011-12-16 08:40 247808 c:\windows\system32\ieui.dll + 2012-05-19 08:21 . 2012-02-28 06:32 247808 c:\windows\system32\ieui.dll - 2012-02-15 12:02 . 2011-12-16 08:40 256000 c:\windows\system32\iepeers.dll + 2012-05-19 08:21 . 2012-02-28 06:32 256000 c:\windows\system32\iepeers.dll + 2012-05-19 08:21 . 2012-02-28 06:32 445952 c:\windows\system32\iedkcs32.dll - 2012-02-15 12:02 . 2011-12-16 08:40 445952 c:\windows\system32\iedkcs32.dll + 2012-05-19 18:17 . 2012-03-29 06:28 405624 c:\windows\system32\drivers\NISx64\1307010.005\symnets.sys + 2012-05-19 18:17 . 2011-08-16 06:51 451192 c:\windows\system32\drivers\NISx64\1307010.005\symds64.sys + 2012-05-19 18:17 . 2012-03-29 06:03 737912 c:\windows\system32\drivers\NISx64\1307010.005\srtsp64.sys + 2012-05-19 18:17 . 2012-03-29 06:06 190072 c:\windows\system32\drivers\NISx64\1307010.005\ironx64.sys + 2012-05-19 18:17 . 2011-11-29 22:44 167048 c:\windows\system32\drivers\NISx64\1307010.005\ccsetx64.sys + 2009-07-14 05:01 . 2012-05-20 07:47 536396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-05-17 22:56 536396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2012-02-15 12:02 . 2011-12-16 08:02 1230336 c:\windows\SysWOW64\urlmon.dll + 2012-05-19 08:21 . 2012-02-28 05:40 1230336 c:\windows\SysWOW64\urlmon.dll + 2012-05-19 08:21 . 2012-02-28 05:38 5998592 c:\windows\SysWOW64\mshtml.dll - 2012-02-15 12:02 . 2011-12-16 07:58 2072576 c:\windows\SysWOW64\iertutil.dll + 2012-05-19 08:21 . 2012-02-28 05:37 2072576 c:\windows\SysWOW64\iertutil.dll + 2012-05-19 08:21 . 2012-02-28 06:35 1197568 c:\windows\system32\wininet.dll - 2012-02-15 12:02 . 2011-12-16 08:45 1197568 c:\windows\system32\wininet.dll + 2012-05-19 08:21 . 2012-02-28 06:35 1501184 c:\windows\system32\urlmon.dll - 2012-02-15 12:02 . 2011-12-16 08:45 1501184 c:\windows\system32\urlmon.dll - 2012-02-15 12:02 . 2011-12-16 08:42 1026560 c:\windows\system32\mstime.dll + 2012-05-19 08:21 . 2012-02-28 06:33 1026560 c:\windows\system32\mstime.dll - 2012-02-15 12:02 . 2011-12-16 08:42 9335296 c:\windows\system32\mshtml.dll + 2012-05-19 08:21 . 2012-02-28 06:33 9335296 c:\windows\system32\mshtml.dll - 2012-02-15 12:02 . 2011-12-16 08:40 2458624 c:\windows\system32\iertutil.dll + 2012-05-19 08:21 . 2012-02-28 06:32 2458624 c:\windows\system32\iertutil.dll + 2012-05-19 18:17 . 2012-03-29 06:28 1092728 c:\windows\system32\drivers\NISx64\1307010.005\symefa64.sys - 2009-07-14 04:45 . 2012-05-17 21:50 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-14 04:45 . 2012-05-19 08:55 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2011-05-12 09:03 . 2012-05-20 07:47 5073272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2011-05-12 09:03 . 2012-05-16 08:30 5073272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2012-02-15 12:02 . 2011-12-16 07:58 10991104 c:\windows\SysWOW64\ieframe.dll + 2012-05-19 08:21 . 2012-02-28 05:37 10991104 c:\windows\SysWOW64\ieframe.dll + 2009-07-14 02:34 . 2012-05-19 09:09 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT - 2009-07-14 02:34 . 2012-05-17 22:03 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT - 2012-02-15 12:02 . 2011-12-16 08:40 12372480 c:\windows\system32\ieframe.dll + 2012-05-19 08:21 . 2012-02-28 06:32 12372480 c:\windows\system32\ieframe.dll + 2011-05-30 21:53 . 2012-05-20 07:47 29872352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3476798985-3891373694-2057737020-1000-8192.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-03-09 26100520] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392] "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256] "Livedrive"="c:\program files (x86)\Livedrive\Livedrive.exe" [2012-02-07 1817600] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-31 336384] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-01-10 113288] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-12-13 61112] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Olympus ib"="c:\program files (x86)\Olympus\ib\olycamdetect.exe" [2010-09-30 93360] "MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792] . c:\users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Janet\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320] Philips Device Manager.lnk - c:\program files (x86)\Philips\SA28XX Device Manager\main.exe [2011-6-1 7696118] Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744] R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-02 1160824] S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [x] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120518.001\IDSvia64.sys [2012-04-28 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-10 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-07 249672] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-10 2413056] S2 LivedriveVSSService;Livedrive VSS Service;c:\program files (x86)\Livedrive\VSSService.exe [2012-02-07 210616] S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-03-23 517632] S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-23 2656280] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-11-22 21:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] 2009-07-14 01:14 301568 ----a-w- c:\windows\System32\cmd.exe . Contents of the 'Scheduled Tasks' folder . 2012-05-14 c:\windows\Tasks\HPCeeScheduleForJANET-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2012-05-16 c:\windows\Tasks\HPCeeScheduleForJanet.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay] @="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}" [HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}] 2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay] @="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}" [HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}] 2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay] @="{84CEF1E4-1356-4063-845F-05047F4DD52C}" [HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}] 2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay] @="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}" [HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}] 2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay] @="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}" [HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}] 2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-17 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-17 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-17 418328] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2010-08-12 3451904] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-10 1128448] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\v28h5hip.default\ FF - user.js: extensions.incredibar_i.upn2n - 92824363556530923 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10643 FF - user.js: extensions.incredibar_i.ppd - 1 FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8sYquPVx&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:25 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc] "ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Common Files\Motive\McciCMService.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Common Files\Motive\McciContextHookShim.exe c:\windows\SysWOW64\RunDll32.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Completion time: 2012-05-20 09:02:43 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-20 08:02 ComboFix2.txt 2012-05-19 08:45 ComboFix3.txt 2012-05-17 23:06 . Pre-Run: 536,240,906,240 bytes free Post-Run: 533,769,797,632 bytes free . - - End Of File - - 458978FBEBAAA4CEA4398568701177EB
  3. OK, I've done that, here's the log. Mystart is still there and everything in the browser runs very slowly (it did before, I forgot to mention). Don't know about any other apps because I don't want to use anything till I'm sure this has gone away Thanks Famulus ============================================================================= ComboFix 12-05-17.05 - Janet 19/05/2012 9:28.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6092.3879 [GMT 1:00] Running from: c:\users\Janet\Desktop\ComboFix.exe Command switches used :: c:\users\Janet\Desktop\CFScript.txt AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Web Assistant c:\program files\Web Assistant\Extension64.dll c:\program files\Web Assistant\ExtensionUpdaterService.exe c:\program files\Web Assistant\Firefox\chrome.manifest c:\program files\Web Assistant\Firefox\chrome\content\libraries\DataExchangeScript.js c:\program files\Web Assistant\Firefox\chrome\content\main.js c:\program files\Web Assistant\Firefox\chrome\content\main.xul c:\program files\Web Assistant\Firefox\chrome\content\resources\LocalScript.js c:\program files\Web Assistant\Firefox\chrome\locale\en-US\overlay.dtd c:\program files\Web Assistant\Firefox\chrome\skin\overlay.css c:\program files\Web Assistant\Firefox\defaults\preferences\defaults.js c:\program files\Web Assistant\Firefox\install.rdf c:\program files\Web Assistant\InstallerHelper.dll c:\program files\Web Assistant\libraries\DataExchangeScript.js c:\program files\Web Assistant\resources\LocalScript.js c:\program files\Web Assistant\source.crx c:\program files\Web Assistant\unins000.dat c:\program files\Web Assistant\unins000.exe c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA9E8.tmp c:\users\Janet\AppData\Local\Temp\{bf5eaec9-e547-40d0-8b19-42b2a40891b9}\Livedrive.Native.dll c:\users\Janet\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Web Assistant Updater -------\Service_Web Assistant Updater . . ((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 ))))))))))))))))))))))))))))))) . . 2012-05-16 11:42 . 2012-05-16 11:42 -------- d-----w- c:\users\Janet\AppData\Roaming\Malwarebytes 2012-05-16 11:42 . 2012-05-16 11:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-16 11:42 . 2012-05-16 11:42 -------- d-----w- c:\programdata\Malwarebytes 2012-05-16 11:42 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-15 10:25 . 2012-05-15 10:25 844 ----a-w- C:\user.js 2012-05-15 09:49 . 2012-05-15 09:56 -------- d-----w- c:\program files (x86)\GSP 2012-05-15 09:49 . 2012-05-15 09:51 -------- d-----w- c:\users\Janet\AppData\Roaming\Hemera 2012-05-09 08:42 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-09 08:42 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-09 08:42 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-09 08:42 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-07 09:07 . 2012-05-07 09:07 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-05-06 13:32 . 2012-05-06 13:32 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-05-06 13:32 . 2012-05-06 13:32 -------- d-----w- c:\users\Janet\AppData\Local\Apple 2012-05-06 13:32 . 2012-05-06 13:32 -------- d-----w- c:\programdata\Apple 2012-05-06 13:31 . 2012-05-06 13:31 -------- d-----w- c:\program files (x86)\Serif Draw Plus 2012-04-30 10:43 . 2012-04-30 10:43 -------- d-----w- c:\program files (x86)\GreenbeanSoft 2012-04-29 19:43 . 2012-04-29 19:43 -------- d-----w- c:\users\Janet\AppData\Roaming\KeePass 2012-04-29 19:41 . 2012-04-29 19:41 -------- d-----w- c:\program files (x86)\KeePass Password Safe 2012-04-29 19:20 . 2012-04-29 19:20 -------- d-----w- C:\~LD 2012-04-29 18:20 . 2010-02-16 11:44 191960 ----a-w- c:\windows\system32\drivers\cbfs.sys 2012-04-29 18:19 . 2012-05-19 08:11 -------- d-----w- c:\users\Janet\AppData\Local\Livedrive 2012-04-29 18:19 . 2012-04-29 18:20 -------- d-----w- c:\program files (x86)\Livedrive 2012-04-25 10:13 . 2012-04-25 21:30 -------- d-----w- c:\windows\system32\drivers\NISx64\1307000.009 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-26 11:52 . 2011-05-31 09:07 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-03-06 23:18 . 2012-03-06 23:18 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin 2012-03-01 06:54 . 2012-04-13 06:48 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:45 . 2012-04-13 06:48 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:40 . 2012-04-13 06:48 80896 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:35 . 2012-04-13 06:48 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:49 . 2012-04-13 06:48 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:45 . 2012-04-13 06:48 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:40 . 2012-04-13 06:48 5120 ----a-w- c:\windows\SysWow64\wmi.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-05-17_22.57.48 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2012-05-19 08:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-05-17 22:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-05-17 22:57 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-05-19 08:09 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-05-17 22:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-05-19 08:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-01-28 00:39 . 2012-05-19 08:10 53024 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-05-19 08:10 36676 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-05-30 14:30 . 2012-05-19 08:10 14222 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3476798985-3891373694-2057737020-1000_UserData.bin - 2011-05-30 22:24 . 2012-05-17 22:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-30 22:24 . 2012-05-19 08:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-05-30 22:24 . 2012-05-17 22:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-05-30 22:24 . 2012-05-19 08:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-05-17 22:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-05-19 08:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-05-30 19:26 . 2012-05-19 08:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-05-30 19:26 . 2012-05-17 22:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:46 . 2012-05-19 08:16 80184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2011-05-30 19:26 . 2012-05-19 08:38 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-05-30 19:26 . 2012-05-17 22:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-05-30 19:26 . 2012-05-17 22:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-05-30 19:26 . 2012-05-19 08:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-05-30 14:31 . 2012-05-19 08:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-05-30 14:31 . 2012-05-17 23:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-05-30 14:31 . 2012-05-17 23:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-05-30 14:31 . 2012-05-19 08:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-05-19 08:37 . 2012-05-19 08:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-17 22:57 . 2012-05-17 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-17 22:57 . 2012-05-17 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-05-19 08:37 . 2012-05-19 08:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2012-05-17 21:51 730092 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-05-19 08:16 730092 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-05-17 21:51 149886 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-05-19 08:16 149886 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-05-17 22:56 536396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-05-19 08:36 536396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 02:34 . 2012-05-19 08:19 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT - 2009-07-14 02:34 . 2012-05-17 22:03 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2011-05-30 21:53 . 2012-05-19 08:36 29872352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3476798985-3891373694-2057737020-1000-8192.dat + 2012-05-19 08:27 . 2012-05-19 08:27 10117120 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-03-09 26100520] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392] "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256] "Livedrive"="c:\program files (x86)\Livedrive\Livedrive.exe" [2012-02-07 1817600] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-31 336384] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-01-10 113288] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-12-13 61112] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Olympus ib"="c:\program files (x86)\Olympus\ib\olycamdetect.exe" [2010-09-30 93360] "MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792] . c:\users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Janet\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320] Philips Device Manager.lnk - c:\program files (x86)\Philips\SA28XX Device Manager\main.exe [2011-6-1 7696118] Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . 2;2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744] R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-02 1160824] S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [x] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120516.001\IDSvia64.sys [2012-04-28 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307000.009\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-10 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-07 249672] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-10 2413056] S2 LivedriveVSSService;Livedrive VSS Service;c:\program files (x86)\Livedrive\VSSService.exe [2012-02-07 210616] S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-03-23 517632] S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-11-22 21:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] 2009-07-14 01:14 301568 ----a-w- c:\windows\System32\cmd.exe . Contents of the 'Scheduled Tasks' folder . 2012-05-14 c:\windows\Tasks\HPCeeScheduleForJANET-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2012-05-16 c:\windows\Tasks\HPCeeScheduleForJanet.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay] @="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}" [HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}] 2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay] @="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}" [HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}] 2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay] @="{84CEF1E4-1356-4063-845F-05047F4DD52C}" [HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}] 2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay] @="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}" [HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}] 2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay] @="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}" [HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}] 2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-17 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-17 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-17 418328] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2010-08-12 3451904] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-10 1128448] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] "combofix"="c:\combofix\CF19722.3XE" [2009-07-14 344576] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\v28h5hip.default\ FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb143?a=6R8sYquPVx&i=26 FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.incredibar_i.upn2 - 6R8sYquPVx FF - user.js: extensions.incredibar_i.upn2n - 92824363556530923 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10643 FF - user.js: extensions.incredibar_i.ppd - 1 FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8sYquPVx&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.instlDay - 15475 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:25 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc] "ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Common Files\Motive\McciCMService.exe c:\program files (x86)\Common Files\Motive\McciContextHookShim.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-05-19 09:45:31 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-19 08:45 ComboFix2.txt 2012-05-17 23:06 . Pre-Run: 533,899,665,408 bytes free Post-Run: 534,608,965,632 bytes free . - - End Of File - - 997F3AAE4D29720814917A14D1F01C90
  4. Sorry, forgot to say, Incredibar is still there. Otherwise, as far as I can see, the laptop is behaving fairly normally. Thanks
  5. OK, I've run combofix - I kept getting messages saying that Norton Internet Security Antispyware was still running, I turned off everything I could find, but my Norton didn't seem to tally with the instructions, so I'm not sure if there was something left on. Anyway, Combofix ran, and the log file content is pasted below - thanks ========================================================================================================= ComboFix 12-05-17.05 - Janet 17/05/2012 23:48:03.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6092.3909 [GMT 1:00] Running from: c:\users\Janet\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Web Assistant\ExTEnsion32.dll c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\{602D3E84-FF87-45CA-B6B9-80A90045E925}.xps c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1093.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1113.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc12.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc12D5.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc12D6.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc13C.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc13C2.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1677.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1934.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc19D1.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1A8F.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1A91.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1C13.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1D5A.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1DA2.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1DC1.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1E61.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1ED8.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1EF3.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1F21.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1F22.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1FBC.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2355.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc252.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc272F.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2749.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2857.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc29C7.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2A2E.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2A8F.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2A9C.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2BAA.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2ED9.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2F27.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc30A5.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc31C4.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3237.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc340E.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc345.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc356E.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3590.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc363E.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc37BD.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3BCB.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3D61.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3F58.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc40E7.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc432E.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc433C.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4531.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc45DF.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4832.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc489E.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc494E.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4A29.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4AD6.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4AEF.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4BD0.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4CAE.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4D83.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4EEF.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc511E.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5356.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc544B.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5716.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5783.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc57C2.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5B83.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5FBE.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc650.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc655B.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6579.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc65C0.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc669C.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6723.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc67A2.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc68A4.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc68BE.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc691E.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6A19.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6A23.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6A6.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6A6E.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6A97.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6C5.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6C96.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6CFE.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6E07.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6EAB.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6F2D.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc708C.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7276.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc72DA.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc72E.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7387.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7499.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc75B4.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc75F6.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc76CA.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7754.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc77C9.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc77F9.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7A33.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7A37.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7A98.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7B7D.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7D78.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7DF7.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7F9E.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc80B2.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc829B.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8342.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8354.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc879E.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc881A.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8844.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc88A9.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8984.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8C4A.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8D63.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8E29.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8F23.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8F3D.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc910C.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9224.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9658.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9752.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc97A0.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc97C8.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9857.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9993.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc99CF.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9B96.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9BB5.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9C87.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA0A1.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA225.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA41D.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA54D.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA5D9.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA7DE.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA801.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAC57.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccACE4.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAE99.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB118.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB151.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB2D9.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB350.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB5CF.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB675.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB742.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB7C9.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB987.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBB12.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBB4B.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBB5C.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBCCC.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBEFE.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC029.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC09F.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC0B2.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC0F2.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC18A.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC3CB.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC49B.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC4C3.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC536.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC62D.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC639.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC6F8.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC86B.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC8BF.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCDA4.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCED9.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCEF0.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF6A.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF77.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD12C.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD1CE.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD24E.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD3D3.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD6DF.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD73E.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD7E3.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD81.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD8C1.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD980.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD9CB.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDA21.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDA55.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDD14.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDD79.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDD9C.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDDC7.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDEBB.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDFEF.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE070.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE248.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE294.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE2ED.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE30D.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE51B.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE521.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE5EA.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE5FD.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE735.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEB21.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccECBF.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccED44.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEE5C.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEFEC.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF234.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF27.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF279.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF526.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF814.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF83C.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF848.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF8EF.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFBA5.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFC66.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFDC.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFE18.tmp c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFFB1.tmp c:\users\Janet\AppData\Local\Temp\{bf5eaec9-e547-40d0-8b19-42b2a40891b9}\Livedrive.Native.dll c:\users\Janet\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll c:\windows\security\Database\tmp.edb c:\windows\SysWow64\muzapp.exe c:\windows\SysWow64\system32 c:\windows\SysWow64\system32\3DAudio.ax c:\windows\SysWow64\system32\avrt.dll c:\windows\SysWow64\system32\cis-2.4.dll c:\windows\SysWow64\system32\issacapi_bs-2.3.dll c:\windows\SysWow64\system32\issacapi_pe-2.3.dll c:\windows\SysWow64\system32\issacapi_se-2.3.dll c:\windows\SysWow64\system32\MACXMLProto.dll c:\windows\SysWow64\system32\MaDRM.dll c:\windows\SysWow64\system32\MaJGUILib.dll c:\windows\SysWow64\system32\MAMACExtract.dll c:\windows\SysWow64\system32\MASetupCleaner.exe c:\windows\SysWow64\system32\MaXMLProto.dll c:\windows\SysWow64\system32\mfplat.dll c:\windows\SysWow64\system32\MK_Lyric.dll c:\windows\SysWow64\system32\MSCLib.dll c:\windows\SysWow64\system32\MSFLib.dll c:\windows\SysWow64\system32\MSLUR71.dll c:\windows\SysWow64\system32\msvcp60.dll c:\windows\SysWow64\system32\MTTELECHIP.dll c:\windows\SysWow64\system32\MTXSYNCICON.dll c:\windows\SysWow64\system32\muzaf1.dll c:\windows\SysWow64\system32\muzapp.dll c:\windows\SysWow64\system32\muzapp.exe c:\windows\SysWow64\system32\muzdecode.ax c:\windows\SysWow64\system32\muzeffect.ax c:\windows\SysWow64\system32\muzmp4sp.ax c:\windows\SysWow64\system32\muzmpgsp.ax c:\windows\SysWow64\system32\muzoggsp.ax c:\windows\SysWow64\system32\muzwmts.dll c:\windows\SysWow64\system32\psapi.dll . . ((((((((((((((((((((((((( Files Created from 2012-04-17 to 2012-05-17 ))))))))))))))))))))))))))))))) . . 2012-05-17 22:55 . 2012-05-17 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-16 11:42 . 2012-05-16 11:42 -------- d-----w- c:\users\Janet\AppData\Roaming\Malwarebytes 2012-05-16 11:42 . 2012-05-16 11:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-16 11:42 . 2012-05-16 11:42 -------- d-----w- c:\programdata\Malwarebytes 2012-05-16 11:42 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-15 10:25 . 2012-05-15 10:25 844 ----a-w- C:\user.js 2012-05-15 10:25 . 2012-05-17 22:54 -------- d-----w- c:\program files\Web Assistant 2012-05-15 09:49 . 2012-05-15 09:56 -------- d-----w- c:\program files (x86)\GSP 2012-05-15 09:49 . 2012-05-15 09:51 -------- d-----w- c:\users\Janet\AppData\Roaming\Hemera 2012-05-09 08:42 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-09 08:42 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-09 08:42 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-09 08:42 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-07 09:07 . 2012-05-07 09:07 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-05-06 13:32 . 2012-05-06 13:32 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-05-06 13:32 . 2012-05-06 13:32 -------- d-----w- c:\users\Janet\AppData\Local\Apple 2012-05-06 13:32 . 2012-05-06 13:32 -------- d-----w- c:\programdata\Apple 2012-05-06 13:31 . 2012-05-06 13:31 -------- d-----w- c:\program files (x86)\Serif Draw Plus 2012-04-30 10:43 . 2012-04-30 10:43 -------- d-----w- c:\program files (x86)\GreenbeanSoft 2012-04-29 19:43 . 2012-04-29 19:43 -------- d-----w- c:\users\Janet\AppData\Roaming\KeePass 2012-04-29 19:41 . 2012-04-29 19:41 -------- d-----w- c:\program files (x86)\KeePass Password Safe 2012-04-29 19:20 . 2012-04-29 19:20 -------- d-----w- C:\~LD 2012-04-29 18:20 . 2010-02-16 11:44 191960 ----a-w- c:\windows\system32\drivers\cbfs.sys 2012-04-29 18:19 . 2012-05-17 22:46 -------- d-----w- c:\users\Janet\AppData\Local\Livedrive 2012-04-29 18:19 . 2012-04-29 18:20 -------- d-----w- c:\program files (x86)\Livedrive 2012-04-25 10:13 . 2012-04-25 21:30 -------- d-----w- c:\windows\system32\drivers\NISx64\1307000.009 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-26 11:52 . 2011-05-31 09:07 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-03-06 23:18 . 2012-03-06 23:18 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin 2012-03-01 06:54 . 2012-04-13 06:48 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:45 . 2012-04-13 06:48 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:40 . 2012-04-13 06:48 80896 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:35 . 2012-04-13 06:48 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:49 . 2012-04-13 06:48 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:45 . 2012-04-13 06:48 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:40 . 2012-04-13 06:48 5120 ----a-w- c:\windows\SysWow64\wmi.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-03-09 26100520] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392] "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256] "Livedrive"="c:\program files (x86)\Livedrive\Livedrive.exe" [2012-02-07 1817600] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-31 336384] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-01-10 113288] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-12-13 61112] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Olympus ib"="c:\program files (x86)\Olympus\ib\olycamdetect.exe" [2010-09-30 93360] "MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792] . c:\users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Janet\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320] Philips Device Manager.lnk - c:\program files (x86)\Philips\SA28XX Device Manager\main.exe [2011-6-1 7696118] Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744] R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-02 1160824] S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [x] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120516.001\IDSvia64.sys [2012-04-28 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307000.009\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-10 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-07 249672] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-10 2413056] S2 LivedriveVSSService;Livedrive VSS Service;c:\program files (x86)\Livedrive\VSSService.exe [2012-02-07 210616] S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-03-23 517632] S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-23 2656280] S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-01 185856] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-11-22 21:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] 2009-07-14 01:14 301568 ----a-w- c:\windows\System32\cmd.exe . Contents of the 'Scheduled Tasks' folder . 2012-05-14 c:\windows\Tasks\HPCeeScheduleForJANET-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2012-05-16 c:\windows\Tasks\HPCeeScheduleForJanet.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] 2012-05-01 13:33 201728 ----a-w- c:\program files\Web Assistant\Extension64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay] @="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}" [HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}] 2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay] @="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}" [HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}] 2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay] @="{84CEF1E4-1356-4063-845F-05047F4DD52C}" [HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}] 2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay] @="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}" [HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}] 2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay] @="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}" [HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}] 2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-17 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-17 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-17 418328] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2010-08-12 3451904] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-10 1128448] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://mystart.incredibar.com/mb143?a=6R8sYquPVx&i=26 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\v28h5hip.default\ FF - prefs.js: browser.search.selectedEngine - MyStart Search FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb143?a=6R8sYquPVx&i=26 FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb143/?loc=IB_DS&a=6R8sYquPVx&&i=26&search= FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6R8sYquPVx FF - user.js: extensions.incredibar_i.upn2n - 92824363556530923 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10643 FF - user.js: extensions.incredibar_i.ppd - 1 FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8sYquPVx&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - aef40f76000000000000cc52af994b29 FF - user.js: extensions.incredibar_i.instlDay - 15475 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:25 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false . - - - - ORPHANS REMOVED - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc] "ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Common Files\Motive\McciCMService.exe c:\program files (x86)\Common Files\Motive\McciContextHookShim.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-05-18 00:06:11 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-17 23:06 . Pre-Run: 532,696,829,952 bytes free Post-Run: 533,690,425,344 bytes free . - - End Of File - - F08225D8C9966C9986E0049E7ED252BA
  6. Many thanks for your reply. Sorry to be slow getting back, but I've been at work - this is a home laptop. I uninstalled Intellibar as suggested, and uninstalled firefox. When I opened IE to download a new Firefox, Mystart was in there too, and when I reinstalled Firefox it was back there too. It no longer appears in the Control Panel/Programs and Features, but I tried uninstalling both Firefox and IE. The latter included a reboot. I then reinstalled Firefox again, and Mystart is still there. Be grateful for further advice. Thanks
  7. Hi The above hijacked my Firefox browser earlier today, and I can't get rid of it. I've tried running both Malwarebyte (free edition, full scan) and Norton (my current protection software) but neither has got rid of it. I saw that you had helped someone else with this same infection, so I'm hoping you can help me too. I've run dds.scr as requested, and the content of the two files is below. Many thanks Famulus ============================================================================================================ DDS.txt . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Janet at 19:49:49 on 2012-05-16 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6092.3709 [GMT 1:00] . AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE C:\Windows\SysWOW64\ezSharedSvcHost.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Livedrive\VSSService.exe C:\Program Files (x86)\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\Web Assistant\ExtensionUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe C:\Windows\Explorer.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\System32\spool\drivers\x64\3\E_IATICDE.EXE C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files (x86)\Livedrive\Livedrive.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Users\Janet\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Olympus\ib\olycamdetect.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\RunDll32.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Windows\system32\vssvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mystart.incredibar.com/mb143?a=6R8sYquPVx&i=26 mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - C:\Program Files\Web Assistant\Extension32.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDE.EXE /FU "C:\Windows\TEMP\E_SFB0D.tmp" /EF "HKCU" uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s uRun: [Livedrive] "C:\Program Files (x86)\Livedrive\Livedrive.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [<NO NAME>] mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Olympus ib] "C:\Program Files (x86)\Olympus\ib\olycamdetect.exe" /Startup mRun: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0" mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime StartupFolder: C:\Users\Janet\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Janet\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Janet\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHILIP~1.LNK - C:\Program Files (x86)\Philips\SA28XX Device Manager\main.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: HideFastUserSwitching = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{A4CF3967-6FCF-4025-88BC-02AD51DF8D8A} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{A4CF3967-6FCF-4025-88BC-02AD51DF8D8A}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23 TCP: Interfaces\{A4CF3967-6FCF-4025-88BC-02AD51DF8D8A}\25963686D6F6E64602051627B60284F64756C6 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{A4CF3967-6FCF-4025-88BC-02AD51DF8D8A}\37471627B6562737 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A4CF3967-6FCF-4025-88BC-02AD51DF8D8A}\7756C636F6D65647F6865627D69647167656661627D6 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{F583F16B-C929-48A2-AD48-BAB4E76F2D46} : DhcpNameServer = 144.173.6.6 144.173.6.71 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll BHO-X64: Web Assistant Helper - No File BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll BHO-X64: Norton Identity Protection - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll BHO-X64: Incredibar.com Helper Object - No File BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO-X64: TSBHO Class - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll TB-X64: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [(Default)] mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Olympus ib] "C:\Program Files (x86)\Olympus\ib\olycamdetect.exe" /Startup mRun-x64: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0" mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\v28h5hip.default\ FF - prefs.js: browser.search.selectedEngine - MyStart Search FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb143?a=6R8sYquPVx&i=26 FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb143/?loc=IB_DS&a=6R8sYquPVx&&i=26&search= FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6R8sYquPVx FF - user.js: extensions.incredibar_i.upn2n - 92824363556530923 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10643 FF - user.js: extensions.incredibar_i.ppd - 1 FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8sYquPVx&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - aef40f76000000000000cc52af994b29 FF - user.js: extensions.incredibar_i.instlDay - 15475 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:25:50 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-5-9 1160824] R1 CbFs;CbFs;\??\C:\Windows\system32\drivers\cbfs.sys --> C:\Windows\system32\drivers\cbfs.sys [?] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120515.001\IDSviA64.sys [2012-5-16 488568] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1307000.009\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1307000.009\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-1-10 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-1-28 514232] R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-7 249672] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-12 13592] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-1-10 2413056] R2 LivedriveVSSService;Livedrive VSS Service;C:\Program Files (x86)\Livedrive\VSSService.exe [2012-2-7 210616] R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-7-12 517632] R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccsvchst.exe [2012-4-25 138232] R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-14 2358656] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-12 2656280] R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-5-15 185856] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-7 138360] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?] S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744] S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2012-05-16 11:42:59 -------- d-----w- C:\Users\Janet\AppData\Roaming\Malwarebytes 2012-05-16 11:42:45 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-05-16 11:42:45 -------- d-----w- C:\ProgramData\Malwarebytes 2012-05-16 11:42:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-05-15 10:25:49 -------- d-----w- C:\Program Files (x86)\Incredibar.com 2012-05-15 10:25:38 -------- d-----w- C:\Program Files\Web Assistant 2012-05-15 09:49:17 -------- d-----w- C:\Users\Janet\AppData\Roaming\Hemera 2012-05-15 09:49:17 -------- d-----w- C:\Program Files (x86)\GSP 2012-05-09 08:42:59 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-09 08:42:56 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-09 08:42:50 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-09 08:42:50 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-06 13:32:36 -------- d-----w- C:\Users\Janet\AppData\Local\Apple 2012-05-06 13:31:18 -------- d-----w- C:\Program Files (x86)\Serif Draw Plus 2012-05-01 17:57:42 -------- d-----w- C:\Users\Janet\AppData\Roaming\Temp 2012-04-30 10:43:45 -------- d-----w- C:\Program Files (x86)\GreenbeanSoft 2012-04-29 19:43:27 -------- d-----w- C:\Users\Janet\AppData\Roaming\KeePass 2012-04-29 19:41:07 -------- d-----w- C:\Program Files (x86)\KeePass Password Safe 2012-04-29 19:20:17 -------- d-sh--w- C:\~LD 2012-04-29 18:20:13 191960 ----a-w- C:\Windows\System32\drivers\cbfs.sys 2012-04-29 18:19:06 -------- d-----w- C:\Users\Janet\AppData\Local\Livedrive 2012-04-29 18:19:06 -------- d-----w- C:\Program Files (x86)\Livedrive 2012-04-25 10:13:40 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1307000.009\symds64.sys 2012-04-25 10:13:40 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\symnets.sys 2012-04-25 10:13:40 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\srtspx64.sys 2012-04-25 10:13:40 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\symefa64.sys 2012-04-25 10:13:39 737912 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\srtsp64.sys 2012-04-25 10:13:39 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\ironx64.sys 2012-04-25 10:13:38 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\ccsetx64.sys 2012-04-25 10:13:21 -------- d-----w- C:\Windows\System32\drivers\NISx64\1307000.009 . ==================== Find3M ==================== . 2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys 2012-03-26 11:52:26 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-03-03 06:29:57 1541120 ----a-w- C:\Windows\System32\DWrite.dll 2012-03-03 06:29:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll 2012-03-03 06:29:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2012-03-03 06:29:42 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll 2012-03-03 06:29:41 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-03-03 05:40:21 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-03-03 05:40:10 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2012-03-03 05:40:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-03-03 05:40:09 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2012-03-03 05:40:09 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-03-01 06:45:41 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-03-01 06:40:14 80896 ----a-w- C:\Windows\System32\imagehlp.dll 2012-03-01 06:35:16 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 19:50:37.62 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 30/05/2011 15:28:16 System Uptime: 16/05/2012 18:16:57 (1 hours ago) . Motherboard: Hewlett-Packard | | 1656 Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU1 | 2277/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 580 GiB total, 496.534 GiB free. D: is FIXED (NTFS) - 16 GiB total, 1.978 GiB free. E: is CDROM () F: is FIXED (FAT32) - 0 GiB total, 0.083 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP81: 29/04/2012 19:17:11 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 RP82: 29/04/2012 19:18:16 - Installed Livedrive RP83: 30/04/2012 11:42:51 - Installed Checkmark Personal Organizer RP84: 06/05/2012 14:27:41 - Installed Serif DrawPlus X4 RP85: 06/05/2012 14:32:44 - Installed QuickTime RP86: 10/05/2012 07:14:15 - Windows Update RP87: 15/05/2012 09:18:44 - Windows Update RP88: 15/05/2012 10:47:53 - Installed PhotoArt Vol 1 RP89: 15/05/2012 10:56:17 - Installed PhotoArt Vol 2 . ==== Installed Programs ====================== . Adobe AIR Adobe Community Help Adobe Digital Editions Adobe Download Assistant Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Illustrator CS5.1 Adobe Reader 9.3.3 MUI Adobe Shockwave Player 11.5 Agatha Christie - Peril at End House Amazon MP3 Downloader 1.0.9 Apple Application Support Apple Software Update Audacity 1.2.6 Bejeweled 2 Deluxe Bing Bar Blackhawk Striker 2 Blasterball 3 Bounce Symphony BT Broadband Desktop Help BTHomeHub Cake Mania Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All Catalyst Control Center Profiles Mobile ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai Checkmark Personal Organizer Chuzzle Deluxe CyberLink DVD Suite CyberLink YouCam D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DM_Install Dora's World Adventure Dropbox Energy Star Digital Logo ESU for Microsoft Windows 7 Farm Frenzy FATE Final Drive Nitro GoToAssist Corporate Hewlett-Packard ACLM.NET v1.1.2.0 Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2548139) Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2635973) HP CloudDrive HP Customer Experience Enhancements HP Documentation HP Game Console HP Games HP On Screen Display HP Power Manager HP Quick Launch HP Setup HP Setup Manager HP SimplePass 2011 HP Software Framework HP Support Assistant IDT Audio IIS 7.5 Express Incredibar Toolbar on IE Intel® Control Center Intel® Display Audio Driver Intel® Management Engine Components Intel® Rapid Storage Technology Java Auto Updater Java Media Framework 2.1.1e Java 6 Update 22 Juniper Networks Setup Client Juniper Networks Setup Client Activex Control Juniper Networks UAC Host Checker Junk Mail filter update KeePass Password Safe 1.22 LabelPrint LightScribe System Software Lizard Safeguard - PDF Viewer 2.6.9 LSHTM Remote Desktop 2.0 M366 Course Software Magic Desktop Malwarebytes Anti-Malware version 1.61.0.1400 Mesh Runtime Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft ASP.NET MVC 2 Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools Microsoft ASP.NET MVC 3 Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools Update Microsoft ASP.NET Web Pages Microsoft ASP.NET Web Pages - VWD Express 2010 Tools Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft Silverlight 4 SDK Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server Browser Microsoft SQL Server Compact 4.0 Web Tools ENU Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft SQL Server System CLR Types Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Service Pack 1 Microsoft Visual Web Developer 2010 Express - ENU Microsoft WebMatrix Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 MiKTeX 2.8 Moneydance 2011.791 Mozilla Firefox 9.0.1 (x86 en-GB) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Mystery P.I. - The London Caper NetLogo 3.1.4 Norton Internet Security NuGet OLYMPUS Digital Camera Updater Olympus ib OLYMPUS Viewer 2 PDF Settings CS5 Penguins! PhotoArt Vol 1 PhotoArt Vol 2 PictureMover Plants vs. Zombies Poker Superstars III Polar Bowler Polar Golfer Power2Go PX Profile Update QuickTime Realtek Ethernet Controller Driver Realtek PCIE Card Reader Recovery Manager Renesas Electronics USB 3.0 Host Controller Driver Samsung Kies Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Serif DrawPlus Starter Edition Serif DrawPlus X4 Skype™ 4.2 Solitaire Plus! version 2.4.3 TeamViewer 6 UltraEdit Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Virtual Villagers 4 - The Tree of Life Visual Studio 2010 SP1 Tools for SQL Server Compact 4.0 ENU WCF RIA Services V1.0 SP1 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources World Cup Cricket 20-20 Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 16/05/2012 18:22:25, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 16/05/2012 12:35:01, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 16/05/2012 12:35:01, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 16/05/2012 12:35:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 16/05/2012 10:12:27, Error: Service Control Manager [7000] - The MRESP50a64 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified. 09/05/2012 15:27:22, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.