Jump to content

Search the Community

Showing results for tags 'mysearch'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 3 results

  1. What is Sports Addict?The Malwarebytes research team has determined that Sports Addict is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Sports Addict is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by Sports Addict?You may see these browser extensions/add-ons:these warnings during install:and this new setting:You will see this icon in your browsers menu-bar:and this new homepage in the affected browsers:How did Sports Addict get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their websiteand the Chrome extension was also available in the webstore:How do I remove Sports Addict?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Sports Addict? No, Malwarebytes' Anti-Malware removes Sports Addict completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Sports Addict hijacker. It would have blocked traffic to their domains: Technical details for expertsPossible signs in a FRST log: FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_oqMembers_@sportsaddict.thewhizproducts.com.xpi [2018-10-08] CHR Extension: (Sports Addict) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal [2018-10-08] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0 Adds the file dynamicNewTab.html"="4/10/2018 9:22 AM, 1136 bytes, A Adds the file manifest.json"="10/8/2018 10:17 AM, 2594 bytes, A Adds the file productnewtab.html"="4/10/2018 9:22 AM, 1136 bytes, A Adds the file stubby.html"="4/10/2018 9:22 AM, 1137 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\_metadata Adds the file computed_hashes.json"="10/8/2018 10:17 AM, 4670 bytes, A Adds the file verified_contents.json"="4/10/2018 9:22 AM, 5391 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\config Adds the file config.json"="4/10/2018 9:22 AM, 1972 bytes, A Adds the file extension-config.json"="4/10/2018 9:22 AM, 1114 bytes, A Adds the file extension-dev-config.json"="4/10/2018 9:22 AM, 1236 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons Adds the file icon128.png"="10/8/2018 10:17 AM, 4217 bytes, A Adds the file icon16.png"="4/10/2018 9:22 AM, 562 bytes, A Adds the file icon19disabled.png"="4/10/2018 9:22 AM, 344 bytes, A Adds the file icon19on.png"="10/8/2018 10:17 AM, 715 bytes, A Adds the file icon48.png"="10/8/2018 10:17 AM, 2108 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js Adds the file ajax.js"="4/10/2018 9:22 AM, 2250 bytes, A Adds the file b2b-partner-tracking.js"="4/10/2018 9:22 AM, 11023 bytes, A Adds the file background.js"="4/10/2018 9:22 AM, 21158 bytes, A Adds the file chrome.js"="4/10/2018 9:22 AM, 180 bytes, A Adds the file content_script.js"="4/10/2018 9:22 AM, 5815 bytes, A Adds the file dlp.js"="4/10/2018 9:22 AM, 5690 bytes, A Adds the file dlpHelper.js"="4/10/2018 9:22 AM, 1836 bytes, A Adds the file extension_detect.js"="4/10/2018 9:22 AM, 4343 bytes, A Adds the file genericLoadRemoteSettings.js"="4/10/2018 9:22 AM, 2908 bytes, A Adds the file index.js"="4/10/2018 9:22 AM, 82 bytes, A Adds the file initOfferCEF.js"="4/10/2018 9:22 AM, 8991 bytes, A Adds the file logger.js"="4/10/2018 9:22 AM, 575 bytes, A Adds the file offerService.js"="4/10/2018 9:22 AM, 13159 bytes, A Adds the file pageUtils.js"="4/10/2018 9:22 AM, 1811 bytes, A Adds the file PartnerId.js"="4/10/2018 9:22 AM, 16439 bytes, A Adds the file product.js"="4/10/2018 9:22 AM, 4511 bytes, A Adds the file storage.js"="4/10/2018 9:22 AM, 1675 bytes, A Adds the file TabManager.js"="4/10/2018 9:22 AM, 189 bytes, A Adds the file TemplateParser.js"="4/10/2018 9:22 AM, 3080 bytes, A Adds the file ul.js"="4/10/2018 9:22 AM, 3862 bytes, A Adds the file urlFragmentActions.js"="4/10/2018 9:22 AM, 2521 bytes, A Adds the file urlUtils.js"="4/10/2018 9:22 AM, 5385 bytes, A Adds the file util.js"="4/10/2018 9:22 AM, 4027 bytes, A Adds the file webtooltabAPI.js"="4/10/2018 9:22 AM, 8762 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal Adds the file 000003.log"="10/8/2018 10:18 AM, 5584 bytes, A Adds the file CURRENT"="10/8/2018 10:17 AM, 16 bytes, A Adds the file LOCK"="10/8/2018 10:17 AM, 0 bytes, A Adds the file LOG"="10/8/2018 10:18 AM, 412 bytes, A Adds the file LOG.old"="10/8/2018 10:17 AM, 185 bytes, A Adds the file MANIFEST-000001"="10/8/2018 10:17 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_oqMembers_@sportsaddict.thewhizproducts.com Adds the file storage.js"="10/8/2018 10:18 AM, 2717 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _oqMembers_@sportsaddict.thewhizproducts.com.xpi"="10/8/2018 10:17 AM, 50256 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "ophjmddaoidnhjpfjiipefgmjcjfbgal"="REG_SZ", "59B5791C85F86789C627FFC406FAAE922720796DF74BB66E59718503E133833A" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/8/18 Scan Time: 10:08 AM Log File: 46094d32-cad1-11e8-ad3f-00ffdcc6fdfc.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.441 Update Package Version: 1.0.7239 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 238649 Threats Detected: 55 Threats Quarantined: 55 Time Elapsed: 2 min, 34 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 8 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_oqMembers_@sportsaddict.thewhizproducts.com, Quarantined, [1702], [468075],1.0.7239 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\_metadata, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\config, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OPHJMDDAOIDNHJPFJIIPEFGMJCJFBGAL, Quarantined, [1702], [467555],1.0.7239 File: 47 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_oqMembers_@sportsaddict.thewhizproducts.com.xpi, Quarantined, [1702], [457930],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_oqMembers_@sportsaddict.thewhizproducts.com\storage.js, Quarantined, [1702], [468075],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal\000003.log, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal\CURRENT, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal\LOCK, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal\LOG, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal\MANIFEST-000001, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OPHJMDDAOIDNHJPFJIIPEFGMJCJFBGAL\13.421.12.64295_0\MANIFEST.JSON, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\config\config.json, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\config\extension-config.json, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\config\extension-dev-config.json, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons\icon128.png, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons\icon16.png, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons\icon19disabled.png, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons\icon19on.png, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons\icon48.png, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\logger.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\ajax.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\b2b-partner-tracking.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\background.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\chrome.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\content_script.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\dlp.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\dlpHelper.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\extension_detect.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\genericLoadRemoteSettings.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\index.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\initOfferCEF.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\offerService.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\pageUtils.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\PartnerId.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\product.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\storage.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\TabManager.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\TemplateParser.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\ul.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\urlFragmentActions.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\urlUtils.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\util.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\webtooltabAPI.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\_metadata\computed_hashes.json, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\_metadata\verified_contents.json, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\dynamicNewTab.html, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\productnewtab.html, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\stubby.html, Quarantined, [1702], [467555],1.0.7239 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is Seen On Screen?The Malwarebytes research team has determined that Seen On Screen is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Seen On Screen is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by Seen On Screen?You may see this Chrome extension:these warnings during install:and this new homepage in the affected browsers:How did Seen On Screen get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.but is also available on the webstore:How do I remove Seen On Screen?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Seen On Screen? If you are using an older version of Malwarebytes, you may have to remove the Chrome extension manually under Tools > More Tools > Extensions. Click on the bin behind the Seen On Screen entry and confirm Removein the prompt. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Seen On Screen hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in a FRST log: CHR Extension: (Seen On Screen) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nompbhgcimpkfinehmhoffjghjaimcoj [2018-03-19] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nompbhgcimpkfinehmhoffjghjaimcoj\13.321.12.20489_0 Adds the file dynamicNewTab.html"="11/9/2017 10:22 PM, 932 bytes, A Adds the file manifest.json"="3/19/2018 9:00 AM, 2484 bytes, A Adds the file product.html"="11/9/2017 10:22 PM, 932 bytes, A Adds the file stubby.html"="11/9/2017 10:22 PM, 932 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nompbhgcimpkfinehmhoffjghjaimcoj\13.321.12.20489_0\_metadata Adds the file computed_hashes.json"="3/19/2018 9:00 AM, 3881 bytes, A Adds the file verified_contents.json"="11/10/2017 3:33 PM, 4749 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nompbhgcimpkfinehmhoffjghjaimcoj\13.321.12.20489_0\config Adds the file config.json"="11/10/2017 3:33 PM, 1772 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nompbhgcimpkfinehmhoffjghjaimcoj\13.321.12.20489_0\icons Adds the file icon128.png"="3/19/2018 9:00 AM, 11153 bytes, A Adds the file icon16.png"="11/9/2017 10:22 PM, 778 bytes, A Adds the file icon19disabled.png"="11/9/2017 10:22 PM, 536 bytes, A Adds the file icon19on.png"="3/19/2018 9:00 AM, 1006 bytes, A Adds the file icon48.png"="3/19/2018 9:00 AM, 3915 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nompbhgcimpkfinehmhoffjghjaimcoj\13.321.12.20489_0\js Adds the file ajax.js"="11/9/2017 10:22 PM, 2250 bytes, A Adds the file b2b-partner-tracking.js"="11/10/2017 6:55 PM, 11053 bytes, A Adds the file background.js"="11/10/2017 3:33 PM, 19852 bytes, A Adds the file chrome.js"="11/9/2017 10:22 PM, 180 bytes, A Adds the file content_script.js"="11/9/2017 10:22 PM, 5917 bytes, A Adds the file dlp.js"="11/9/2017 10:22 PM, 5690 bytes, A Adds the file dlpHelper.js"="11/9/2017 10:22 PM, 1836 bytes, A Adds the file extension_detect.js"="11/9/2017 10:22 PM, 4343 bytes, A Adds the file index.js"="11/9/2017 10:22 PM, 82 bytes, A Adds the file logger.js"="11/9/2017 10:22 PM, 575 bytes, A Adds the file pageUtils.js"="11/9/2017 10:22 PM, 2241 bytes, A Adds the file product.js"="11/9/2017 10:22 PM, 4434 bytes, A Adds the file storage.js"="11/9/2017 10:22 PM, 1675 bytes, A Adds the file TabManager.js"="11/9/2017 10:22 PM, 189 bytes, A Adds the file TemplateParser.js"="11/9/2017 10:22 PM, 3080 bytes, A Adds the file ul.js"="11/10/2017 3:33 PM, 3862 bytes, A Adds the file urlFragmentActions.js"="11/9/2017 10:22 PM, 2521 bytes, A Adds the file urlUtils.js"="11/9/2017 10:22 PM, 5385 bytes, A Adds the file util.js"="11/10/2017 3:33 PM, 4877 bytes, A Adds the file webtooltabAPI.js"="11/9/2017 10:22 PM, 8357 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nompbhgcimpkfinehmhoffjghjaimcoj\13.321.12.20489_0\libs Adds the file PartnerId.js"="11/9/2017 10:22 PM, 22130 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nompbhgcimpkfinehmhoffjghjaimcoj Adds the file 000003.log"="3/19/2018 9:00 AM, 0 bytes, A Adds the file CURRENT"="3/19/2018 9:00 AM, 16 bytes, A Adds the file LOCK"="3/19/2018 9:00 AM, 0 bytes, A Adds the file LOG"="3/19/2018 9:00 AM, 0 bytes, A Adds the file MANIFEST-000001"="3/19/2018 9:00 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "nompbhgcimpkfinehmhoffjghjaimcoj"="REG_SZ", "C0304E5457A80905FB1ED252E63F54321143E6972F969FDF252A1E271765AAC2" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/19/18 Scan Time: 9:08 AM Log File: ba2397c5-2b4c-11e8-8c65-080027235d76.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.4406 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 243932 Threats Detected: 48 Threats Quarantined: 48 Time Elapsed: 2 min, 45 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 8 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jifpmgjhiagbmhjdefllbmdjcaidnlpd, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\_metadata, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\config, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\icons, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\libs, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JIFPMGJHIAGBMHJDEFLLBMDJCAIDNLPD, Quarantined, [504], [443165],1.0.4406 File: 40 PUP.Optional.SeenOnScreen, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jifpmgjhiagbmhjdefllbmdjcaidnlpd\000003.log, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jifpmgjhiagbmhjdefllbmdjcaidnlpd\CURRENT, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jifpmgjhiagbmhjdefllbmdjcaidnlpd\LOCK, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jifpmgjhiagbmhjdefllbmdjcaidnlpd\LOG, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jifpmgjhiagbmhjdefllbmdjcaidnlpd\MANIFEST-000001, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JIFPMGJHIAGBMHJDEFLLBMDJCAIDNLPD\13.321.12.20489_0\MANIFEST.JSON, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\config\config.json, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\icons\icon128.png, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\icons\icon16.png, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\icons\icon19disabled.png, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\icons\icon19on.png, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\icons\icon48.png, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\ajax.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\b2b-partner-tracking.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\background.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\chrome.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\content_script.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\dlp.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\dlpHelper.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\extension_detect.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\index.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\logger.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\pageUtils.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\product.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\storage.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\TabManager.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\TemplateParser.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\ul.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\urlFragmentActions.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\urlUtils.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\util.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\js\webtooltabAPI.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\libs\PartnerId.js, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\_metadata\computed_hashes.json, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\_metadata\verified_contents.json, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\dynamicNewTab.html, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\product.html, Quarantined, [504], [443165],1.0.4406 PUP.Optional.SeenOnScreen, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjcaidnlpd\13.321.12.20489_0\stubby.html, Quarantined, [504], [443165],1.0.4406 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. I'm infected with mysearch incredibar. My pc has slowed down to a crawl. Help would be greatly appreciated. OTL log is posted below. OTL logfile created on: 4/30/2012 10:25:27 PM - Run 2 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\fearless\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.97 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 42.76% Memory free 7.93 Gb Paging File | 5.20 Gb Available in Paging File | 65.63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116.44 Gb Total Space | 47.77 Gb Free Space | 41.03% Space Free | Partition Type: NTFS Drive D: | 334.67 Gb Total Space | 279.18 Gb Free Space | 83.42% Space Free | Partition Type: NTFS Computer Name: EXECUTIONER | User Name: fearless | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/03/25 23:14:03 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\fearless\Downloads\OTL.scr PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe PRC - [2011/09/26 21:56:16 | 000,292,136 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe PRC - [2011/09/26 21:56:14 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe PRC - [2011/09/14 09:48:20 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe PRC - [2011/09/14 09:48:18 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010/11/15 16:50:58 | 000,211,968 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/09/08 10:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe PRC - [2010/07/28 08:07:16 | 002,404,488 | ---- | M] (mobile concepts GmbH) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe PRC - [2010/07/25 02:26:02 | 000,884,736 | ---- | M] () -- C:\Users\fearless\AppData\Local\TVersity\Media Server\MediaServer.exe PRC - [2010/07/20 17:54:04 | 000,205,312 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE PRC - [2010/05/17 11:12:24 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010/01/31 05:07:00 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2009/11/02 18:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/10/09 14:27:44 | 006,937,216 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009/09/25 13:24:36 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe PRC - [2009/09/24 17:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe PRC - [2009/08/20 00:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe PRC - [2009/08/12 12:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe PRC - [2009/06/24 16:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe PRC - [2009/06/19 14:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe PRC - [2009/06/19 14:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2009/06/15 21:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe PRC - [2009/05/18 19:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008/12/22 21:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe PRC - [2008/08/14 01:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2008/08/05 20:16:40 | 000,286,720 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe PRC - [2008/03/31 06:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007/11/30 15:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe PRC - [2007/08/08 04:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ========== Modules (No Company Name) ========== MOD - [2012/04/27 23:14:57 | 008,743,584 | ---- | M] () -- C:\Users\fearless\AppData\Local\Google\Chrome\USERDA~1\NPAPIF~1\gcswf32.dll MOD - [2012/04/27 23:14:57 | 008,743,584 | ---- | M] () -- C:\Users\fearless\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll MOD - [2012/04/12 03:37:34 | 000,444,400 | ---- | M] () -- C:\Users\fearless\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll MOD - [2012/04/12 03:37:33 | 003,915,248 | ---- | M] () -- C:\Users\fearless\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll MOD - [2012/04/12 03:36:08 | 000,122,880 | ---- | M] () -- C:\Users\fearless\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll MOD - [2012/04/12 03:36:06 | 000,220,672 | ---- | M] () -- C:\Users\fearless\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll MOD - [2012/04/12 03:36:05 | 001,747,456 | ---- | M] () -- C:\Users\fearless\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2009/11/02 18:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 18:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009/09/24 17:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe MOD - [2008/08/05 20:16:40 | 000,286,720 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe MOD - [2008/08/05 20:16:18 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\calcy.dll MOD - [2008/08/05 20:16:12 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\weby.dll MOD - [2008/08/05 20:16:00 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\runner.dll MOD - [2008/08/05 20:15:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Launchy\platform_win.dll MOD - [2008/08/05 20:15:38 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\gcalc.dll MOD - [2008/05/24 13:31:20 | 007,061,504 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtGui4.dll MOD - [2008/05/24 13:20:32 | 000,561,152 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtNetwork4.dll MOD - [2008/05/24 13:19:38 | 001,961,984 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtCore4.dll MOD - [2007/11/30 15:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe MOD - [2007/06/15 14:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll MOD - [2007/06/01 21:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/16 18:54:17 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2010/09/08 10:42:42 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV:64bit: - [2010/07/28 08:07:16 | 002,404,488 | ---- | M] (mobile concepts GmbH) [Auto | Running] -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc) SRV:64bit: - [2009/09/17 15:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2007/08/08 04:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5) SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice) SRV - [2011/12/10 04:20:23 | 000,948,775 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv) SRV - [2011/09/26 21:56:16 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service) SRV - [2011/09/26 21:56:14 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service) SRV - [2011/09/14 09:48:18 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD) SRV - [2010/12/16 14:09:09 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/11/15 16:50:58 | 000,211,968 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe -- (M4iPodWPDService) SRV - [2010/09/08 10:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe -- (WDFME) SRV - [2010/09/08 10:44:42 | 000,485,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe -- (WDSC) SRV - [2010/07/25 02:26:02 | 000,884,736 | ---- | M] () [Auto | Running] -- C:\Users\fearless\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer) SRV - [2010/07/20 17:54:04 | 000,205,312 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE -- (M4LIC) SRV - [2010/06/02 16:06:52 | 000,120,712 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint) SRV - [2010/05/17 11:12:24 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010/01/27 12:22:02 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn) SRV - [2009/09/14 21:03:42 | 000,044,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService) SRV - [2009/06/15 21:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/03/31 06:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011/08/02 00:00:20 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2011/06/27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011/04/12 13:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/23 16:50:14 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/10/07 16:39:18 | 000,307,888 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS -- (MDFSYSNT) DRV:64bit: - [2010/10/02 10:50:12 | 000,090,112 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2010/09/30 13:53:20 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd) DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/09/13 15:07:38 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2010/08/16 15:31:18 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2010/08/16 15:31:16 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2010/07/15 08:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:64bit: - [2010/07/15 08:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:64bit: - [2010/07/07 11:26:46 | 000,050,696 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2) DRV:64bit: - [2010/06/02 16:07:10 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV:64bit: - [2010/05/13 18:05:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2010/02/25 17:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010/01/31 05:06:55 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:64bit: - [2010/01/27 12:22:02 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV:64bit: - [2010/01/27 12:21:36 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr) DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt) DRV:64bit: - [2009/11/13 09:47:38 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009/10/15 05:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009/09/28 02:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter) DRV:64bit: - [2009/08/21 02:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009/08/06 17:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/07/20 05:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009/07/17 04:52:01 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/09 18:45:11 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel® DRV:64bit: - [2009/06/10 16:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009/06/10 16:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/12 21:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2008/12/08 17:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2008/05/23 21:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007/07/24 15:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor) DRV - [2011/09/20 14:27:44 | 000,021,872 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter) DRV - [2011/09/20 14:27:38 | 000,033,184 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter) DRV - [2011/09/16 10:36:34 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/10/22 23:31:26] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2011/09/14 09:48:19 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD) DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2010/01/27 12:22:02 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com IE - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6Oysx20Cp4&i=26 IE - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 89.109.54.91 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "http://mystart.incredibar.com/mb119?a=6Oysx20Cp4&i=26" FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: chachaguidebar@chacha.com:1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb119/?loc=IB_DS&a=6Oysx20Cp4&&i=26&search=" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 4444 FF - prefs.js..network.proxy.type: 0 FF - user.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.1.3 FF - user.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - user.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - user.js..extensions.enabledItems: chachaguidebar@chacha.com:1.2 FF - user.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - user.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - user.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js..network.proxy.http: "localhost" FF - user.js..network.proxy.http_port: 4444 FF - user.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.1: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\fearless\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\fearless\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\fearless\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\fearless\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/22 21:55:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/07/11 22:35:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/02 01:13:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/11 22:34:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/11 06:17:24 | 000,000,000 | ---D | M] [2010/05/07 15:24:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fearless\AppData\Roaming\mozilla\Extensions [2012/03/24 00:32:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fearless\AppData\Roaming\mozilla\Firefox\Profiles\8r6m1qyi.default\extensions [2010/06/22 13:02:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\fearless\AppData\Roaming\mozilla\Firefox\Profiles\8r6m1qyi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010/06/14 17:39:04 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\fearless\AppData\Roaming\mozilla\Firefox\Profiles\8r6m1qyi.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2010/09/04 20:18:02 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Users\fearless\AppData\Roaming\mozilla\Firefox\Profiles\8r6m1qyi.default\extensions\chachaguidebar@chacha.com [2012/04/04 18:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fearless\AppData\Roaming\mozilla\Firefox\Profiles\8r6m1qyi.default\extensions\ffxtlbr@incredibar.com [2011/10/22 21:32:36 | 000,000,000 | ---D | M] (Iplex to ALLPlayer) -- C:\Users\fearless\AppData\Roaming\mozilla\Firefox\Profiles\8r6m1qyi.default\extensions\IplextoALL@ALLPlayer.org [2010/10/27 12:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fearless\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions [2010/10/27 12:33:59 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\fearless\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/02/11 02:19:28 | 000,002,203 | ---- | M] () -- C:\Users\fearless\AppData\Roaming\Mozilla\Firefox\Profiles\8r6m1qyi.default\searchplugins\MyStart Search.xml [2012/03/02 16:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/07/20 16:56:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/19 21:17:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010/12/22 13:56:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/02/22 11:26:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/06/09 21:34:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012/03/02 16:08:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012/01/02 01:13:56 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012/03/22 21:55:23 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\np32asw.dll [2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\np32asw.dll [2010/10/06 20:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2012/03/02 16:08:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010/10/06 20:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\fearless\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\fearless\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\fearless\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\fearless\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Authorware Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\fearless\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\fearless\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: WPI Detector 1.1 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Users\fearless\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\fearless\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: avast! WebRep = C:\Users\fearless\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\fearless\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\fearless\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/04/07 16:11:54 | 000,442,124 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15190 more lines... O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Reg Error: Value error.) - {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} - C:\Program Files\Mediafour\XPlay 3\XPBHO.DLL (Mediafour Corporation) O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [iObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RiccoVPN] File not found O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-894866996-3635588399-3167457420-1001..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit) O4 - HKU\S-1-5-21-894866996-3635588399-3167457420-1001..\Run: [ALLUpdate] C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-894866996-3635588399-3167457420-1001..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs) O4 - HKU\S-1-5-21-894866996-3635588399-3167457420-1001..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe -update plugin File not found O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe -update plugin File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\fearless\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\fearless\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites) O15 - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75BAFEBC-A1D9-41AA-99C9-9A9D191299DB}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\MCPClient: DllName - (C:\PROGRA~2\COMMON~1\Stardock\mcpstub.dll) - C:\Program Files (x86)\Common Files\Stardock\MCPStub.dll (Stardock) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files (x86)\Common Files\Stardock\MCPCore.dll (Stardock) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/04 19:40:47 | 000,000,000 | ---D | C] -- C:\Users\fearless\AppData\Local\Trusteer ========== Files - Modified Within 30 Days ========== [2012/04/30 22:29:20 | 000,114,339 | ---- | M] () -- C:\Users\fearless\Documents\COMPUTER BAD SHAPE IMPORTANT.rtf [2012/04/30 22:19:59 | 000,257,853 | ---- | M] () -- C:\Users\fearless\Documents\COMPUTER BAD SHAPE.rtf [2012/04/30 22:12:15 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/30 22:12:14 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-894866996-3635588399-3167457420-1001UA.job [2012/04/30 22:11:34 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/30 22:11:30 | 000,000,454 | ---- | M] () -- C:\Windows\SysWow64\tversity.cookies [2012/04/30 16:31:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/30 16:31:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/30 16:14:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/30 16:14:21 | 3193,864,192 | -HS- | M] () -- C:\hiberfil.sys [2012/04/30 02:56:19 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-894866996-3635588399-3167457420-1001Core.job [2012/04/30 00:40:24 | 000,002,985 | ---- | M] () -- C:\Users\fearless\Documents\SEX PHRASES.rtf [2012/04/20 01:36:35 | 000,000,855 | ---- | M] () -- C:\Users\fearless\Documents\tablet.rtf [2012/04/14 22:43:49 | 000,872,762 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/04/14 22:43:49 | 000,726,668 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/04/14 22:43:49 | 000,146,654 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/04/14 22:42:05 | 000,005,951 | ---- | M] () -- C:\Users\fearless\Documents\DOCTORS.rtf [2012/04/09 03:04:45 | 000,466,586 | ---- | M] () -- C:\Users\Public\Documents\PHYSICAL OBJECTS 7.rtf [2012/04/08 23:33:54 | 000,034,617 | ---- | M] () -- C:\Users\fearless\Documents\ME 3.rtf [2012/04/08 23:06:54 | 000,053,852 | ---- | M] () -- C:\Users\fearless\Documents\IMPORTANT 9.rtf [2012/04/08 22:47:39 | 000,128,602 | ---- | M] () -- C:\Users\Public\Documents\WEBSITES 2.rtf [2012/04/08 21:49:44 | 000,100,491 | ---- | M] () -- C:\Users\Public\Documents\PEOPLE IN HISTORY 4.rtf [2012/04/08 21:36:59 | 000,022,056 | ---- | M] () -- C:\Users\fearless\Documents\A AGENCIES, GROUPS, COUNCILS 2.rtf [2012/04/08 19:48:41 | 000,132,099 | ---- | M] () -- C:\Users\Public\Documents\WORLD NEWS 3.rtf [2012/04/08 12:10:38 | 000,065,368 | ---- | M] () -- C:\Users\Public\Documents\WORK RELATIONSHIPS.rtf [2012/04/07 16:11:54 | 000,442,124 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/04/04 22:56:28 | 000,435,104 | ---- | M] () -- C:\Users\fearless\Documents\IMPORTANT 8.rtf [2012/04/01 02:50:13 | 000,003,058 | ---- | M] () -- C:\Users\fearless\Documents\SHROOMZ.rtf ========== Files Created - No Company Name ========== [2012/04/17 00:33:21 | 000,114,339 | ---- | C] () -- C:\Users\fearless\Documents\COMPUTER BAD SHAPE IMPORTANT.rtf [2012/04/09 03:42:44 | 000,257,853 | ---- | C] () -- C:\Users\fearless\Documents\COMPUTER BAD SHAPE.rtf [2012/04/04 23:08:12 | 000,053,852 | ---- | C] () -- C:\Users\fearless\Documents\IMPORTANT 9.rtf [2011/12/10 03:59:09 | 000,000,112 | ---- | C] () -- C:\Windows\wininit.ini [2011/10/22 21:32:51 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011/10/22 21:32:51 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2010/11/13 15:41:07 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\UnCasino5.exe [2010/11/05 22:08:41 | 000,000,088 | ---- | C] () -- C:\Windows\galaxy.ini [2010/10/31 12:08:57 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010/10/30 00:49:09 | 002,217,088 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2010/10/30 00:49:09 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2010/10/30 00:49:09 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2010/10/30 00:49:09 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2010/10/30 00:49:09 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2010/10/30 00:25:35 | 000,014,976 | ---- | C] () -- C:\Windows\SysWow64\drivers\SBKUPNT.SYS [2010/10/30 00:25:35 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\DEVLOAD.EXE [2010/10/30 00:25:34 | 000,000,543 | ---- | C] () -- C:\Windows\SWISV3.INI [2010/10/30 00:25:17 | 000,000,287 | ---- | C] () -- C:\Windows\SKNIFE.INI [2010/10/30 00:25:08 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI [2010/09/25 20:23:32 | 000,000,036 | ---- | C] () -- C:\Users\fearless\AppData\Local\housecall.guid.cache [2010/09/17 22:05:04 | 000,866,978 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/07/02 12:41:34 | 000,004,608 | ---- | C] () -- C:\Users\fearless\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/20 15:25:47 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys [2010/05/05 05:51:10 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini ========== LOP Check ========== [2011/04/27 23:44:12 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer [2011/04/27 23:44:12 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer [2010/06/03 14:45:21 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\.anomos [2011/02/25 01:10:18 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Acoustica [2010/06/22 15:22:08 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Asus WebStorage [2010/06/22 15:22:08 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Azureus [2011/03/12 15:34:21 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\BBC Alerts [2011/03/19 22:32:21 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\ChromePlus [2011/07/12 00:35:23 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2010/08/10 20:36:15 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Disk Cleaner [2010/08/12 12:06:21 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Dropbox [2012/04/18 08:32:51 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\DVDVideoSoft [2011/02/10 19:37:36 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\DVDVideoSoftIEHelpers [2011/02/28 21:15:40 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\EeeStorageUploader [2011/12/10 00:43:18 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\FMZilla [2011/12/10 00:52:59 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\foobar2000 [2011/06/28 23:20:40 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\GetRightToGo [2010/11/08 20:53:35 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\I2P [2011/12/10 02:47:45 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\IObit [2011/05/01 01:16:40 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Launchy [2010/11/05 20:45:56 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\MAGIX [2010/06/22 15:22:08 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Maxthon2 [2011/03/12 15:52:28 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\mioObjects [2010/11/06 13:38:06 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\MotioninJoy [2010/09/01 22:00:29 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\MusicNet [2011/03/19 13:54:34 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\MxBoost [2010/05/05 14:46:57 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\nomp [2010/06/11 15:55:41 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\OpenDNS Updater [2011/03/19 13:46:27 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Opera [2012/04/04 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Orbit [2010/05/20 19:14:35 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\PenProtect [2010/11/05 19:56:06 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\ProgSense [2011/04/23 23:34:31 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\r2 Studios [2010/09/01 22:00:29 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Raptr [2011/05/30 01:32:07 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Sammsoft [2011/12/10 00:36:03 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\SanDisk [2011/03/12 15:16:58 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\scriptocean [2011/07/10 22:56:37 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Skinux [2011/06/29 00:09:48 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Smart Brightness Controller [2010/05/17 16:48:44 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\SoundSpectrum [2012/04/07 17:27:59 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Spyware Terminator [2011/04/24 19:41:30 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Stardock [2010/06/22 15:22:09 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Stellarium [2011/02/28 00:47:48 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\SynthMaker [2011/04/23 23:52:38 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Thinking Minds Budiling Bytes [2011/08/01 23:58:41 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\TrueCrypt [2011/04/04 22:49:20 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Trusteer [2011/07/11 23:52:20 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Visan [2010/06/24 16:43:55 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\WindSolutions [2011/08/21 03:55:28 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34 @Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8 < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.