Jump to content

Mystart.intellibar - virus infection?


Recommended Posts

Hi

The above hijacked my Firefox browser earlier today, and I can't get rid of it. I've tried running both Malwarebyte (free edition, full scan) and Norton (my current protection software) but neither has got rid of it.

I saw that you had helped someone else with this same infection, so I'm hoping you can help me too. I've run dds.scr as requested, and the content of the two files is below.

Many thanks

Famulus

============================================================================================================

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Janet at 19:49:49 on 2012-05-16

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6092.3709 [GMT 1:00]

.

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Livedrive\VSSService.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe

c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\System32\spool\drivers\x64\3\E_IATICDE.EXE

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Livedrive\Livedrive.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Users\Janet\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Olympus\ib\olycamdetect.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\RunDll32.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\system32\vssvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://mystart.incredibar.com/mb143?a=6R8sYquPVx&i=26

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - C:\Program Files\Web Assistant\Extension32.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL

BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll

BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll

TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDE.EXE /FU "C:\Windows\TEMP\E_SFB0D.tmp" /EF "HKCU"

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s

uRun: [Livedrive] "C:\Program Files (x86)\Livedrive\Livedrive.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [<NO NAME>]

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Olympus ib] "C:\Program Files (x86)\Olympus\ib\olycamdetect.exe" /Startup

mRun: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

StartupFolder: C:\Users\Janet\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Janet\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Janet\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHILIP~1.LNK - C:\Program Files (x86)\Philips\SA28XX Device Manager\main.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A4CF3967-6FCF-4025-88BC-02AD51DF8D8A} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A4CF3967-6FCF-4025-88BC-02AD51DF8D8A}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23

TCP: Interfaces\{A4CF3967-6FCF-4025-88BC-02AD51DF8D8A}\25963686D6F6E64602051627B60284F64756C6 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A4CF3967-6FCF-4025-88BC-02AD51DF8D8A}\37471627B6562737 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{A4CF3967-6FCF-4025-88BC-02AD51DF8D8A}\7756C636F6D65647F6865627D69647167656661627D6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{F583F16B-C929-48A2-AD48-BAB4E76F2D46} : DhcpNameServer = 144.173.6.6 144.173.6.71

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll

BHO-X64: Web Assistant Helper - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll

BHO-X64: Incredibar.com Helper Object - No File

BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO-X64: TSBHO Class - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll

TB-X64: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [(Default)]

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Olympus ib] "C:\Program Files (x86)\Olympus\ib\olycamdetect.exe" /Startup

mRun-x64: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"

mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\v28h5hip.default\

FF - prefs.js: browser.search.selectedEngine - MyStart Search

FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb143?a=6R8sYquPVx&i=26

FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb143/?loc=IB_DS&a=6R8sYquPVx&&i=26&search=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6R8sYquPVx

FF - user.js: extensions.incredibar_i.upn2n - 92824363556530923

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10643

FF - user.js: extensions.incredibar_i.ppd - 1

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8sYquPVx&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - aef40f76000000000000cc52af994b29

FF - user.js: extensions.incredibar_i.instlDay - 15475

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:25:50

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-5-9 1160824]

R1 CbFs;CbFs;\??\C:\Windows\system32\drivers\cbfs.sys --> C:\Windows\system32\drivers\cbfs.sys [?]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120515.001\IDSviA64.sys [2012-5-16 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1307000.009\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1307000.009\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-1-10 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-1-28 514232]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-7 249672]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-12 13592]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-1-10 2413056]

R2 LivedriveVSSService;Livedrive VSS Service;C:\Program Files (x86)\Livedrive\VSSService.exe [2012-2-7 210616]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-7-12 517632]

R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccsvchst.exe [2012-4-25 138232]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-14 2358656]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-12 2656280]

R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-5-15 185856]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-7 138360]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]

S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]

S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2012-05-16 11:42:59 -------- d-----w- C:\Users\Janet\AppData\Roaming\Malwarebytes

2012-05-16 11:42:45 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-16 11:42:45 -------- d-----w- C:\ProgramData\Malwarebytes

2012-05-16 11:42:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-15 10:25:49 -------- d-----w- C:\Program Files (x86)\Incredibar.com

2012-05-15 10:25:38 -------- d-----w- C:\Program Files\Web Assistant

2012-05-15 09:49:17 -------- d-----w- C:\Users\Janet\AppData\Roaming\Hemera

2012-05-15 09:49:17 -------- d-----w- C:\Program Files (x86)\GSP

2012-05-09 08:42:59 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-09 08:42:56 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-09 08:42:50 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 08:42:50 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-06 13:32:36 -------- d-----w- C:\Users\Janet\AppData\Local\Apple

2012-05-06 13:31:18 -------- d-----w- C:\Program Files (x86)\Serif Draw Plus

2012-05-01 17:57:42 -------- d-----w- C:\Users\Janet\AppData\Roaming\Temp

2012-04-30 10:43:45 -------- d-----w- C:\Program Files (x86)\GreenbeanSoft

2012-04-29 19:43:27 -------- d-----w- C:\Users\Janet\AppData\Roaming\KeePass

2012-04-29 19:41:07 -------- d-----w- C:\Program Files (x86)\KeePass Password Safe

2012-04-29 19:20:17 -------- d-sh--w- C:\~LD

2012-04-29 18:20:13 191960 ----a-w- C:\Windows\System32\drivers\cbfs.sys

2012-04-29 18:19:06 -------- d-----w- C:\Users\Janet\AppData\Local\Livedrive

2012-04-29 18:19:06 -------- d-----w- C:\Program Files (x86)\Livedrive

2012-04-25 10:13:40 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1307000.009\symds64.sys

2012-04-25 10:13:40 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\symnets.sys

2012-04-25 10:13:40 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\srtspx64.sys

2012-04-25 10:13:40 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\symefa64.sys

2012-04-25 10:13:39 737912 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\srtsp64.sys

2012-04-25 10:13:39 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\ironx64.sys

2012-04-25 10:13:38 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\ccsetx64.sys

2012-04-25 10:13:21 -------- d-----w- C:\Windows\System32\drivers\NISx64\1307000.009

.

==================== Find3M ====================

.

2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys

2012-03-26 11:52:26 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-03-03 06:29:57 1541120 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-03 06:29:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2012-03-03 06:29:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2012-03-03 06:29:42 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll

2012-03-03 06:29:41 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-03-03 05:40:21 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-03 05:40:10 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2012-03-03 05:40:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-03-03 05:40:09 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2012-03-03 05:40:09 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-03-01 06:45:41 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-03-01 06:40:14 80896 ----a-w- C:\Windows\System32\imagehlp.dll

2012-03-01 06:35:16 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 19:50:37.62 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 30/05/2011 15:28:16

System Uptime: 16/05/2012 18:16:57 (1 hours ago)

.

Motherboard: Hewlett-Packard | | 1656

Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU1 | 2277/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 580 GiB total, 496.534 GiB free.

D: is FIXED (NTFS) - 16 GiB total, 1.978 GiB free.

E: is CDROM ()

F: is FIXED (FAT32) - 0 GiB total, 0.083 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP81: 29/04/2012 19:17:11 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

RP82: 29/04/2012 19:18:16 - Installed Livedrive

RP83: 30/04/2012 11:42:51 - Installed Checkmark Personal Organizer

RP84: 06/05/2012 14:27:41 - Installed Serif DrawPlus X4

RP85: 06/05/2012 14:32:44 - Installed QuickTime

RP86: 10/05/2012 07:14:15 - Windows Update

RP87: 15/05/2012 09:18:44 - Windows Update

RP88: 15/05/2012 10:47:53 - Installed PhotoArt Vol 1

RP89: 15/05/2012 10:56:17 - Installed PhotoArt Vol 2

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Community Help

Adobe Digital Editions

Adobe Download Assistant

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Illustrator CS5.1

Adobe Reader 9.3.3 MUI

Adobe Shockwave Player 11.5

Agatha Christie - Peril at End House

Amazon MP3 Downloader 1.0.9

Apple Application Support

Apple Software Update

Audacity 1.2.6

Bejeweled 2 Deluxe

Bing Bar

Blackhawk Striker 2

Blasterball 3

Bounce Symphony

BT Broadband Desktop Help

BTHomeHub

Cake Mania

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Catalyst Control Center Profiles Mobile

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

Checkmark Personal Organizer

Chuzzle Deluxe

CyberLink DVD Suite

CyberLink YouCam

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DM_Install

Dora's World Adventure

Dropbox

Energy Star Digital Logo

ESU for Microsoft Windows 7

Farm Frenzy

FATE

Final Drive Nitro

GoToAssist Corporate

Hewlett-Packard ACLM.NET v1.1.2.0

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2548139)

Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2635973)

HP CloudDrive

HP Customer Experience Enhancements

HP Documentation

HP Game Console

HP Games

HP On Screen Display

HP Power Manager

HP Quick Launch

HP Setup

HP Setup Manager

HP SimplePass 2011

HP Software Framework

HP Support Assistant

IDT Audio

IIS 7.5 Express

Incredibar Toolbar on IE

Intel® Control Center

Intel® Display Audio Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java Auto Updater

Java Media Framework 2.1.1e

Java 6 Update 22

Juniper Networks Setup Client

Juniper Networks Setup Client Activex Control

Juniper Networks UAC Host Checker

Junk Mail filter update

KeePass Password Safe 1.22

LabelPrint

LightScribe System Software

Lizard Safeguard - PDF Viewer 2.6.9

LSHTM Remote Desktop 2.0

M366 Course Software

Magic Desktop

Malwarebytes Anti-Malware version 1.61.0.1400

Mesh Runtime

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 2

Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools

Microsoft ASP.NET MVC 3

Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools Update

Microsoft ASP.NET Web Pages

Microsoft ASP.NET Web Pages - VWD Express 2010 Tools

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft Silverlight 4 SDK

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server Browser

Microsoft SQL Server Compact 4.0 Web Tools ENU

Microsoft SQL Server Database Publishing Wizard 1.4

Microsoft SQL Server System CLR Types

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Service Pack 1

Microsoft Visual Web Developer 2010 Express - ENU

Microsoft WebMatrix

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MiKTeX 2.8

Moneydance 2011.791

Mozilla Firefox 9.0.1 (x86 en-GB)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Mystery P.I. - The London Caper

NetLogo 3.1.4

Norton Internet Security

NuGet

OLYMPUS Digital Camera Updater

Olympus ib

OLYMPUS Viewer 2

PDF Settings CS5

Penguins!

PhotoArt Vol 1

PhotoArt Vol 2

PictureMover

Plants vs. Zombies

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

PX Profile Update

QuickTime

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

Recovery Manager

Renesas Electronics USB 3.0 Host Controller Driver

Samsung Kies

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Serif DrawPlus Starter Edition

Serif DrawPlus X4

Skype™ 4.2

Solitaire Plus! version 2.4.3

TeamViewer 6

UltraEdit

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Virtual Villagers 4 - The Tree of Life

Visual Studio 2010 SP1 Tools for SQL Server Compact 4.0 ENU

WCF RIA Services V1.0 SP1

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

World Cup Cricket 20-20

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

16/05/2012 18:22:25, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

16/05/2012 12:35:01, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

16/05/2012 12:35:01, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

16/05/2012 12:35:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

16/05/2012 10:12:27, Error: Service Control Manager [7000] - The MRESP50a64 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified.

09/05/2012 15:27:22, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

If you want to try this the easy way, do this:

1. Open Programs and Features by clicking the Start button Picture of the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.

2. Select Incredibar, and then click Uninstall.

3. Uninstall FireFox and download a fresh copy.

http://www.mozilla.com/firefox/

Link to post
Share on other sites

Many thanks for your reply. Sorry to be slow getting back, but I've been at work - this is a home laptop.

I uninstalled Intellibar as suggested, and uninstalled firefox. When I opened IE to download a new Firefox, Mystart was in there too, and when I reinstalled Firefox it was back there too.

It no longer appears in the Control Panel/Programs and Features, but I tried uninstalling both Firefox and IE. The latter included a reboot. I then reinstalled Firefox again, and Mystart is still there.

Be grateful for further advice. Thanks

Link to post
Share on other sites

That Junk is hard to get rid of..

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

OK, I've run combofix - I kept getting messages saying that Norton Internet Security Antispyware was still running, I turned off everything I could find, but my Norton didn't seem to tally with the instructions, so I'm not sure if there was something left on.

Anyway, Combofix ran, and the log file content is pasted below - thanks

=========================================================================================================

ComboFix 12-05-17.05 - Janet 17/05/2012 23:48:03.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6092.3909 [GMT 1:00]

Running from: c:\users\Janet\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Web Assistant\ExTEnsion32.dll

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\{602D3E84-FF87-45CA-B6B9-80A90045E925}.xps

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1093.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1113.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc12.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc12D5.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc12D6.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc13C.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc13C2.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1677.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1934.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc19D1.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1A8F.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1A91.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1C13.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1D5A.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1DA2.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1DC1.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1E61.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1ED8.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1EF3.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1F21.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1F22.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1FBC.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2355.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc252.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc272F.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2749.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2857.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc29C7.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2A2E.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2A8F.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2A9C.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2BAA.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2ED9.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2F27.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc30A5.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc31C4.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3237.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc340E.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc345.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc356E.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3590.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc363E.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc37BD.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3BCB.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3D61.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3F58.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc40E7.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc432E.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc433C.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4531.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc45DF.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4832.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc489E.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc494E.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4A29.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4AD6.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4AEF.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4BD0.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4CAE.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4D83.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4EEF.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc511E.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5356.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc544B.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5716.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5783.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc57C2.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5B83.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5FBE.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc650.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc655B.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6579.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc65C0.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc669C.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6723.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc67A2.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc68A4.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc68BE.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc691E.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6A19.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6A23.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6A6.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6A6E.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6A97.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6C5.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6C96.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6CFE.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6E07.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6EAB.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6F2D.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc708C.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7276.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc72DA.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc72E.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7387.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7499.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc75B4.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc75F6.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc76CA.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7754.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc77C9.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc77F9.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7A33.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7A37.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7A98.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7B7D.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7D78.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7DF7.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7F9E.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc80B2.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc829B.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8342.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8354.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc879E.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc881A.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8844.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc88A9.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8984.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8C4A.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8D63.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8E29.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8F23.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8F3D.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc910C.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9224.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9658.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9752.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc97A0.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc97C8.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9857.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9993.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc99CF.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9B96.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9BB5.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9C87.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA0A1.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA225.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA41D.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA54D.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA5D9.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA7DE.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA801.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAC57.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccACE4.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAE99.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB118.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB151.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB2D9.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB350.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB5CF.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB675.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB742.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB7C9.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB987.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBB12.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBB4B.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBB5C.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBCCC.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBEFE.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC029.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC09F.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC0B2.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC0F2.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC18A.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC3CB.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC49B.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC4C3.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC536.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC62D.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC639.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC6F8.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC86B.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC8BF.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCDA4.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCED9.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCEF0.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF6A.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF77.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD12C.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD1CE.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD24E.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD3D3.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD6DF.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD73E.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD7E3.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD81.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD8C1.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD980.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD9CB.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDA21.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDA55.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDD14.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDD79.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDD9C.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDDC7.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDEBB.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDFEF.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE070.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE248.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE294.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE2ED.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE30D.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE51B.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE521.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE5EA.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE5FD.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE735.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEB21.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccECBF.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccED44.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEE5C.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEFEC.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF234.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF27.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF279.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF526.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF814.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF83C.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF848.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF8EF.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFBA5.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFC66.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFDC.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFE18.tmp

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFFB1.tmp

c:\users\Janet\AppData\Local\Temp\{bf5eaec9-e547-40d0-8b19-42b2a40891b9}\Livedrive.Native.dll

c:\users\Janet\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll

c:\windows\security\Database\tmp.edb

c:\windows\SysWow64\muzapp.exe

c:\windows\SysWow64\system32

c:\windows\SysWow64\system32\3DAudio.ax

c:\windows\SysWow64\system32\avrt.dll

c:\windows\SysWow64\system32\cis-2.4.dll

c:\windows\SysWow64\system32\issacapi_bs-2.3.dll

c:\windows\SysWow64\system32\issacapi_pe-2.3.dll

c:\windows\SysWow64\system32\issacapi_se-2.3.dll

c:\windows\SysWow64\system32\MACXMLProto.dll

c:\windows\SysWow64\system32\MaDRM.dll

c:\windows\SysWow64\system32\MaJGUILib.dll

c:\windows\SysWow64\system32\MAMACExtract.dll

c:\windows\SysWow64\system32\MASetupCleaner.exe

c:\windows\SysWow64\system32\MaXMLProto.dll

c:\windows\SysWow64\system32\mfplat.dll

c:\windows\SysWow64\system32\MK_Lyric.dll

c:\windows\SysWow64\system32\MSCLib.dll

c:\windows\SysWow64\system32\MSFLib.dll

c:\windows\SysWow64\system32\MSLUR71.dll

c:\windows\SysWow64\system32\msvcp60.dll

c:\windows\SysWow64\system32\MTTELECHIP.dll

c:\windows\SysWow64\system32\MTXSYNCICON.dll

c:\windows\SysWow64\system32\muzaf1.dll

c:\windows\SysWow64\system32\muzapp.dll

c:\windows\SysWow64\system32\muzapp.exe

c:\windows\SysWow64\system32\muzdecode.ax

c:\windows\SysWow64\system32\muzeffect.ax

c:\windows\SysWow64\system32\muzmp4sp.ax

c:\windows\SysWow64\system32\muzmpgsp.ax

c:\windows\SysWow64\system32\muzoggsp.ax

c:\windows\SysWow64\system32\muzwmts.dll

c:\windows\SysWow64\system32\psapi.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-04-17 to 2012-05-17 )))))))))))))))))))))))))))))))

.

.

2012-05-17 22:55 . 2012-05-17 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-16 11:42 . 2012-05-16 11:42 -------- d-----w- c:\users\Janet\AppData\Roaming\Malwarebytes

2012-05-16 11:42 . 2012-05-16 11:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-16 11:42 . 2012-05-16 11:42 -------- d-----w- c:\programdata\Malwarebytes

2012-05-16 11:42 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-15 10:25 . 2012-05-15 10:25 844 ----a-w- C:\user.js

2012-05-15 10:25 . 2012-05-17 22:54 -------- d-----w- c:\program files\Web Assistant

2012-05-15 09:49 . 2012-05-15 09:56 -------- d-----w- c:\program files (x86)\GSP

2012-05-15 09:49 . 2012-05-15 09:51 -------- d-----w- c:\users\Janet\AppData\Roaming\Hemera

2012-05-09 08:42 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-09 08:42 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-09 08:42 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 08:42 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-07 09:07 . 2012-05-07 09:07 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-05-06 13:32 . 2012-05-06 13:32 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-05-06 13:32 . 2012-05-06 13:32 -------- d-----w- c:\users\Janet\AppData\Local\Apple

2012-05-06 13:32 . 2012-05-06 13:32 -------- d-----w- c:\programdata\Apple

2012-05-06 13:31 . 2012-05-06 13:31 -------- d-----w- c:\program files (x86)\Serif Draw Plus

2012-04-30 10:43 . 2012-04-30 10:43 -------- d-----w- c:\program files (x86)\GreenbeanSoft

2012-04-29 19:43 . 2012-04-29 19:43 -------- d-----w- c:\users\Janet\AppData\Roaming\KeePass

2012-04-29 19:41 . 2012-04-29 19:41 -------- d-----w- c:\program files (x86)\KeePass Password Safe

2012-04-29 19:20 . 2012-04-29 19:20 -------- d-----w- C:\~LD

2012-04-29 18:20 . 2010-02-16 11:44 191960 ----a-w- c:\windows\system32\drivers\cbfs.sys

2012-04-29 18:19 . 2012-05-17 22:46 -------- d-----w- c:\users\Janet\AppData\Local\Livedrive

2012-04-29 18:19 . 2012-04-29 18:20 -------- d-----w- c:\program files (x86)\Livedrive

2012-04-25 10:13 . 2012-04-25 21:30 -------- d-----w- c:\windows\system32\drivers\NISx64\1307000.009

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-26 11:52 . 2011-05-31 09:07 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-03-06 23:18 . 2012-03-06 23:18 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-03-01 06:54 . 2012-04-13 06:48 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:45 . 2012-04-13 06:48 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:40 . 2012-04-13 06:48 80896 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:35 . 2012-04-13 06:48 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:49 . 2012-04-13 06:48 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:45 . 2012-04-13 06:48 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:40 . 2012-04-13 06:48 5120 ----a-w- c:\windows\SysWow64\wmi.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-03-09 26100520]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]

"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]

"Livedrive"="c:\program files (x86)\Livedrive\Livedrive.exe" [2012-02-07 1817600]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-31 336384]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-01-10 113288]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-12-13 61112]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Olympus ib"="c:\program files (x86)\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]

"MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]

.

c:\users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Janet\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]

Philips Device Manager.lnk - c:\program files (x86)\Philips\SA28XX Device Manager\main.exe [2011-6-1 7696118]

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]

R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-02 1160824]

S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [x]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120516.001\IDSvia64.sys [2012-04-28 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307000.009\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-10 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-07 249672]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-10 2413056]

S2 LivedriveVSSService;Livedrive VSS Service;c:\program files (x86)\Livedrive\VSSService.exe [2012-02-07 210616]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-03-23 517632]

S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]

S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-01 185856]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-11-22 21:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2009-07-14 01:14 301568 ----a-w- c:\windows\System32\cmd.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-14 c:\windows\Tasks\HPCeeScheduleForJANET-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

2012-05-16 c:\windows\Tasks\HPCeeScheduleForJanet.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]

2012-05-01 13:33 201728 ----a-w- c:\program files\Web Assistant\Extension64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay]

@="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"

[HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]

2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]

@="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"

[HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]

2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]

@="{84CEF1E4-1356-4063-845F-05047F4DD52C}"

[HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]

2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay]

@="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}"

[HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}]

2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]

@="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"

[HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]

2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-17 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-17 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-17 418328]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]

"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2010-08-12 3451904]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-10 1128448]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mystart.incredibar.com/mb143?a=6R8sYquPVx&i=26

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\v28h5hip.default\

FF - prefs.js: browser.search.selectedEngine - MyStart Search

FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb143?a=6R8sYquPVx&i=26

FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb143/?loc=IB_DS&a=6R8sYquPVx&&i=26&search=

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6R8sYquPVx

FF - user.js: extensions.incredibar_i.upn2n - 92824363556530923

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10643

FF - user.js: extensions.incredibar_i.ppd - 1

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8sYquPVx&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - aef40f76000000000000cc52af994b29

FF - user.js: extensions.incredibar_i.instlDay - 15475

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:25

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]

"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\ezSharedSvcHost.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\Motive\McciCMService.exe

c:\program files (x86)\Common Files\Motive\McciContextHookShim.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-05-18 00:06:11 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-17 23:06

.

Pre-Run: 532,696,829,952 bytes free

Post-Run: 533,690,425,344 bytes free

.

- - End Of File - - F08225D8C9966C9986E0049E7ED252BA

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

Folder::
c:\program files\Web Assistant

ClearJavaCache::

DDS::
uStart Page = hxxp://mystart.incredibar.com/mb143?a=6R8sYquPVx&i=26

FireFox::
FF - ProfilePath - c:\users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\v28h5hip.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb143?a=6R8sYquPVx&i=26
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb143/?loc=IB_DS&a=6R8sYquPVx&&i=26&search=
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8sYquPVx
FF - user.js: extensions.incredibar_i.upn2n - 92824363556530923
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8sYquPVx&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - aef40f76000000000000cc52af994b29
FF - user.js: extensions.incredibar_i.instlDay - 15475
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:25
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

OK, I've done that, here's the log. Mystart is still there and everything in the browser runs very slowly (it did before, I forgot to mention). Don't know about any other apps because I don't want to use anything till I'm sure this has gone away

Thanks

Famulus

=============================================================================

ComboFix 12-05-17.05 - Janet 19/05/2012 9:28.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6092.3879 [GMT 1:00]

Running from: c:\users\Janet\Desktop\ComboFix.exe

Command switches used :: c:\users\Janet\Desktop\CFScript.txt

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Web Assistant

c:\program files\Web Assistant\Extension64.dll

c:\program files\Web Assistant\ExtensionUpdaterService.exe

c:\program files\Web Assistant\Firefox\chrome.manifest

c:\program files\Web Assistant\Firefox\chrome\content\libraries\DataExchangeScript.js

c:\program files\Web Assistant\Firefox\chrome\content\main.js

c:\program files\Web Assistant\Firefox\chrome\content\main.xul

c:\program files\Web Assistant\Firefox\chrome\content\resources\LocalScript.js

c:\program files\Web Assistant\Firefox\chrome\locale\en-US\overlay.dtd

c:\program files\Web Assistant\Firefox\chrome\skin\overlay.css

c:\program files\Web Assistant\Firefox\defaults\preferences\defaults.js

c:\program files\Web Assistant\Firefox\install.rdf

c:\program files\Web Assistant\InstallerHelper.dll

c:\program files\Web Assistant\libraries\DataExchangeScript.js

c:\program files\Web Assistant\resources\LocalScript.js

c:\program files\Web Assistant\source.crx

c:\program files\Web Assistant\unins000.dat

c:\program files\Web Assistant\unins000.exe

c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA9E8.tmp

c:\users\Janet\AppData\Local\Temp\{bf5eaec9-e547-40d0-8b19-42b2a40891b9}\Livedrive.Native.dll

c:\users\Janet\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Web Assistant Updater

-------\Service_Web Assistant Updater

.

.

((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))

.

.

2012-05-16 11:42 . 2012-05-16 11:42 -------- d-----w- c:\users\Janet\AppData\Roaming\Malwarebytes

2012-05-16 11:42 . 2012-05-16 11:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-16 11:42 . 2012-05-16 11:42 -------- d-----w- c:\programdata\Malwarebytes

2012-05-16 11:42 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-15 10:25 . 2012-05-15 10:25 844 ----a-w- C:\user.js

2012-05-15 09:49 . 2012-05-15 09:56 -------- d-----w- c:\program files (x86)\GSP

2012-05-15 09:49 . 2012-05-15 09:51 -------- d-----w- c:\users\Janet\AppData\Roaming\Hemera

2012-05-09 08:42 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-09 08:42 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-09 08:42 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 08:42 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-07 09:07 . 2012-05-07 09:07 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-05-06 13:32 . 2012-05-06 13:32 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-05-06 13:32 . 2012-05-06 13:32 -------- d-----w- c:\users\Janet\AppData\Local\Apple

2012-05-06 13:32 . 2012-05-06 13:32 -------- d-----w- c:\programdata\Apple

2012-05-06 13:31 . 2012-05-06 13:31 -------- d-----w- c:\program files (x86)\Serif Draw Plus

2012-04-30 10:43 . 2012-04-30 10:43 -------- d-----w- c:\program files (x86)\GreenbeanSoft

2012-04-29 19:43 . 2012-04-29 19:43 -------- d-----w- c:\users\Janet\AppData\Roaming\KeePass

2012-04-29 19:41 . 2012-04-29 19:41 -------- d-----w- c:\program files (x86)\KeePass Password Safe

2012-04-29 19:20 . 2012-04-29 19:20 -------- d-----w- C:\~LD

2012-04-29 18:20 . 2010-02-16 11:44 191960 ----a-w- c:\windows\system32\drivers\cbfs.sys

2012-04-29 18:19 . 2012-05-19 08:11 -------- d-----w- c:\users\Janet\AppData\Local\Livedrive

2012-04-29 18:19 . 2012-04-29 18:20 -------- d-----w- c:\program files (x86)\Livedrive

2012-04-25 10:13 . 2012-04-25 21:30 -------- d-----w- c:\windows\system32\drivers\NISx64\1307000.009

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-26 11:52 . 2011-05-31 09:07 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-03-06 23:18 . 2012-03-06 23:18 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-03-01 06:54 . 2012-04-13 06:48 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:45 . 2012-04-13 06:48 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:40 . 2012-04-13 06:48 80896 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:35 . 2012-04-13 06:48 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:49 . 2012-04-13 06:48 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:45 . 2012-04-13 06:48 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:40 . 2012-04-13 06:48 5120 ----a-w- c:\windows\SysWow64\wmi.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-17_22.57.48 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2012-05-19 08:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-05-17 22:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-05-17 22:57 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-19 08:09 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-17 22:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-19 08:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-01-28 00:39 . 2012-05-19 08:10 53024 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-05-19 08:10 36676 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-05-30 14:30 . 2012-05-19 08:10 14222 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3476798985-3891373694-2057737020-1000_UserData.bin

- 2011-05-30 22:24 . 2012-05-17 22:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-05-30 22:24 . 2012-05-19 08:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-05-30 22:24 . 2012-05-17 22:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-05-30 22:24 . 2012-05-19 08:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-17 22:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-19 08:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-05-30 19:26 . 2012-05-19 08:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-05-30 19:26 . 2012-05-17 22:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:46 . 2012-05-19 08:16 80184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-05-30 19:26 . 2012-05-19 08:38 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-05-30 19:26 . 2012-05-17 22:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-05-30 19:26 . 2012-05-17 22:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-05-30 19:26 . 2012-05-19 08:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-05-30 14:31 . 2012-05-19 08:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-05-30 14:31 . 2012-05-17 23:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-05-30 14:31 . 2012-05-17 23:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-05-30 14:31 . 2012-05-19 08:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-05-19 08:37 . 2012-05-19 08:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-17 22:57 . 2012-05-17 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-17 22:57 . 2012-05-17 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-05-19 08:37 . 2012-05-19 08:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:36 . 2012-05-17 21:51 730092 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-05-19 08:16 730092 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-05-17 21:51 149886 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-05-19 08:16 149886 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-05-17 22:56 536396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-05-19 08:36 536396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 02:34 . 2012-05-19 08:19 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:34 . 2012-05-17 22:03 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2011-05-30 21:53 . 2012-05-19 08:36 29872352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3476798985-3891373694-2057737020-1000-8192.dat

+ 2012-05-19 08:27 . 2012-05-19 08:27 10117120 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-03-09 26100520]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]

"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]

"Livedrive"="c:\program files (x86)\Livedrive\Livedrive.exe" [2012-02-07 1817600]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-31 336384]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-01-10 113288]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-12-13 61112]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Olympus ib"="c:\program files (x86)\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]

"MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]

.

c:\users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Janet\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]

Philips Device Manager.lnk - c:\program files (x86)\Philips\SA28XX Device Manager\main.exe [2011-6-1 7696118]

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

2;2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]

R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-02 1160824]

S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [x]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120516.001\IDSvia64.sys [2012-04-28 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307000.009\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-10 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-07 249672]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-10 2413056]

S2 LivedriveVSSService;Livedrive VSS Service;c:\program files (x86)\Livedrive\VSSService.exe [2012-02-07 210616]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-03-23 517632]

S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-11-22 21:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2009-07-14 01:14 301568 ----a-w- c:\windows\System32\cmd.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-14 c:\windows\Tasks\HPCeeScheduleForJANET-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

2012-05-16 c:\windows\Tasks\HPCeeScheduleForJanet.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay]

@="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"

[HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]

2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]

@="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"

[HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]

2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]

@="{84CEF1E4-1356-4063-845F-05047F4DD52C}"

[HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]

2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay]

@="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}"

[HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}]

2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]

@="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"

[HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]

2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-17 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-17 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-17 418328]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]

"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2010-08-12 3451904]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-10 1128448]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"combofix"="c:\combofix\CF19722.3XE" [2009-07-14 344576]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\v28h5hip.default\

FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb143?a=6R8sYquPVx&i=26

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.incredibar_i.upn2 - 6R8sYquPVx

FF - user.js: extensions.incredibar_i.upn2n - 92824363556530923

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10643

FF - user.js: extensions.incredibar_i.ppd - 1

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8sYquPVx&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.instlDay - 15475

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:25

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]

"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\ezSharedSvcHost.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\Motive\McciCMService.exe

c:\program files (x86)\Common Files\Motive\McciContextHookShim.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-05-19 09:45:31 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-19 08:45

ComboFix2.txt 2012-05-17 23:06

.

Pre-Run: 533,899,665,408 bytes free

Post-Run: 534,608,965,632 bytes free

.

- - End Of File - - 997F3AAE4D29720814917A14D1F01C90

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

FireFox::
FF - ProfilePath - c:\users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\v28h5hip.default\
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb143?a=6R8sYquPVx&i=26
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.incredibar_i.upn2 - 6R8sYquPVx
FF - user.js: extensions.incredibar_i.upn2n - 92824363556530923
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8sYquPVx&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.instlDay - 15475
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:25
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false

ClearJavaCache::

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Now we're getting somewhere! I've done that, log below as requested. Mystart page no longer comes up as default, although I still have MyStart search in what used to be the Google search box. Firefox is still pretty slow, but everything else (working offline) seems pretty normal.

Thanks

Famulus

==========================================================================================================================================

ComboFix 12-05-17.05 - Janet 20/05/2012 8:41.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6092.3790 [GMT 1:00]

Running from: c:\users\Janet\Desktop\ComboFix.exe

Command switches used :: c:\users\Janet\Desktop\CFScript.txt

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Janet\AppData\Local\Temp\{bf5eaec9-e547-40d0-8b19-42b2a40891b9}\Livedrive.Native.dll

c:\users\Janet\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-04-20 to 2012-05-20 )))))))))))))))))))))))))))))))

.

.

2012-05-20 07:47 . 2012-05-20 07:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-19 18:16 . 2012-05-20 07:47 -------- d-----w- c:\windows\system32\drivers\NISx64\1307010.005

2012-05-16 11:42 . 2012-05-16 11:42 -------- d-----w- c:\users\Janet\AppData\Roaming\Malwarebytes

2012-05-16 11:42 . 2012-05-16 11:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-16 11:42 . 2012-05-16 11:42 -------- d-----w- c:\programdata\Malwarebytes

2012-05-16 11:42 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-15 10:25 . 2012-05-15 10:25 844 ----a-w- C:\user.js

2012-05-15 09:49 . 2012-05-15 09:56 -------- d-----w- c:\program files (x86)\GSP

2012-05-15 09:49 . 2012-05-15 09:51 -------- d-----w- c:\users\Janet\AppData\Roaming\Hemera

2012-05-09 08:42 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-09 08:42 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-09 08:42 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 08:42 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-07 09:07 . 2012-05-07 09:07 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-05-06 13:32 . 2012-05-06 13:32 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-05-06 13:32 . 2012-05-06 13:32 -------- d-----w- c:\users\Janet\AppData\Local\Apple

2012-05-06 13:32 . 2012-05-06 13:32 -------- d-----w- c:\programdata\Apple

2012-05-06 13:31 . 2012-05-06 13:31 -------- d-----w- c:\program files (x86)\Serif Draw Plus

2012-04-30 10:43 . 2012-04-30 10:43 -------- d-----w- c:\program files (x86)\GreenbeanSoft

2012-04-29 19:43 . 2012-04-29 19:43 -------- d-----w- c:\users\Janet\AppData\Roaming\KeePass

2012-04-29 19:41 . 2012-04-29 19:41 -------- d-----w- c:\program files (x86)\KeePass Password Safe

2012-04-29 19:20 . 2012-04-29 19:20 -------- d-----w- C:\~LD

2012-04-29 18:20 . 2010-02-16 11:44 191960 ----a-w- c:\windows\system32\drivers\cbfs.sys

2012-04-29 18:19 . 2012-05-20 07:33 -------- d-----w- c:\users\Janet\AppData\Local\Livedrive

2012-04-29 18:19 . 2012-04-29 18:20 -------- d-----w- c:\program files (x86)\Livedrive

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-26 11:52 . 2011-05-31 09:07 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-03-06 23:18 . 2012-03-06 23:18 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-03-01 06:54 . 2012-04-13 06:48 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:45 . 2012-04-13 06:48 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:40 . 2012-04-13 06:48 80896 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:35 . 2012-04-13 06:48 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:49 . 2012-04-13 06:48 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:45 . 2012-04-13 06:48 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:40 . 2012-04-13 06:48 5120 ----a-w- c:\windows\SysWow64\wmi.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-17_22.57.48 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-05-19 08:21 . 2012-02-28 05:38 67072 c:\windows\SysWOW64\mshtmled.dll

- 2012-02-15 12:02 . 2011-12-16 07:59 67072 c:\windows\SysWOW64\mshtmled.dll

+ 2012-05-19 08:21 . 2012-02-28 05:35 12800 c:\windows\SysWOW64\msfeedssync.exe

- 2012-02-15 12:02 . 2011-12-16 07:56 12800 c:\windows\SysWOW64\msfeedssync.exe

- 2012-02-15 12:02 . 2011-12-16 07:59 64512 c:\windows\SysWOW64\msfeedsbs.dll

+ 2012-05-19 08:21 . 2012-02-28 05:38 64512 c:\windows\SysWOW64\msfeedsbs.dll

- 2012-02-15 12:02 . 2011-12-16 08:02 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll

+ 2012-05-19 08:21 . 2012-02-28 05:40 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll

- 2012-02-15 12:02 . 2011-12-16 07:58 44544 c:\windows\SysWOW64\licmgr10.dll

+ 2012-05-19 08:21 . 2012-02-28 05:38 44544 c:\windows\SysWOW64\licmgr10.dll

+ 2012-05-19 08:21 . 2012-02-28 05:38 48128 c:\windows\SysWOW64\jsproxy.dll

- 2012-02-15 12:02 . 2011-12-16 07:58 48128 c:\windows\SysWOW64\jsproxy.dll

+ 2009-07-14 04:54 . 2012-05-20 07:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-05-17 22:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-05-20 07:48 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-17 22:57 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-20 07:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-17 22:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-01-28 00:39 . 2012-05-19 18:12 54142 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-05-19 18:13 37076 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-05-30 14:30 . 2012-05-19 18:13 14704 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3476798985-3891373694-2057737020-1000_UserData.bin

+ 2012-05-19 08:21 . 2012-02-28 06:33 97280 c:\windows\system32\mshtmled.dll

- 2012-02-15 12:02 . 2011-12-16 08:42 97280 c:\windows\system32\mshtmled.dll

- 2012-02-15 12:02 . 2011-12-16 08:38 12288 c:\windows\system32\msfeedssync.exe

+ 2012-05-19 08:21 . 2012-02-28 06:29 12288 c:\windows\system32\msfeedssync.exe

- 2012-02-15 12:02 . 2011-12-16 08:42 82944 c:\windows\system32\msfeedsbs.dll

+ 2012-05-19 08:21 . 2012-02-28 06:33 82944 c:\windows\system32\msfeedsbs.dll

- 2012-02-15 12:02 . 2011-12-16 08:45 95232 c:\windows\system32\migration\WininetPlugin.dll

+ 2012-05-19 08:21 . 2012-02-28 06:35 95232 c:\windows\system32\migration\WininetPlugin.dll

+ 2012-05-19 08:21 . 2012-02-28 06:33 57856 c:\windows\system32\licmgr10.dll

- 2012-02-15 12:02 . 2011-12-16 08:41 57856 c:\windows\system32\licmgr10.dll

+ 2012-05-19 08:21 . 2012-02-28 06:32 64512 c:\windows\system32\jsproxy.dll

- 2012-02-15 12:02 . 2011-12-16 08:41 64512 c:\windows\system32\jsproxy.dll

+ 2012-05-19 18:17 . 2012-03-29 06:03 37496 c:\windows\system32\drivers\NISx64\1307010.005\srtspx64.sys

- 2011-05-30 22:24 . 2012-05-17 22:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-05-30 22:24 . 2012-05-20 07:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-05-30 22:24 . 2012-05-20 07:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-05-30 22:24 . 2012-05-17 22:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-20 07:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-17 22:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-05-30 19:26 . 2012-05-20 07:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-05-30 19:26 . 2012-05-17 22:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:46 . 2012-05-19 09:16 78552 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2011-05-30 19:26 . 2012-05-17 22:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-05-30 19:26 . 2012-05-20 07:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-05-30 19:26 . 2012-05-17 22:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-05-30 19:26 . 2012-05-20 07:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-05-30 14:31 . 2012-05-17 23:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-05-30 14:31 . 2012-05-20 07:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-05-30 14:31 . 2012-05-20 07:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-05-30 14:31 . 2012-05-17 23:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-05-19 18:16 . 2012-03-29 06:28 4782 c:\windows\system32\drivers\NISx64\1307010.005\symvtcer.dat

- 2012-05-17 22:57 . 2012-05-17 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-05-20 07:48 . 2012-05-20 07:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-05-20 07:48 . 2012-05-20 07:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-05-17 22:57 . 2012-05-17 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-02-15 12:02 . 2011-12-16 08:02 981504 c:\windows\SysWOW64\wininet.dll

+ 2012-05-19 08:21 . 2012-02-28 05:40 981504 c:\windows\SysWOW64\wininet.dll

- 2012-02-15 12:02 . 2011-12-16 08:02 132096 c:\windows\SysWOW64\url.dll

+ 2012-05-19 08:21 . 2012-02-28 05:40 132096 c:\windows\SysWOW64\url.dll

+ 2012-05-19 08:21 . 2012-02-28 05:38 606208 c:\windows\SysWOW64\mstime.dll

- 2012-02-15 12:02 . 2011-12-16 07:59 606208 c:\windows\SysWOW64\mstime.dll

+ 2012-05-19 08:21 . 2012-02-28 05:38 599552 c:\windows\SysWOW64\msfeeds.dll

- 2012-02-15 12:02 . 2011-12-16 07:59 599552 c:\windows\SysWOW64\msfeeds.dll

- 2012-02-15 12:02 . 2011-12-16 07:58 176640 c:\windows\SysWOW64\ieui.dll

+ 2012-05-19 08:21 . 2012-02-28 05:37 176640 c:\windows\SysWOW64\ieui.dll

+ 2012-05-19 08:21 . 2012-02-28 05:37 185856 c:\windows\SysWOW64\iepeers.dll

- 2012-02-15 12:02 . 2011-12-16 07:58 185856 c:\windows\SysWOW64\iepeers.dll

+ 2012-05-19 08:21 . 2012-02-28 05:37 381440 c:\windows\SysWOW64\iedkcs32.dll

- 2012-02-15 12:02 . 2011-12-16 07:58 381440 c:\windows\SysWOW64\iedkcs32.dll

+ 2011-05-30 16:37 . 2012-05-20 07:28 335926 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2012-05-19 08:21 . 2012-02-28 06:35 134144 c:\windows\system32\url.dll

- 2012-02-15 12:02 . 2011-12-16 08:45 134144 c:\windows\system32\url.dll

- 2009-07-14 02:36 . 2012-05-17 21:51 730092 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-05-20 07:53 730092 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-05-17 21:51 149886 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-05-20 07:53 149886 c:\windows\system32\perfc009.dat

+ 2012-05-19 08:21 . 2012-02-28 06:33 703488 c:\windows\system32\msfeeds.dll

- 2012-02-15 12:02 . 2011-12-16 08:42 703488 c:\windows\system32\msfeeds.dll

- 2012-02-15 12:02 . 2011-12-16 08:40 247808 c:\windows\system32\ieui.dll

+ 2012-05-19 08:21 . 2012-02-28 06:32 247808 c:\windows\system32\ieui.dll

- 2012-02-15 12:02 . 2011-12-16 08:40 256000 c:\windows\system32\iepeers.dll

+ 2012-05-19 08:21 . 2012-02-28 06:32 256000 c:\windows\system32\iepeers.dll

+ 2012-05-19 08:21 . 2012-02-28 06:32 445952 c:\windows\system32\iedkcs32.dll

- 2012-02-15 12:02 . 2011-12-16 08:40 445952 c:\windows\system32\iedkcs32.dll

+ 2012-05-19 18:17 . 2012-03-29 06:28 405624 c:\windows\system32\drivers\NISx64\1307010.005\symnets.sys

+ 2012-05-19 18:17 . 2011-08-16 06:51 451192 c:\windows\system32\drivers\NISx64\1307010.005\symds64.sys

+ 2012-05-19 18:17 . 2012-03-29 06:03 737912 c:\windows\system32\drivers\NISx64\1307010.005\srtsp64.sys

+ 2012-05-19 18:17 . 2012-03-29 06:06 190072 c:\windows\system32\drivers\NISx64\1307010.005\ironx64.sys

+ 2012-05-19 18:17 . 2011-11-29 22:44 167048 c:\windows\system32\drivers\NISx64\1307010.005\ccsetx64.sys

+ 2009-07-14 05:01 . 2012-05-20 07:47 536396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-05-17 22:56 536396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2012-02-15 12:02 . 2011-12-16 08:02 1230336 c:\windows\SysWOW64\urlmon.dll

+ 2012-05-19 08:21 . 2012-02-28 05:40 1230336 c:\windows\SysWOW64\urlmon.dll

+ 2012-05-19 08:21 . 2012-02-28 05:38 5998592 c:\windows\SysWOW64\mshtml.dll

- 2012-02-15 12:02 . 2011-12-16 07:58 2072576 c:\windows\SysWOW64\iertutil.dll

+ 2012-05-19 08:21 . 2012-02-28 05:37 2072576 c:\windows\SysWOW64\iertutil.dll

+ 2012-05-19 08:21 . 2012-02-28 06:35 1197568 c:\windows\system32\wininet.dll

- 2012-02-15 12:02 . 2011-12-16 08:45 1197568 c:\windows\system32\wininet.dll

+ 2012-05-19 08:21 . 2012-02-28 06:35 1501184 c:\windows\system32\urlmon.dll

- 2012-02-15 12:02 . 2011-12-16 08:45 1501184 c:\windows\system32\urlmon.dll

- 2012-02-15 12:02 . 2011-12-16 08:42 1026560 c:\windows\system32\mstime.dll

+ 2012-05-19 08:21 . 2012-02-28 06:33 1026560 c:\windows\system32\mstime.dll

- 2012-02-15 12:02 . 2011-12-16 08:42 9335296 c:\windows\system32\mshtml.dll

+ 2012-05-19 08:21 . 2012-02-28 06:33 9335296 c:\windows\system32\mshtml.dll

- 2012-02-15 12:02 . 2011-12-16 08:40 2458624 c:\windows\system32\iertutil.dll

+ 2012-05-19 08:21 . 2012-02-28 06:32 2458624 c:\windows\system32\iertutil.dll

+ 2012-05-19 18:17 . 2012-03-29 06:28 1092728 c:\windows\system32\drivers\NISx64\1307010.005\symefa64.sys

- 2009-07-14 04:45 . 2012-05-17 21:50 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2012-05-19 08:55 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2011-05-12 09:03 . 2012-05-20 07:47 5073272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-05-12 09:03 . 2012-05-16 08:30 5073272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2012-02-15 12:02 . 2011-12-16 07:58 10991104 c:\windows\SysWOW64\ieframe.dll

+ 2012-05-19 08:21 . 2012-02-28 05:37 10991104 c:\windows\SysWOW64\ieframe.dll

+ 2009-07-14 02:34 . 2012-05-19 09:09 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:34 . 2012-05-17 22:03 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

- 2012-02-15 12:02 . 2011-12-16 08:40 12372480 c:\windows\system32\ieframe.dll

+ 2012-05-19 08:21 . 2012-02-28 06:32 12372480 c:\windows\system32\ieframe.dll

+ 2011-05-30 21:53 . 2012-05-20 07:47 29872352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3476798985-3891373694-2057737020-1000-8192.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-03-09 26100520]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]

"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]

"Livedrive"="c:\program files (x86)\Livedrive\Livedrive.exe" [2012-02-07 1817600]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-31 336384]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-01-10 113288]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-12-13 61112]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Olympus ib"="c:\program files (x86)\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]

"MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]

.

c:\users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Janet\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]

Philips Device Manager.lnk - c:\program files (x86)\Philips\SA28XX Device Manager\main.exe [2011-6-1 7696118]

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]

R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-02 1160824]

S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [x]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120518.001\IDSvia64.sys [2012-04-28 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-10 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-07 249672]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-10 2413056]

S2 LivedriveVSSService;Livedrive VSS Service;c:\program files (x86)\Livedrive\VSSService.exe [2012-02-07 210616]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-03-23 517632]

S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-11-22 21:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2009-07-14 01:14 301568 ----a-w- c:\windows\System32\cmd.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-14 c:\windows\Tasks\HPCeeScheduleForJANET-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

2012-05-16 c:\windows\Tasks\HPCeeScheduleForJanet.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay]

@="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"

[HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]

2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Janet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]

@="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"

[HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]

2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]

@="{84CEF1E4-1356-4063-845F-05047F4DD52C}"

[HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]

2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay]

@="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}"

[HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}]

2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]

@="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"

[HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]

2012-02-07 15:48 1245880 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-17 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-17 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-17 418328]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]

"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2010-08-12 3451904]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-10 1128448]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\v28h5hip.default\

FF - user.js: extensions.incredibar_i.upn2n - 92824363556530923

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10643

FF - user.js: extensions.incredibar_i.ppd - 1

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8sYquPVx&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:25

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]

"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\ezSharedSvcHost.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\Motive\McciCMService.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Common Files\Motive\McciContextHookShim.exe

c:\windows\SysWOW64\RunDll32.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

.

**************************************************************************

.

Completion time: 2012-05-20 09:02:43 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-20 08:02

ComboFix2.txt 2012-05-19 08:45

ComboFix3.txt 2012-05-17 23:06

.

Pre-Run: 536,240,906,240 bytes free

Post-Run: 533,769,797,632 bytes free

.

- - End Of File - - 458978FBEBAAA4CEA4398568701177EB

Link to post
Share on other sites

Great - it seems to be fixed. Many, many thanks.

It didn't work first time, but I tried again with 2 differences - I deleted my personal data as well as uninstallng firefox; and I rebooted between uninstall and reinstall. Don't know which of those did the trick but it's all fine now.

Thanks so much for your help. I'll be making a donation - and I'll remember where you are next time.

Famulus

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.