1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to uninstall Freecorder

Discussion in 'Windows - Virus and spyware problems' started by bauld, Jan 22, 2013.

  1. bauld

    bauld Member

    Joined:
    Oct 20, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    Hi
    Firstly, sorry if theres another thread,I can't find one.
    Laptop and internet running very slow,I think it's the Freecorder.i have uninstalled part of it but it won't let me uninstall it all.can somebody give any help on uninstalling it or recommend a programme to get rid of it and all its junk.
    Many thanks in advance for any help and advice
    Cheers
    bauld
     
  2. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Hi bauld,

    First, let’s do a little Pre-Cleaning and Post some Logs so I can see what we need to do. Then, I’ll help you get rid of the Crap….

    Download and Run Temp File Cleaner (TFC.exe)

    Download Temp File Cleaner and save it to your desktop.

    You might want to Save any unsaved work. TFC will close ALL open programs... including your browser!

    1.Double click to run it.
    2.If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
    3.When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
    4.After Restart, log back in to your usual account.

    Next:

    Junkware Removal Tool

    1. Please download jrt.exe ... and save it to your desktop. Alternate download here.
    2. Please temporarily disable your security/protection software as found here, to avoid potential conflicts.
    3. If running Vista or Win7... right-click jrt.exe and select "Run as Administrator",
    otherwise just double click it.
    The tool will open and start scanning your system. Please be patient, it can take a while depending on your system.
    On completion, a log file JRT.txt is saved to your desktop and will automatically open.
    4. Please copy and paste the contents of JRT.txt and post in your next reply.

    Next:

    Security Application Check:

    Please download and save SecurityCheck.exe to your Desktop from one of the links below.

    Link 1 http://www.bleepingcomputer.com/download/securitycheck/
    Link 2 http://screen317.spywareinfoforum.org/SecurityCheck.exe
    • Double-click SecurityCheck.exe then follow the on-screen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt
    Please post the contents of the checkup.txt in your next reply.

    Next:

    Download and Run HijackThis.exe

    Download TrendMicro HijackThis.exe and save it to your desktop.
    • Double-click on HJTInstall.exe
    • Click on the Install button.
    • It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
    • Upon install, HijackThis should open for you.
    • Click on the Main Menu button
    • Click on the Do a system scan and save a log file button
    • Hijackthis will scan and then a log will open in notepad.
    Copy and then paste the entire contents of the log in your next post.
    Do not have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

    Next:

    Make an uninstall list using HijackThis

    To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file.
    Simply copy and paste the contents of that notepad here in your next reply.



    Please post the HijackThis log, JRT Log, Checkup Log and Uninstall list in your next reply.

    That’s 4 Logs I need so that I may find your problem.

    TNX
    2OG
     
    Last edited: Jan 22, 2013
  3. scorpNZ

    scorpNZ Active member

    Joined:
    Mar 23, 2005
    Messages:
    4,266
    Likes Received:
    63
    Trophy Points:
    78
    you might get some ides from the reviews on hot to get rid of it,you'll need to remove toolbars it would pay to install ccleaner to help remove any startup entries it would pay to run msconfig from run in start menu then select diagnostic startup this may help you get rid of any stuff that has trouble uninstalling



    http://download.cnet.com/Freecorder/3000-2071_4-75286115.html
     
  4. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    lol scorp, you should know that TFC works better and removes more temp files than ccleaner.

    besides this is just the first round with a newbie to find out what he's holding.
    you really think if he knew how to use msconfig, he would be here asking for help?

    2oG [​IMG]
     
  5. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    yes.
     
  6. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    ? yes, TFC is better than ccleaner or yes, they ask for help no matter what level they are..

    2oG [​IMG]
     
  7. scorpNZ

    scorpNZ Active member

    Joined:
    Mar 23, 2005
    Messages:
    4,266
    Likes Received:
    63
    Trophy Points:
    78
    I figured you'd be along & decided he could make a start by helping himself


    ps: wtf has team fortress classic (TFC)) got to do with malware :p
     
  8. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    yes on the latter part of your statement.
     
  9. bauld

    bauld Member

    Joined:
    Oct 20, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    Thank you very much for your replies,I did another uninstall and the last Freecorder seems to have been removed.I am a total technophobe so all help is greatly received,I will post the results once I have done the cleanup later,again thanks to all
    Cheers
    bauld
     
  10. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    How do you expect me to make a living if you keep driving my customers away??

    NOT! TFC Temporary File Cleaner by Old Timer. Clean your temp files with Ccleaner then clean whats left over with TFC. You can see it cleans more. Gets the spots that Malware likes to hide because most peeps use Ccleaner.....

    2oG [​IMG]
     
  11. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Glad you got rid of it.. The stuff I sent you is not really cleanup it does some but, mostly I need the logs to see what you have so that I can help you clean anything "Nasty" from your puter.


    Cheers back to ya.
    2oG
     
  12. bauld

    bauld Member

    Joined:
    Oct 20, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    Junkware RemovalTool (JRT) by Thisisu
    Version: 4.5.0 (01.23.2013:2)
    OS: Windows Vista (TM) Home Premium x86
    Ran by carol on 24/01/2013 at 19:42:38.58
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services

    Successfully stopped: [Service] ib updater
    Successfully deleted: [Service] ib updater
    Successfully stopped: [Service] ibupdaterservice
    Successfully deleted: [Service] ibupdaterservice



    ~~~ Registry Values

    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{30f9b915-b755-4826-820b-08fba6bd249d}
    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{f9639e4a-801b-4843-aee3-03d9da199e77}
    Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2545014225-4040687697-4202415592-1000\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2545014225-4040687697-4202415592-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
    Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane
    Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1
    Successfully deleted: [Registry Key] hkey_classes_root\esrv.incredibaresrvc
    Successfully deleted: [Registry Key] hkey_classes_root\esrv.incredibaresrvc.1
    Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
    Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
    Successfully deleted: [Registry Key] hkey_local_machine\software\ib updater
    Successfully deleted: [Registry Key] hkey_current_user\software\im
    Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
    Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller
    Successfully deleted: [Registry Key] hkey_local_machine\software\incredibar.com
    Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
    Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
    Successfully deleted: [Registry Key] hkey_local_machine\software\tarma installer
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitengine
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\utorrentbar
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\extension.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\wmhelper.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctl
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctl.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctlsecondary
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctlsecondary.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\i
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibar.dskbnd
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibar.dskbnd.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibar.incredibarhlpr
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibar.incredibarhlpr.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibarapp.appcore
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibarapp.appcore.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\s
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\active setup\installed components\{03f998b2-0e00-11d3-a498-00104b6eb52e}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\active setup\installed components\{1b00725b-c455-4de6-bfb6-ad540ad427cd}
    Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2405725
    Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2438727
    Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2786678
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{30f9b915-b755-4826-820b-08fba6bd249d}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{336d0c35-8a85-403a-b9d2-65c292c39087}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{336d0c35-8a85-403a-b9d2-65c292c39087}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2a59}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{cff4db9b-135f-47c0-9269-b4c6572fd61a}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{f9639e4a-801b-4843-aee3-03d9da199e77}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}



    ~~~ Files

    Successfully deleted: [File] "C:\Windows\system32\dmwu.exe"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
    Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
    Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\conduit"
    Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\conduitengine"
    Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\pricegong"
    Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\utorrentbar"
    Successfully deleted: [Folder] "C:\Program Files\conduit"
    Successfully deleted: [Folder] "C:\Program Files\conduitengine"
    Successfully deleted: [Folder] "C:\Program Files\ib updater"
    Successfully deleted: [Folder] "C:\Program Files\incredibar.com"
    Successfully deleted: [Folder] "C:\Program Files\registry mechanic"
    Successfully deleted: [Folder] "C:\Program Files\utorrentbar"
    Successfully deleted: [Folder] "C:\Program Files\viewpoint"
    Successfully deleted: [Folder] "C:\Program Files\yontoo"



    ~~~ Chrome

    Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndipklodoedlc



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 24/01/2013 at 19:47:05.99
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    Last edited: Jan 24, 2013
  13. bauld

    bauld Member

    Joined:
    Oct 20, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    Results of screen317's Security Check version 0.99.57
    Windows Vista Service Pack 1 x86 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus out of date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java(TM) 6 Update 20
    Java(TM) 6 Update 2
    Java version out of Date!
    Adobe Reader 8 Adobe Reader out of Date!
    Mozilla Firefox 4.0 Firefox out of Date!
    Google Chrome 24.0.1312.52
    Google Chrome 24.0.1312.56
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSASCui.exe
    Windows Defender MSASCui.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0 %
    ````````````````````End of Log``````````````````````
     
  14. bauld

    bauld Member

    Joined:
    Oct 20, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:40:05, on 24/01/2013
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.19088)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Hp\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Iomega\QuikProtect\QuikProtect.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=81&bd=Presario&pf=laptop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ErrorTeck] C:\Program Files\ErrorTeck\ErrorTeck.exe /scan
    O4 - HKLM\..\Run: [QuiKProtect] C:\Program Files\Iomega\QuikProtect\StartQuikProtect.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Iomega Product Registration.lnk = C:\Program Files\Iomega\Registration\Register.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
    O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://fubar.com/js/ImageUploader/ImageUploader6.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: Google Update Service (gupdate1ca84ece659de30) (gupdate1ca84ece659de30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: QSCopyEngine - Unknown owner - C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10448 bytes
     
  15. bauld

    bauld Member

    Joined:
    Oct 20, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    Hi 2oldGeek,
    Ran the TFC.EXE first but no logs came up,so i have posted results of others.
    I think i've lost half the computer lol,thanks again and now you have some bed time reading.
    Just let me know what/if i need to do next.
    Cheers
    bauld
     
    Last edited: Jan 24, 2013
  16. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    @bauld,

    Well, your HJT Log is clean.. But you have a barrel full of junkware lol

    Update your Avast AV ->HERE

    Download filehippo update checker ->HERE and update all your programs.

    Download and update your Java ->HERE

    Go to add/remove programs and uninstall these:
    Java(TM) 6 Update 20
    Java(TM) 6 Update 2

    Now, let's clean out the Adware and froistware:

    Please download AdwCleaner] and save it on your Desktop.
    AdwCleaner is a reliable removal tool for:
    Adware
    Adware are programs that are usually free, otherwise known as Freeware, that have advertisements built into the software. That means when you run the software, it will pull down advertisements from the Internet and display them somewhere in the software. Most of these types of software allow you to register the software, by paying some fee, in order to remove the ads.

    Foistware]
    Foistware is a term used to describe software downloaded to a computer without the owner's knowledge, which puts hidden components on a system, and attempts to bait the unsuspecting into purchasing another software remedy.

    Toolbars and potentially unwanted programs.

    AdwCleaner is a tool that deletes :
    • Adwares (software ads)
    • PUP/LPI (Potentially Undesirable Program)
    • Toolbars
    • Hijacker (Hijack of the browser's homepage)

    It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.
    • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
    • Now click on the Search tab.
    Please post the contents of the log-file created in your next post.

    Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

    Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.


    2oG
     
    Last edited: Jan 24, 2013
  17. bauld

    bauld Member

    Joined:
    Oct 20, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    # AdwCleaner v2.108 - Logfile created 01/25/2013 at 02:08:18
    # Updated 24/01/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
    # User : carol - CAROL-PC
    # Boot Mode : Normal
    # Running from : C:\Users\carol\Downloads\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\user.js
    File Found : C:\Users\colin\Desktop\Uninstall.exe
    File Found : C:\Windows\system32\ImhxxpComm.dll
    Folder Found : C:\Users\ciara\AppData\LocalLow\Conduit
    Folder Found : C:\Users\ciara\AppData\LocalLow\ConduitEngine
    Folder Found : C:\Users\ciara\AppData\LocalLow\incredibar.com
    Folder Found : C:\Users\ciara\AppData\LocalLow\PriceGong
    Folder Found : C:\Users\ciara\AppData\LocalLow\uTorrentBar
    Folder Found : C:\Users\colin\AppData\LocalLow\Conduit
    Folder Found : C:\Users\colin\AppData\LocalLow\ConduitEngine
    Folder Found : C:\Users\colin\AppData\LocalLow\incredibar.com
    Folder Found : C:\Users\colin\AppData\LocalLow\PriceGong
    Folder Found : C:\Users\colin\AppData\LocalLow\uTorrentBar
    Folder Found : C:\Windows\system32\WNLT

    ***** [Registry] *****

    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88F6BCAB-77CE-4461-BB6E-1CE2200D2DBB}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{88F6BCAB-77CE-4461-BB6E-1CE2200D2DBB}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\Software\conduitEngine
    Key Found : HKLM\Software\conduitEngine
    Key Found : HKLM\Software\MetaStream
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{126B3D7E-43AC-4AF2-8A0F-8FC92BA36AA8}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA76B37A-9326-48BE-B10F-45C96FC7F505}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{88F6BCAB-77CE-4461-BB6E-1CE2200D2DBB}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Found : HKLM\Software\uTorrentBar
    Key Found : HKLM\Software\Viewpoint
    Key Found : HKLM\Software\WNLT
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.19088

    [OK] Registry is clean.

    *************************

    AdwCleaner[R1].txt - [9397 octets] - [25/01/2013 02:08:18]

    ########## EOF - C:\AdwCleaner[R1].txt - [9457 octets] ##########
     
  18. bauld

    bauld Member

    Joined:
    Oct 20, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    Hi 2oG,
    Many thanks yet again for your help, above and beyond the call of duty.
    There were several updates required all successful apart from Skype,Firefox(don't use anyway) and Flashplayer.
    On the administrator page which isn't used because of a problem.Windows sidebar- Setting.ini is being used by another process,close other programme and click retry
    is maybe the problem with Skype not updating,I will try and update on another page,mmy daughter uses skype with no probs.apologies if I have given you another problem,all the other pages seem to work ok.
    again many thanks
    Cheers
    bauld
     
  19. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    bauld,

    Update your Windows.. you need SP2 on that Vista and IE 9..

    Lots of adware found....lets clear it out.....
    • Please re-run AdwCleaner.
    • This time Click on Delete button.
    • Confirm each time with OK if asked.
    • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

    Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.


    Let’s run a Big Gun and see what else we can pick up.. maybe will help with other problems.


    1. Download Combo fix from one of these locations.
    * IMPORTANT !!! Place combofix.exe on your Desktop

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://subs.geekstogo.com/ComboFix.exe

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    Go to -> Here for your reference.

    Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.
    Code:
    "%userprofile%\desktop\combofix.exe" /killall 
    



    [​IMG]

    3. Combo will begin to run DO NOTHING while this is happening.

    Do not attempt to use the internet or anything else while it's running.
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    • It will kill a few processes and disconnect you from the internet.
    • If by chance it stops prematurely you can re-establish your internet connection by restarting your computer. It does set a restore point before running.
    • This needs to be done so the program can work most efficiently for you.


    **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.

    If when it's completed you can not get on the internet just reboot the computer

    Post the log from comboFix for me located in
    c:\comboFix.txt



    2oG
     
  20. bauld

    bauld Member

    Joined:
    Oct 20, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    ComboFix 13-01-24.02 - carol 25/01/2013 19:06:33.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.353.1033.18.2037.1044 [GMT 0:00]
    Running from: c:\users\carol\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\carol\%appda~1
    c:\users\carol\%appda~1\Microsoft\Windows\IETldCache\index.dat
    c:\windows\system32\KBL.LOG
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-25 to 2013-01-25 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-25 19:18 . 2013-01-25 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-25 19:18 . 2013-01-25 19:18 -------- d-----w- c:\users\ciara\AppData\Local\temp
    2013-01-25 19:18 . 2013-01-25 19:18 -------- d-----w- c:\users\colin\AppData\Local\temp
    2013-01-25 18:06 . 2013-01-25 18:06 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7990149-3B73-4D09-A1F8-E705F7BF2592}\offreg.dll
    2013-01-25 09:27 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7990149-3B73-4D09-A1F8-E705F7BF2592}\mpengine.dll
    2013-01-25 09:21 . 2013-01-25 09:21 -------- d-----w- c:\users\ciara\AppData\Roaming\RealNetworks
    2013-01-25 01:19 . 2013-01-25 01:19 -------- d-----w- c:\program files\Common Files\Skype
    2013-01-25 01:13 . 2013-01-25 01:13 -------- d-----w- c:\program files\RealNetworks
    2013-01-25 01:13 . 2013-01-25 01:13 -------- d-----w- c:\programdata\RealNetworks
    2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2013-01-25 01:07 . 2013-01-25 01:08 -------- d-----w- c:\program files\QuickTime
    2013-01-25 00:59 . 2013-01-25 00:58 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-01-25 00:58 . 2013-01-25 00:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-01-25 00:53 . 2013-01-25 00:53 -------- d-----w- c:\program files\iPod
    2013-01-25 00:53 . 2013-01-25 00:54 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-01-25 00:53 . 2013-01-25 00:54 -------- d-----w- c:\program files\iTunes
    2013-01-25 00:36 . 2013-01-25 00:36 388096 ----a-r- c:\users\colin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-01-25 00:26 . 2013-01-25 00:27 -------- d-----w- c:\program files\Common Files\Adobe
    2013-01-25 00:17 . 2013-01-25 00:17 -------- d-----w- c:\program files\FileHippo.com
    2013-01-24 20:39 . 2013-01-24 20:39 -------- d-----w- c:\program files\Trend Micro
    2013-01-24 19:42 . 2013-01-24 19:42 -------- d-----w- c:\windows\ERUNT
    2013-01-24 19:42 . 2013-01-24 19:43 -------- d-----w- C:\JRT
    2013-01-21 17:10 . 2013-01-21 17:10 -------- d-----w- c:\programdata\WindowsSearch
    2013-01-21 17:05 . 2013-01-21 17:05 -------- d-----w- c:\windows\system32\Adobe
    2012-12-29 21:21 . 2011-06-10 22:58 773968 ----a-w- c:\windows\system32\msvcr100.dll
    2012-12-29 21:21 . 2011-06-10 22:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
    2012-12-29 21:21 . 2011-05-13 23:17 632656 ----a-w- c:\windows\system32\msvcr80.dll
    2012-12-29 21:21 . 2011-05-13 23:17 479232 ----a-w- c:\windows\system32\msvcm80.dll
    2012-12-29 21:21 . 2011-05-13 23:17 554832 ----a-w- c:\windows\system32\msvcp80.dll
    2012-12-29 21:21 . 2012-12-29 21:21 -------- d-----w- c:\windows\system32\ARFC
    2012-12-29 21:19 . 2012-12-29 21:19 -------- d-----w- c:\program files\Gophoto.it
    2012-12-29 21:19 . 2012-12-29 21:19 -------- d-----w- c:\program files\TornTV.com
    2012-12-29 20:27 . 2012-12-29 20:27 -------- d-----w- c:\users\ciara\AppData\Local\Apps
    2012-12-29 19:55 . 2012-12-29 19:55 -------- d-----w- c:\programdata\FileCure
    2012-12-28 15:17 . 2012-12-28 19:11 -------- d-----w- c:\program files\Lame For Audacity
    2012-12-28 13:46 . 2012-12-28 13:46 -------- d-----w- c:\program files\Audacity
    2012-12-28 13:32 . 2012-12-28 13:57 -------- d-----w- c:\program files\RecordMateLP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-25 00:58 . 2010-06-27 10:36 780192 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-08 22:54 . 2012-07-24 12:44 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-08 22:54 . 2012-07-24 12:44 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-30 22:51 . 2012-10-16 15:33 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-10-30 22:51 . 2012-10-16 15:33 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-10-30 22:51 . 2012-10-16 15:33 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-10-30 22:51 . 2012-10-16 15:33 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 22:51 . 2012-10-16 15:33 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-10-30 22:51 . 2012-10-16 15:33 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-10-30 22:51 . 2012-10-16 15:30 41224 ----a-w- c:\windows\avastSS.scr
    2012-10-30 22:50 . 2012-10-16 15:30 227648 ----a-w- c:\windows\system32\aswBoot.exe
    2013-01-16 20:07 . 2011-04-20 11:35 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-26 39408]
    "FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-10 212992]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
    "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2013-01-25 295072]
    "QuiKProtect"="c:\program files\Iomega\QuikProtect\StartQuikProtect.exe" [2009-03-13 54504]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
    .
    c:\users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Iomega Product Registration.lnk - c:\program files\Iomega\Registration\Register.exe [2004-2-4 16175104]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-22 20:32 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 22:54]
    .
    2013-01-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2545014225-4040687697-4202415592-1002Core.job
    - c:\users\ciara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-11 15:23]
    .
    2013-01-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2545014225-4040687697-4202415592-1002UA.job
    - c:\users\ciara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-11 15:23]
    .
    2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 23:00]
    .
    2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 23:00]
    .
    2013-01-25 c:\windows\Tasks\User_Feed_Synchronization-{41A229B3-26F3-41BB-99AE-F97F3E9A2060}.job
    - c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 89.101.160.5 89.101.160.4
    DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://fubar.com/js/ImageUploader/ImageUploader6.cab
    FF - ProfilePath - c:\users\colin\AppData\Roaming\Mozilla\Firefox\Profiles\j5v1bv04.default\
    FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb128?a=6PQUdDfV9l&i=26
    FF - prefs.js: browser.search.selectedEngine - MyStart Search
    FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&a=6PQUdDfV9l&&i=26&search=
    FF - ExtSQL: 2012-12-06 14:52; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
    FF - ExtSQL: 2012-12-18 21:06; plugin@yontoo.com; c:\users\colin\AppData\Roaming\Mozilla\Firefox\Profiles\j5v1bv04.default\extensions\plugin@yontoo.com
    FF - ExtSQL: 2012-12-18 21:07; addon@freecorder.com; c:\users\colin\AppData\Roaming\Mozilla\Firefox\Profiles\j5v1bv04.default\extensions\addon@freecorder.com
    FF - user.js: extentions.y2layers.installId - fbb1b449-08e1-49b1-aeee-1e011a17cd68
    FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQUdDfV9l&loc=IB_TB&i=26&search=
    FF - user.js: extensions.incredibar_i.id - 982fece0000000000000001fe15fada4
    FF - user.js: extensions.incredibar_i.instlDay - 15703
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1421:22
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6PQUdDfV9l
    FF - user.js: extensions.incredibar_i.upn2n - 92544181924925055
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10658
    FF - user.js: extensions.incredibar_i.ppd -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    HKLM-Run-ErrorTeck - c:\program files\ErrorTeck\ErrorTeck.exe
    AddRemove-Malwarebytes' Anti-Malware_is1 - f:\malwarebytes' anti-malware\unins000.exe
    AddRemove-VLC media player - c:\users\colin\Desktop\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-25 19:19
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2013-01-25 19:22:00
    ComboFix-quarantined-files.txt 2013-01-25 19:21
    .
    Pre-Run: 30,680,940,544 bytes free
    Post-Run: 31,689,908,224 bytes free
    .
    - - End Of File - - 1AEF1D18254966203787E3E603DA4EB2
     

Share This Page