It is currently Sat Apr 29, 2017 12:48 am


PUP

All versions of Windows 7, 2008 and Vista including 32 bit and 64 bit

Moderator: icecube

PUP

Postby gulliver33 » Sat May 17, 2014 8:30 am

Help an old silver surfer please, I keep getting ( PUP.OPTIONAL.INCREDIBAR.A) every time i do virus check i keep taken them off but the little buggers keep coming back, i have tried all the things they say to do but they have not hijacked my home page , any help please :?
gulliver33
Geek
Geek
 
Posts: 32
Joined: Mon Nov 26, 2012 12:21 am
Operating System: windows 7

Thanks given:0
Thanks received:0
Top

Re: PUP

Postby Gecko » Sat May 17, 2014 11:08 pm

PUP,

Download Malwarebytes Anti-Malware to your desktop and run the install. During the install check the box Check for Update once it's updated then run a Full scan.

When Malwarebytes Anti-Malware is finished it will produce a log, paste the contents of that log into your next reply.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: PUP

Postby gulliver33 » Tue May 20, 2014 6:47 pm

how do i paste the findings into my log ,i cannot drag and drop. or copy and paste i am a bit lost
gulliver33
Geek
Geek
 
Posts: 32
Joined: Mon Nov 26, 2012 12:21 am
Operating System: windows 7

Thanks given:0
Thanks received:0
Top

Re: PUP

Postby gulliver33 » Tue May 20, 2014 8:15 pm

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/05/2014
Scan Time: 20:09:16
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.20.08
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293632
Time Elapsed: 58 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 22
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.aflt", "orgnl");), ,[a305a3b0f78446f04c1927559f65b24e]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.dfltLng", "");), ,[8721dc779edd71c5d194ee8eed17c739]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.did", "10643");), ,[a305a0b39cdfaf8788dde597f2122ed2]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.excTlbr", false);), ,[4266ea697407d46272f3df9d788cb44c]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.id", "d65720ce0000000000000030673751f9");), ,[7a2ec88b562543f3da8b5c20897bc13f]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.installerproductid", "26");), ,[5c4cc98a28535cda2243d1abf212629e]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.instlDay", "15616");), ,[604861f2ef8c92a4c2a3abd10afa40c0]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.instlRef", "");), ,[9810341f0e6dff37ee77116b27dde818]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.ms_url_id", "");), ,[dbcdca89f289360004613943659f31cf]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.newTab", false);), ,[9c0c87ccceadfe38c69ffd7f07fd916f]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.ppd", "7777710");), ,[efb91e35de9d3600f57066161ce81fe1]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.prdct", "incredibar");), ,[e0c8da7946359c9a570e7dff917355ab]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.productid", "26");), ,[fbadcd863b400630acb9eb91e123f20e]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.prtnrId", "Incredibar");), ,[e7c1b89ba6d5171f9cc994e854b0758b]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.smplGrp", "none");), ,[6246e2717efd87afa8bd027ab1537e82]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.tlbrId", "base");), ,[a503341fcab182b40a5b334931d348b8]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6R8H4QD98M&loc=IB_TB&i=26&search=");), ,[b6f2b59e07742d09590c36469a6a49b7]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.upn2", "6R8H4QD98M");), ,[0f99094a156655e1f86d4933a163e719]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.upn2n", "92825164642791308");), ,[0c9c8bc8f6855ed8f66f027ad4309967]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");), ,[08a068ebd7a447efe3828af271938878]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1422:52:42");), ,[7236044fb3c855e1194ca2da758f9868]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");), ,[3672064d1f5c05317aebc1bbc63e02fe]

Physical Sectors: 0
(No malicious items detected)


(end)
gulliver33
Geek
Geek
 
Posts: 32
Joined: Mon Nov 26, 2012 12:21 am
Operating System: windows 7

Thanks given:0
Thanks received:0
Top

Re: PUP

Postby Gecko » Tue May 20, 2014 11:08 pm

gulliver33,

Run Malwarebytes again and when the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
Reboot your computer if prompted.

That should clean your system
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: PUP3

Postby gulliver33 » Wed May 21, 2014 12:08 pm

Did as you said but third time of doing and they still here exactly the same
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");), ,[e72179db215aed4998e02c515aaa08f8]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1422:52:42");), ,[9a6ee371fd7e3006156383fa54b0956b]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");), ,[a76122324239b87eb6c2225bfa0a9868]

PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");), ,[e72179db215aed4998e02c515aaa08f8]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1422:52:42");), ,[9a6ee371fd7e3006156383fa54b0956b]
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");), ,[a76122324239b87eb6c2225bfa0a9868]
gulliver33
Geek
Geek
 
Posts: 32
Joined: Mon Nov 26, 2012 12:21 am
Operating System: windows 7

Thanks given:0
Thanks received:0
Top

Re: PUP

Postby Gecko » Wed May 21, 2014 2:31 pm

Please download combofix to your desktop.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Double click combofix.exe and follow the prompts.

If combofix will not start or is ended before the "Blue window" please rename combofix.exe to cbf.exe and try again.

If cbf.exe will not start or is ended, you will have to run cbf.exe from safe mode.
Reboot in to Safe mode:
Restart Windows after you see the BIOS screen and before Windows starts to load.
Start tapping the F8 key. The Windows Advanced Options Menu appears.
Use the Arrow key to ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.

Do not exit Combofix while it is running you my loose all your personal settings!
Important Note - Do not mouseclick combofix's window while it's running, that may cause it to stall.

When it's done running it will produce a log for you. Please post that log in your next reply.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: PUP: COMBO

Postby gulliver33 » Wed May 21, 2014 4:17 pm

Gecko if you can understand that you are BRILL
ComboFix 14-05-19.01 - User 21/05/2014 15:26:42.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2047.843 [GMT 1:00]
Running from: c:\users\User\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-04-21 to 2014-05-21 )))))))))))))))))))))))))))))))
.
.
2014-05-17 21:54 . 2014-05-17 22:25 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-15 07:58 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 07:58 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 07:58 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 07:58 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-15 07:52 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-13 07:24 . 2014-05-21 14:41 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-13 07:24 . 2014-04-03 08:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-13 07:24 . 2014-04-03 08:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-13 07:24 . 2014-05-13 07:24 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-10 18:00 . 2014-05-20 19:47 -------- d-----w- c:\users\User\AppData\Roaming\WiseUpdate
2014-05-02 14:48 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-05-02 14:47 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-05-02 14:47 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-05-02 14:47 . 2014-01-24 02:37 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-05-02 14:47 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
2014-05-02 14:47 . 2014-02-04 02:35 274880 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-05-02 14:47 . 2014-02-04 02:35 27584 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-05-02 14:47 . 2014-02-04 02:28 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-05-02 14:47 . 2014-02-04 02:00 2048 ----a-w- c:\windows\SysWow64\iologmsg.dll
2014-05-02 14:47 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-05-02 14:46 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-04-30 16:39 . 2014-04-30 16:39 -------- d-----w- c:\programdata\inSpeak
2014-04-30 16:39 . 2014-04-30 16:40 -------- d-----w- c:\users\User\AppData\Roaming\inSpeak
2014-04-30 16:39 . 2014-04-30 16:39 -------- d-----w- c:\program files (x86)\inSpeak
2014-04-30 16:39 . 2009-03-06 16:55 168960 ----a-w- c:\windows\SysWow64\speex32.acm
2014-04-28 21:07 . 2014-04-15 13:59 29496 ----a-w- c:\windows\system32\authuitu.dll
2014-04-28 21:07 . 2014-04-15 13:59 25400 ----a-w- c:\windows\SysWow64\authuitu.dll
2014-04-28 21:07 . 2014-04-15 13:59 43320 ----a-w- c:\windows\system32\uxtuneup.dll
2014-04-28 21:07 . 2014-04-15 13:59 36152 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2014-04-25 18:37 . 2014-04-25 18:37 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-25 18:36 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-04-25 18:36 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-04-23 12:41 . 2014-04-23 12:41 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-23 12:41 . 2014-04-23 12:41 43152 ----a-w- c:\windows\avastSS.scr
2014-04-22 14:37 . 2014-04-23 14:37 -------- d-----w- c:\users\Public\Util
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 12:42 . 2013-12-25 23:23 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-15 12:42 . 2013-12-07 08:27 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-15 12:42 . 2013-12-07 07:48 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-15 07:56 . 2009-11-12 15:22 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 21:27 . 2012-04-03 18:42 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 21:27 . 2011-05-18 07:03 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-23 12:41 . 2013-12-07 08:36 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-23 12:41 . 2013-12-07 08:36 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-23 12:41 . 2013-12-07 08:27 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-23 12:41 . 2013-12-07 08:27 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-23 12:41 . 2011-01-15 22:59 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-17 04:31 . 2014-05-19 07:08 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{728C6F4E-4A82-495C-9B9F-2DAB0AAEDC4D}\mpengine.dll
2014-04-15 13:59 . 2014-03-29 15:36 40760 ----a-w- c:\windows\system32\TURegOpt.exe
2014-04-03 08:50 . 2009-12-08 17:06 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-31 08:35 . 2009-11-12 15:18 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-20 23:03 . 2012-10-10 20:23 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-20 23:03 . 2010-07-10 05:38 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-20 23:03 . 2014-03-20 23:03 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-20 23:03 . 2014-03-20 23:03 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-20 23:02 . 2014-03-20 23:02 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-20 23:02 . 2014-03-20 23:02 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-20 23:02 . 2014-03-20 23:02 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-20 23:02 . 2014-03-20 23:02 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-20 23:02 . 2014-03-20 23:02 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-20 23:02 . 2014-03-20 23:02 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-20 23:02 . 2014-03-20 23:02 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-20 23:02 . 2014-03-20 23:02 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-20 23:02 . 2014-03-20 23:02 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-20 23:02 . 2014-03-20 23:02 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-20 23:02 . 2014-03-20 23:02 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-20 23:02 . 2014-03-20 23:02 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-20 23:02 . 2014-03-20 23:02 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-20 23:02 . 2014-03-20 23:02 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-20 23:02 . 2014-03-20 23:02 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-20 23:02 . 2014-03-20 23:02 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-20 23:02 . 2014-03-20 23:02 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-20 23:02 . 2014-03-20 23:02 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-20 23:02 . 2014-03-20 23:02 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-20 23:02 . 2009-09-27 16:12 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-20 23:02 . 2013-02-26 00:32 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-17 21:11 . 2013-04-24 13:23 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-06 09:31 . 2014-04-10 14:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-10 14:29 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-10 14:30 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-10 14:29 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-10 14:29 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-10 14:30 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-10 14:30 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-10 14:30 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-10 14:29 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-10 14:29 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-10 14:30 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-10 14:29 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-10 14:29 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-10 14:30 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-10 14:30 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-10 14:29 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-10 14:30 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-10 14:29 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-10 14:30 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-10 14:30 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-10 14:29 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-10 14:30 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-10 14:29 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-10 14:29 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-10 14:30 628736 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-10 14:29 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-10 14:29 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-10 14:29 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-10 14:29 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-10 14:29 2260480 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-10 14:29 1400832 ----a-w- c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-10 14:29 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-10 14:29 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-04 13:06 . 2010-07-09 16:27 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2010-07-09 16:27 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2010-07-09 16:27 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2009-09-27 18:22 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2009-09-27 18:22 2558808 ----a-w- c:\windows\system32\nvsvcr.dll
2014-03-04 13:05 . 2010-07-09 16:27 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 11:32 . 2014-03-25 08:40 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-03-04 09:44 . 2014-04-10 14:24 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-10 14:24 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-10 14:24 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-10 14:24 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-10 14:24 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-10 14:24 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-10 14:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-10 14:24 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-10 14:24 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-10 14:24 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-10 14:24 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-12-07 08:43 . 2013-12-07 08:43 50063360 ----a-w- c:\program files (x86)\GUT5C33.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detection"="c:\myfinepix studio\dd.exe" [2013-10-09 857136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-03-13 689744]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-23 3873704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys;c:\windows\SYSNATIVE\DRIVERS\phaudlwr.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SPC520;Philips SPC520NC PC Camera;c:\windows\system32\drivers\SPC520.sys;c:\windows\SYSNATIVE\drivers\SPC520.sys [x]
R3 SPC520m;Philips SPC520NC PC Cameram;c:\windows\system32\drivers\SPC520m.sys;c:\windows\SYSNATIVE\drivers\SPC520m.sys [x]
R3 ST330;ST330;c:\windows\system32\DRIVERS\st330.sys;c:\windows\SYSNATIVE\DRIVERS\st330.sys [x]
R3 STBUS;STBUS;c:\windows\system32\DRIVERS\stbus.sys;c:\windows\SYSNATIVE\DRIVERS\stbus.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AGCoreService;AG Core Services;c:\program files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe;c:\program files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:27]
.
2014-05-18 c:\windows\Tasks\Wise Registry Cleaner Schedule Task.job
- c:\program files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2013-09-02 09:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-23 12:41 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-03-20 1797064]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.orange.co.uk/
mSearch Page = hxxp://uk.woofi.info
uInternet Settings,ProxyOverride = <-loopback>
mSearchAssistant = hxxp://inboxtoolbar.com/search/ie.aspx?tbid=80150
mCustomizeSearch = hxxp://inboxtoolbar.com/help/sa_customi ... tbid=80150
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
Trusted Zone: orkugifs.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5c1si7zr.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 286
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8H4Q ... 26&search=
FF - user.js: extensions.incredibar_i.id - d65720ce0000000000000030673751f9
FF - user.js: extensions.incredibar_i.instlDay - 15616
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1422:52
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8H4QD98M
FF - user.js: extensions.incredibar_i.upn2n - 92825164642791308
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 7777710
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,0d,6c,76,5b,9f,3f,40,8a,0e,ed,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,0d,6c,76,5b,9f,3f,40,8a,0e,ed,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2014-05-21 15:49:33 - machine was rebooted
ComboFix-quarantined-files.txt 2014-05-21 14:49
.
Pre-Run: 266,982,764,544 bytes free
Post-Run: 266,869,436,416 bytes free
.
- - End Of File - - E18E549219920FB5153A6A07A57F783F
A36C5E4F47E84449FF07ED3517B43A31
gulliver33
Geek
Geek
 
Posts: 32
Joined: Mon Nov 26, 2012 12:21 am
Operating System: windows 7

Thanks given:0
Thanks received:0
Top

Re: PUP

Postby Gecko » Wed May 21, 2014 11:20 pm

PUP,

From the Firefox window click the Firefox button at the top left and select Add-ons, or, if the Firefox button is not shown, click the Tools menu and click Add-ons.

Once the Add-on Manager has opened in a new tab, click the Extensions button on the left side of the window.
You should now see a list of your installed extensions on the right side together with buttons on the right side of each extension.

To remove the incredibar extension from Firefox, simply click the Remove button. You should see a message that informs you about the successful removal of the add-on.

Note that some add-ons require a Firefox restart to be removed completely. To perform a Firefox restart after the add-on removal, click the Restart now link in the message.

If incredibar is not in the above list of extensions then you could try to Reset Firefox
The Reset Firefox feature can fix many issues by restoring Firefox to its factory default state while saving your essential information.
Note: This will cause you to lose any Extensions, Open websites, and some Preferences.

To Reset Firefox do the following:

Go to Firefox > Help > Troubleshooting Information.
Click the "Reset Firefox" button.
Firefox will close and reset. After Firefox is done, it will show a window with the information that is imported. Click Finish.
Firefox will open with all factory defaults applied.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: PUP

Postby gulliver33 » Thu May 22, 2014 8:45 am

Thank you Gecko but nothing there not a bloody thing, when i was looking through the " combofix " i did notice in the section !supplementry scan ! a my start incredibar line with a few lines of incredibar underneath now this is the first time i have seen MY START , as i said before it has not hijacked my start page but i still get the same load of files after it has run the threats, after it finished scanning it sends a log to me and it has no threats on it I not understand :? :?
gulliver33
Geek
Geek
 
Posts: 32
Joined: Mon Nov 26, 2012 12:21 am
Operating System: windows 7

Thanks given:0
Thanks received:0
Top

Re: PUP

Postby Gecko » Thu May 22, 2014 1:31 pm

PHP,

Did your try resetting Firefox?

There is one other way to clear the unwanted extension using about:config in Firefox's address bar and resetting each affected extension like i.newTab and all the other extensions related to incredibar listed in the combofix log. However this is not for the average user as there are hundreds of extensions listed.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: PUP

Postby gulliver33 » Fri May 23, 2014 9:01 am

Gecko I would like to thank you for all your trouble in helping me i did reinstall FIREFOX and so far no problems , it was giving me hell every time coming up with those (incredibars) THANK YOU again for all your trouble Gulliver
gulliver33
Geek
Geek
 
Posts: 32
Joined: Mon Nov 26, 2012 12:21 am
Operating System: windows 7

Thanks given:0
Thanks received:0
Top


Return to Windows 7, 2008 and Vista

Who is online

Users browsing this forum: Bing [Bot] and 1 guest

cron