Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Possible Spyware [Solved]

Started by Ardant , Sep 21 2012 05:23 PM

This topic is locked

#1
Ardant

Posted 21 September 2012 - 05:23 PM

Member

Member
229 posts

Im not sure what went wrong. I have no access to the internet anymore on regular Boot up nor does my McAfee run time scan stay on. I have had to go into one of the debugging modes to get this on the web site. I downloaded and installed some driver updates from the Dell Website and since then it has stopped working. I can not see how that may have affected my computer and I did not receive any virus warnings. My system restore points seem to have vanished as well.

Please help

OTL logfile created on: 21/09/2012 6:50:30 PM - Run 2
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Documents and Settings\John Richardson\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 80.21% Memory free
7.96 Gb Paging File | 7.50 Gb Available in Paging File | 94.23% Paging File free
Paging file location(s): C:\pagefile.sys 4989 7500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.73 Gb Total Space | 95.61 Gb Free Space | 32.44% Space Free | Partition Type: NTFS

Computer Name: PARENT | User Name: John Richardson | Logged in as Administrator.
Cannot determine boot mode. | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/21 18:40:28 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Richardson\My Documents\Downloads\OTL.com
PRC - [2012/08/07 00:35:25 | 001,907,712 | ---- | M] (Curse) -- C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\550579TT.1X6\2TV3T52Z.O6V\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384d1fffca2c\CurseClient.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/12/29 23:29:04 | 000,497,496 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/12/29 17:43:30 | 000,620,376 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/06/17 13:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/25 10:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2001/10/15 04:42:45 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/13 07:54:03 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/13 07:52:17 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 07:52:08 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/13 07:51:51 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
MOD - [2012/06/13 07:51:36 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MOD - [2012/06/13 07:50:59 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/13 07:40:26 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_c3d114e9\system.windows.forms.dll
MOD - [2012/05/17 20:12:41 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/17 18:47:34 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/17 18:45:07 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012/05/17 18:44:53 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/17 18:44:28 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/04/09 18:46:40 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f7a02060\mscorlib.dll
MOD - [2012/04/09 18:46:32 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_c3301d63\system.xml.dll
MOD - [2012/04/09 18:46:21 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_660fabde\system.dll
MOD - [2012/04/09 18:46:10 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/04/09 18:46:07 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/04/21 17:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 17:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 17:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2006/11/05 11:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/08/18 14:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2004/08/11 18:23:22 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2004/08/11 18:23:22 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2003/08/03 00:24:01 | 000,192,512 | R--- | M] () -- C:\Program Files\SpywareGuard\dlprotect.dll
MOD - [2003/08/03 00:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\IObitBar\toolbar\1.bin\i0barsvc.exe -- (IObitBarService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\JOHNRI~1\LOCALS~1\Temp\023839~1.EXE -- (0238391338039123mcinstcleanup)
SRV - [2012/09/10 17:44:06 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/09/07 07:20:39 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 23:56:02 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/12/29 23:29:04 | 000,497,496 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/07/06 19:28:00 | 003,980,648 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\sfsync02.sys -- (sfsync02)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- -- (Beep)
DRV - [2012/09/04 01:54:46 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/08/06 16:14:39 | 007,023,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/04/11 14:29:16 | 000,064,048 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - [2008/01/15 19:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/11/15 03:48:20 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/01/14 12:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2004/10/28 06:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.iobit.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4352F279-82F3-4FF2-8C18-74793B4E329F}: "URL" = http://ca.search.yah...p={SearchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKCU\..\SearchScopes\{90D74DB8-5709-4054-911E-52EC8A817CAA}: "URL" = http://ca.search.yah...p={SearchTerms}
IE - HKCU\..\SearchScopes\{945EB1C1-B262-4DC7-ADA7-F6B1D592E691}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-05-23 21:51:21&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: [email protected]:0.83.29
FF - prefs.js..extensions.enabledAddons: [email protected]:1.4.2
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.1
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0
FF - prefs.js..keyword.URL: "http://ca.search.yah...h?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1:9421,localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@IObitBar.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Documents and Settings\John Richardson\Application Data\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\John Richardson\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/08/23 20:37:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/09/21 18:52:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 07:20:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/05 10:38:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2012/09/19 07:41:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Documents and Settings\John Richardson\Application Data\NetAssistant\ [2011/03/27 12:55:05 | 000,000,000 | ---D | M]

[2012/05/23 22:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Extensions
[2012/09/15 08:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions
[2012/09/12 07:29:20 | 000,000,000 | ---D | M] ("Shopping Sidekick") -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions\[email protected]
[2012/09/12 07:29:19 | 000,021,674 | ---- | M] () (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions\[email protected]
[2012/09/15 08:02:32 | 000,270,876 | ---- | M] () (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/09/21 18:37:30 | 000,001,982 | ---- | M] () -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\searchplugins\search-here.xml
[2012/06/02 11:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/23 20:37:03 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012/09/07 07:20:40 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/04/01 10:14:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/06 06:28:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/12 19:10:57 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/09/06 06:28:24 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT3244149
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.134.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: DefaultTab = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0\
CHR - Extension: WhiteSmoke US New = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/20 18:34:46 | 000,442,125 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15216 more lines...
O2 - BHO: (no name) - {11111111-1111-1111-1111-110011501158} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120629090458.dll (McAfee, Inc.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\John Richardson\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\John Richardson\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Documents and Settings\John Richardson\Start Menu\Programs\Startup\SpywareGuard.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\John Richardson\Start Menu\Programs\Startup\Xfire.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1348016834586 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1333671003155 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD334E44-7F06-497C-A727-0B7C2627C830}: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2008 - No CLSID value found
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/18 23:28:27 | 000,146,872 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\HipShieldK.sys
[2012/09/18 20:54:58 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2012/09/18 20:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Support Center
[2012/09/18 20:48:37 | 000,741,376 | ---- | C] (Foxconn Technology Group) -- C:\Documents and Settings\John Richardson\My Documents\530_1018.EXE
[2012/09/18 20:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\Conduit
[2012/09/10 19:35:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\John Richardson\My Documents\Chica Passwords
[2012/09/10 19:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\DefaultTab
[2012/09/10 19:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Application Data\DefaultTab
[2012/09/10 19:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\Shopping Sidekick
[2012/09/10 19:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\CRE
[2012/09/07 19:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Application Data\raidcall
[2012/09/07 19:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Start Menu\Programs\RaidCall
[2012/09/07 19:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\RaidCall
[2012/09/04 00:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2012/09/03 23:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2012/09/03 23:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/08/22 20:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\StarCraft II
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/21 18:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/21 18:54:16 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2012/09/21 18:49:20 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/21 18:48:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/21 18:48:10 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/19 19:48:36 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-879840139-2802958703-907680667-1005UA.job
[2012/09/19 15:01:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/19 15:00:05 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/09/19 00:48:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-879840139-2802958703-907680667-1005Core.job
[2012/09/18 20:53:11 | 000,000,568 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/09/18 20:49:13 | 039,276,256 | ---- | M] () -- C:\Documents and Settings\John Richardson\My Documents\R180772.exe
[2012/09/18 20:48:47 | 003,915,632 | ---- | M] () -- C:\Documents and Settings\John Richardson\My Documents\CW1340A0.exe
[2012/09/18 20:48:43 | 001,574,031 | ---- | M] () -- C:\Documents and Settings\John Richardson\My Documents\R181505.zip
[2012/09/18 20:48:39 | 000,741,376 | ---- | M] (Foxconn Technology Group) -- C:\Documents and Settings\John Richardson\My Documents\530_1018.EXE
[2012/09/17 07:30:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/07 19:14:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\RaidCall.lnk
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/04 00:37:29 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/09/04 00:37:29 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/08/22 21:29:58 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/20 07:31:01 | 3487,744,000 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/18 21:09:06 | 000,201,806 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-879840139-2802958703-907680667-1005-0.dat
[2012/09/18 21:09:02 | 000,201,806 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/09/18 20:53:10 | 000,000,568 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/09/18 20:53:09 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/09/18 20:48:48 | 039,276,256 | ---- | C] () -- C:\Documents and Settings\John Richardson\My Documents\R180772.exe
[2012/09/18 20:48:45 | 003,915,632 | ---- | C] () -- C:\Documents and Settings\John Richardson\My Documents\CW1340A0.exe
[2012/09/18 20:48:41 | 001,574,031 | ---- | C] () -- C:\Documents and Settings\John Richardson\My Documents\R181505.zip
[2012/09/07 19:14:05 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\RaidCall.lnk
[2012/09/03 23:56:10 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/09/03 23:56:09 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/08/22 20:01:46 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2012/06/03 11:44:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/23 22:26:32 | 000,034,814 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\dt.dat
[2012/05/23 07:36:35 | 000,886,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/02 22:54:46 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2012/05/02 00:14:07 | 011,272,192 | ---- | C] () -- C:\Documents and Settings\John Richardson\NTUSER.bak
[2012/04/09 18:17:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/26 01:00:10 | 000,389,882 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\census.cache
[2011/10/26 00:59:53 | 000,236,975 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\ars.cache
[2011/10/25 23:25:51 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\housecall.guid.cache
[2011/05/30 19:55:28 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2011/05/30 19:55:28 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2011/03/13 11:38:17 | 000,000,463 | ---- | C] () -- C:\Documents and Settings\John Richardson\test
[2011/02/21 16:11:38 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011/02/21 16:11:08 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/04/26 12:38:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John Richardson\Application Data\wklnhst.dat
[2008/03/06 23:08:23 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/25 20:02:55 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/08/11 18:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

========== LOP Check ==========

[2012/04/01 10:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/08/21 19:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2012/05/23 21:11:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/08/07 00:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Curse Client
[2011/06/05 18:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/10/29 19:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2011/01/04 19:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2012/02/10 08:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/05/24 21:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/05 18:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2012/09/18 20:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/04/03 18:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/06/27 07:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/04/05 07:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/12/27 18:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Acreon
[2012/05/26 09:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\AVG
[2012/05/23 21:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\AVG Secure Search
[2012/05/23 21:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\AVG2012
[2011/07/16 20:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Bioshock
[2011/05/30 19:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\BugTrap Console Test108
[2008/03/01 15:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Canon
[2012/09/10 19:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\DefaultTab
[2012/06/03 13:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Downloaded Installations
[2012/06/18 20:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\DriverCure
[2010/03/28 14:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\FOG Downloader
[2011/08/20 12:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\IGG
[2012/02/10 08:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\IObit
[2011/03/27 12:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Itibiti
[2011/07/16 20:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Kalypso Media
[2011/03/27 12:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\NetAssistant
[2012/04/05 07:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\PCDr
[2012/06/03 13:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\PingPlotter
[2012/09/18 20:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\raidcall
[2011/03/27 13:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\RegistryKeys
[2011/08/06 14:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Sony Online Entertainment
[2012/06/18 20:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\SpeedMaxPc
[2008/04/26 12:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Template
[2011/07/07 21:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Unity
[2011/05/03 21:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\wargaming.net
[2012/06/02 09:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Wise Registry Cleaner

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\WINDOWS\System32\XPSViewer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\SxsCaPendDel:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\LastGood:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\ie8updates:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\ie8:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2736233$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2731847$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2723135$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2719985$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2718704$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2718523$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2709162$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2698365$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2685939$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2655992$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\World of Warcraft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Ubisoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Sun:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\SpywareBlaster:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Sony Online Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Reference Assemblies:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\RaidCall:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\QuickTax 2009:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\QuickTax 2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\QuickTax 2007:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\PingPlotter Standard:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Origin Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\NOS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\MSECache:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\MSBuild:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Mozilla Maintenance Service:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\McAfee.com:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\McAfee Security Scan:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\IObit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\IObit Toolbar:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\FreeApps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\File Type Assistant:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\EA SPORTS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Diablo III:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\DefaultTab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Common Files\Intuit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Common Files\AnswerWorks 4.0:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\AVG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\AAS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\NetmarbleGlobal:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ie-spyad_zo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Download:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\SACore:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\McAfee:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\Macromedia:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\RaidCall:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\FreeApps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\Administrative Tools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\PrivacIE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\SH3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\QuickTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\Madden NFL 07:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\KOEI:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\Diablo III:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Temp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Shopping Sidekick:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Electronic Arts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Dell:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\CRE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Blizzard Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\AskToolbar:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\IECompatCache:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\ZonedOut:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\Runes_of_Magic_2.1.6.2049:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\New Hampshire Trip 2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\Adobe Reader 9 Installer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\SpeedMaxPc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Sony Online Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\RegistryKeys:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\raidcall:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\PingPlotter:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\NetAssistant:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Mozilla:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Itibiti:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\IObit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Intuit Canada:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\FOG Downloader:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\DriverCure:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Downloaded Installations:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\DefaultTab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\AVG Secure Search:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Acreon:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Ventrilo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\QuickTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\NetmarbleGlobal:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\McAfee:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Diablo III:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\SpeedMaxPc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\NOS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Mozilla:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\MFAData:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Intuit Canada:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\FreeApp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Common Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Blizzard:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Battle.net:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Ask:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Config.Msi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\b90c13be94acef04c636:Roxio EMC Stream
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

#2
Essexboy

Posted 22 September 2012 - 06:30 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there once these two programmes have run could you update me on the problems

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
Posted Image

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
FF - prefs.js..extensions.enabledAddons: [email protected]:0.83.29
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1:9421,localhost,127.0.0.1"
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Documents and Settings\John Richardson\Application Data\NetAssistant\ [2011/03/27 12:55:05 | 000,000,000 | ---D | M]
[2012/09/12 07:29:20 | 000,000,000 | ---D | M] ("Shopping Sidekick") -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions\[email protected]
[2012/09/12 07:29:19 | 000,021,674 | ---- | M] () (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions\[email protected]
O2 - BHO: (no name) - {11111111-1111-1111-1111-110011501158} - No CLSID value found.
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\John Richardson\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
[2012/09/10 19:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Application Data\DefaultTab
[2012/09/10 19:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\Shopping Sidekick
[2012/09/10 19:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\CRE
[2012/09/18 20:49:13 | 039,276,256 | ---- | M] () -- C:\Documents and Settings\John Richardson\My Documents\R180772.exe
[2012/09/18 20:48:47 | 003,915,632 | ---- | M] () -- C:\Documents and Settings\John Richardson\My Documents\CW1340A0.exe
[2012/09/18 20:48:43 | 001,574,031 | ---- | M] () -- C:\Documents and Settings\John Richardson\My Documents\R181505.zip
[2012/09/18 20:48:39 | 000,741,376 | ---- | M] (Foxconn Technology Group) -- C:\Documents and Settings\John Richardson\My Documents\530_1018.EXE
[2011/03/27 12:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\NetAssistant

:Files
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#3
Ardant

Posted 22 September 2012 - 10:35 AM

Member

Topic Starter
Member
229 posts

I have done as suggested. I am still having McAfee Realtime Scanning disable on me shortly after startup and still can not connect to the internet under normal boot up.

During Combofix it said I have AVG security installed but I do not. I have tried to find some reference on my computer to this program but can not find it anywhere. I deleted it a long time ago and thought I got it all.

Please advise.

ComboFix 12-09-22.02 - John Richardson 22/09/2012 11:45:19.4.2 - x86 DSREPAIR
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2607 [GMT -4:00]
Running from: c:\documents and settings\John Richardson\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\06004c97-c212-44da-81de-706b46554efe.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\0d85b53c-d766-4bf0-8940-17b534910268.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\140239b3-d59a-46fa-b856-17682a46cb44.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\16837627-a839-41c5-a88f-3a0335128383.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\2ee79d71-badc-46b4-b731-42b15f3cd1c3.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3a79f062-8f3e-464f-9815-2c45840494ee.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3e4c86d5-a5c1-4c3f-8fc7-6258992b16c5.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\44ddba62-3b58-480f-a775-ae7e9dd9d5df.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\493f295d-1a46-46f6-926c-63b474cedab4.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4a6ad3dd-db4c-4c85-a238-f9483baae32d.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\5e1c102f-bfde-420c-87c0-64fe851888e5.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\684a43a7-04d5-4797-bc20-4db8a316286c.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\7014e871-cc3b-4dec-b82b-bc70222b40ed.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-22 to 2012-09-22 )))))))))))))))))))))))))))))))
.
.
2012-09-22 15:32 . 2012-09-22 15:32 -------- d-----w- C:\_OTL
2012-09-19 03:29 . 2012-09-19 03:29 -------- d---a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\McAfee Anti-Theft
2012-09-19 03:28 . 2012-04-20 20:40 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-09-19 00:55 . 2007-11-07 21:31 1191936 ----a-w- c:\windows\RtlUpd.exe
2012-09-19 00:53 . 2005-05-03 22:43 69632 ----a-w- c:\windows\Alcmtr.exe
2012-09-19 00:46 . 2012-09-19 00:46 -------- d-----w- c:\documents and settings\John Richardson\Local Settings\Application Data\Conduit
2012-09-10 23:26 . 2012-09-10 23:26 -------- d---a-w- c:\program files\DefaultTab
2012-09-10 23:25 . 2012-09-22 15:33 -------- d---a-w- c:\documents and settings\John Richardson\Application Data\DefaultTab
2012-09-07 23:14 . 2012-09-19 00:42 -------- d---a-w- c:\documents and settings\John Richardson\Application Data\raidcall
2012-09-07 23:13 . 2012-09-07 23:24 -------- d---a-w- c:\program files\RaidCall
2012-09-06 23:51 . 2012-09-06 10:28 266720 ----a-w- c:\program files\Mozilla Firefox\updated\components\browsercomps.dll
2012-09-06 23:51 . 2012-09-06 10:28 73696 ----a-w- c:\program files\Mozilla Firefox\updated\breakpadinjector.dll
2012-09-06 23:51 . 2012-09-06 10:28 18912 ----a-w- c:\program files\Mozilla Firefox\updated\AccessibleMarshal.dll
2012-09-06 10:28 . 2012-09-07 11:20 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-04 03:56 . 2012-09-04 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2012-09-04 03:56 . 2012-09-04 03:56 -------- d---a-w- c:\program files\McAfee Security Scan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 21:04 . 2012-06-02 14:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 03:56 . 2012-04-05 01:15 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-04 03:56 . 2011-06-05 22:48 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:14 . 2004-08-11 22:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec
2012-07-06 13:58 . 2004-08-11 22:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2004-08-11 22:11 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-11 22:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-02 05:36 . 2012-06-03 17:36 44 ---h--w- c:\program files\d81f0199.tmp
2012-09-07 11:20 . 2012-05-24 02:44 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2010-09-01 11:07 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-14 1103216]
"Akamai NetSession Interface"="c:\documents and settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-08 3331872]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 196608]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk.disabled [2008-11-10 767]
.
c:\documents and settings\John Richardson\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-2-2 0]
SpywareGuard.lnk.disabled [2008-11-13 650]
Xfire.lnk.disabled [2008-3-9 650]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MarbleStation"=c:\netmarbleglobal\MarbleStation\GlbMSLauncher.exe
"AVG PC Tuneup"="c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe" -UseTray
"Steam"="c:\program files\Steam\Steam.exe" -silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 07\\Updater.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\king's bounty - the legend\\kb.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\king's bounty - the legend\\save_fixer.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\kings bounty armored princess\\kb.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dungeon siege iii\\Dungeon Siege III.exe"=
"c:\\NetmarbleGlobal\\MarbleStation\\nmgDownloader\\nmgDownload.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization v\\Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\FEAR2\\FEAR2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\John Richardson\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58199:TCP"= 58199:TCP:Pando Media Booster
"58199:UDP"= 58199:UDP:Pando Media Booster
"59153:TCP"= 59153:TCP:Pando Media Booster
"59153:UDP"= 59153:UDP:Pando Media Booster
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [18/06/2012 9:09 PM 64048]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [18/06/2012 9:33 PM 89792]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [10/02/2012 8:21 AM 497496]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [04/07/2011 11:19 PM 821080]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [18/06/2012 9:33 PM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [18/06/2012 9:33 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [18/06/2012 9:33 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [18/06/2012 9:34 PM 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [28/09/2011 7:44 AM 151880]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [18/06/2012 9:33 PM 57600]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [18/06/2012 9:33 PM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [18/06/2012 9:26 PM 83856]
S2 0238391338039123mcinstcleanup;McAfee Application Installer Cleanup (0238391338039123);c:\docume~1\JOHNRI~1\LOCALS~1\Temp\023839~1.EXE -cleanup -nolog --> c:\docume~1\JOHNRI~1\LOCALS~1\Temp\023839~1.EXE -cleanup -nolog [?]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [11/08/2004 6:00 PM 14336]
S2 IObitBarService;IObit Toolbar Service;c:\progra~1\IObitBar\toolbar\1.bin\i0barsvc.exe --> c:\progra~1\IObitBar\toolbar\1.bin\i0barsvc.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [04/04/2012 9:15 PM 250568]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [18/06/2012 9:26 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [18/06/2012 9:33 PM 87656]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [23/05/2012 10:44 PM 114144]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [04/09/2012 1:54 AM 22640]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 03:56]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879840139-2802958703-907680667-1005Core.job
- c:\documents and settings\John Richardson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-10 13:47]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879840139-2802958703-907680667-1005UA.job
- c:\documents and settings\John Richardson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-10 13:47]
.
2012-09-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-09-19 03:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.iobit.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?fr=mcafee&p=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 64.71.255.198
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
FF - ProfilePath - c:\documents and settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - (no file)
AddRemove-DefaultTab - c:\documents and settings\John Richardson\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-22 11:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-879840139-2802958703-907680667-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:64,5f,aa,30,64,48,a5,e2,9f,c3,01,ee,47,f7,9e,7e,11,7d,de,3f,53,e3,61,
65,b7,0a,a4,67,96,3d,f0,d2,33,47,2f,b8,2d,b6,f7,26,49,ca,63,67,c0,74,0f,5b,\
"??"=hex:af,4b,db,31,8c,18,8b,1f,0f,e7,56,55,e3,4a,d7,19
.
[HKEY_USERS\S-1-5-21-879840139-2802958703-907680667-1005\Software\SecuROM\License information*]
"datasecu"=hex:0a,47,da,bf,05,8d,0f,be,20,c2,57,a6,7b,b5,88,5e,81,27,16,9c,97,
89,0a,02,81,a1,3b,86,4c,bd,a7,41,81,f1,d2,ff,11,9b,ba,90,1f,12,3f,26,b6,f7,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-09-22 12:00:29
ComboFix-quarantined-files.txt 2012-09-22 16:00
.
Pre-Run: 107,627,008,000 bytes free
Post-Run: 107,579,887,616 bytes free
.
- - End Of File - - 1CEDC4774A852519A5A253B892645DAE

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: [email protected]:0.83.29 removed from extensions.enabledAddons
Prefs.js: "127.0.0.1:9421,localhost,127.0.0.1" removed from network.proxy.no_proxies_on
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1266764D-FC4F-4FA7-B63B-884D53B1680F}\ not found.
C:\Documents and Settings\John Richardson\Application Data\NetAssistant\defaults\preferences folder moved successfully.
C:\Documents and Settings\John Richardson\Application Data\NetAssistant\defaults folder moved successfully.
C:\Documents and Settings\John Richardson\Application Data\NetAssistant\chrome\content folder moved successfully.
C:\Documents and Settings\John Richardson\Application Data\NetAssistant\chrome folder moved successfully.
C:\Documents and Settings\John Richardson\Application Data\NetAssistant folder moved successfully.
C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions\[email protected]\skin folder moved successfully.
C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions\[email protected]\locale folder moved successfully.
C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions\[email protected]\defaults folder moved successfully.
C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions\[email protected]\chrome folder moved successfully.
C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions\[email protected] folder moved successfully.
C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions\[email protected] moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501158}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011501158}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
C:\Documents and Settings\John Richardson\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\John Richardson\Application Data\DefaultTab\DefaultTab folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Shopping Sidekick\Chrome folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Shopping Sidekick folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\CRE folder moved successfully.
C:\Documents and Settings\John Richardson\My Documents\R180772.exe moved successfully.
C:\Documents and Settings\John Richardson\My Documents\CW1340A0.exe moved successfully.
C:\Documents and Settings\John Richardson\My Documents\R181505.zip moved successfully.
C:\Documents and Settings\John Richardson\My Documents\530_1018.EXE moved successfully.
Folder C:\Documents and Settings\John Richardson\Application Data\NetAssistant\ not found.
========== FILES ==========
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0\plugins folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0\js folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0\images\injection folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0\images\engines_icons folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0\images folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0\css\jquery_ui\images folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0\css\jquery_ui folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0\css folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0 folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\_locales\en folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\_locales folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\toolbarImages folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\sl folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\lib\jquery.alerts\images folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\lib\jquery.alerts folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\lib folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\core folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\WEATHER\js folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\WEATHER\css folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\WEATHER folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TWITTER\js folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TWITTER\img folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TWITTER folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_POPUP\js folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_POPUP folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_EMBEDDED folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\js folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_BCAPI folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\view folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\js folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\Optimizer\js folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\Optimizer folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\404 folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\menu\js folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\menu\img folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\menu\css folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\menu folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\gf\img folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\gf\css folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\gf folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\gadgetFrame folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\dlg\ftd folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\dlg folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui folder moved successfully.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog\images scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog scheduled to be moved on reboot.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\js folder moved successfully.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector scheduled to be moved on reboot.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\options\js\resources folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\options\js folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\options\images folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\options\css folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\options folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\myStuffDialogs folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\features\js\resources folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\features\js folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\features folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\api folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ac\res folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ac\img folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ac\css folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ac folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\aboutBox\js folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\aboutBox\images folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\aboutBox folder moved successfully.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb scheduled to be moved on reboot.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\plugins folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js\toolbarAPI folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js\tabs\back folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js\tabs folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js\popup folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js\options folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js\lib folder moved successfully.
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js folder moved successfully.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif scheduled to be moved on reboot.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\John Richardson\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\John Richardson\My Documents\Downloads\cmd.txt deleted successfully.
< netsh int ip reset c:\resetlog.txt /c >
C:\Documents and Settings\John Richardson\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\John Richardson\My Documents\Downloads\cmd.txt deleted successfully.
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection 5:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\John Richardson\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\John Richardson\My Documents\Downloads\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection 5:
Connection-specific DNS Suffix . : phub.net.cable.rogers.com
IP Address. . . . . . . . . . . . : 192.168.1.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
C:\Documents and Settings\John Richardson\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\John Richardson\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->FireFox cache emptied: 6449267 bytes
->Flash cache emptied: 291 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John Richardson
->Temp folder emptied: 807215 bytes
->Temporary Internet Files folder emptied: 312961 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 285270397 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 9430 bytes

User: Kristi Richardson
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 1141 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: TEMP

User: TEMP.PARENT

User: TEMP.PARENT.000

User: TEMP.PARENT.001

User: TEMP.PARENT.002

User: TEMP.PARENT.003

User: TEMP.PARENT.004

User: TEMP.PARENT.005

User: TEMP.PARENT.006

User: TEMP.PARENT.007

User: TEMP.PARENT.008

User: TEMP.PARENT.009

User: TEMP.PARENT.010

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 279.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.65.1 log created on 09222012_113240

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\searchProtectorSettingsDialog\images not found!
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog\images scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog\images scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog\images scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog\images scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog\images scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog\images scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog\images scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_710.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#4
Essexboy

Posted 22 September 2012 - 12:31 PM

GeekU Moderator

Retired Staff
69,964 posts

OK I believe the problem may be McAfee

Download a fresh copy of McAfee to your desktop and ensure that you have your licence key before you do the next step

Download the McAfee removal tool to your desktop
Uninstall McAfee via control panel
Run the McAfee removal tool

Reboot and install the new copy
Once done try the internet

#5
Ardant

Posted 22 September 2012 - 02:42 PM

Member

Topic Starter
Member
229 posts

Seems to be working now. I will keep an eye on it. I posted another OTL Log just in case. Im not sure what would have caused the problems with McAfee or the internet But thank you for your help.

OTL logfile created on: 22/09/2012 4:24:06 PM - Run 3
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Documents and Settings\John Richardson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 80.25% Memory free
7.96 Gb Paging File | 7.18 Gb Available in Paging File | 90.18% Paging File free
Paging file location(s): C:\pagefile.sys 4989 7500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.73 Gb Total Space | 100.17 Gb Free Space | 33.99% Space Free | Partition Type: NTFS

Computer Name: PARENT | User Name: John Richardson | Logged in as Administrator.
Cannot determine boot mode. | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/21 18:40:28 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Richardson\Desktop\OTL.com
PRC - [2012/05/25 17:13:56 | 000,151,912 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2012/05/25 17:07:30 | 000,161,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2012/05/25 17:07:04 | 000,166,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/12/29 23:29:04 | 000,497,496 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/12/29 17:43:36 | 000,368,472 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe
PRC - [2011/12/29 17:43:30 | 000,620,376 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/04/08 13:59:50 | 000,419,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MAT\McPvTray.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/25 10:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2001/10/15 04:42:45 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/13 07:40:37 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_643b6d13\system.drawing.dll
MOD - [2012/06/13 07:40:26 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_c3d114e9\system.windows.forms.dll
MOD - [2012/06/13 07:40:05 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012/04/09 18:46:40 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f7a02060\mscorlib.dll
MOD - [2012/04/09 18:46:32 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_c3301d63\system.xml.dll
MOD - [2012/04/09 18:46:21 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_660fabde\system.dll
MOD - [2012/04/09 18:46:10 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/04/09 18:46:09 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/04/09 18:46:07 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/04/21 17:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 17:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 17:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2006/11/05 11:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/08/18 14:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2004/08/11 18:23:24 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2004/08/11 18:23:22 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2004/08/11 18:23:22 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2003/08/03 00:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\IObitBar\toolbar\1.bin\i0barsvc.exe -- (IObitBarService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/09/07 07:20:39 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 23:56:02 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/23 11:55:10 | 000,362,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/06/14 13:40:08 | 000,828,032 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\temp\0244051348344585mcinst.exe -- (0244051348344585mcinstcleanup)
SRV - [2012/05/25 17:13:56 | 000,151,912 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2012/05/25 17:07:30 | 000,161,664 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/05/25 17:07:04 | 000,166,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/12/29 23:29:04 | 000,497,496 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/07/06 19:28:00 | 003,980,648 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\sfsync02.sys -- (sfsync02)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOHNRI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- -- (Beep)
DRV - [2012/09/04 01:54:46 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/08/06 16:14:39 | 007,023,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/04/11 14:29:16 | 000,064,048 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - [2008/01/15 19:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/11/15 03:48:20 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/01/14 12:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2004/10/28 06:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.iobit.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4352F279-82F3-4FF2-8C18-74793B4E329F}: "URL" = http://ca.search.yah...p={SearchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKCU\..\SearchScopes\{90D74DB8-5709-4054-911E-52EC8A817CAA}: "URL" = http://ca.search.yah...p={SearchTerms}
IE - HKCU\..\SearchScopes\{945EB1C1-B262-4DC7-ADA7-F6B1D592E691}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-05-23 21:51:21&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.1
FF - prefs.js..keyword.URL: "http://ca.search.yah...h?fr=mcafee&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@IObitBar.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Documents and Settings\John Richardson\Application Data\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\John Richardson\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/09/22 16:09:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/09/22 16:07:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/22 15:14:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/05 10:38:15 | 000,000,000 | ---D | M]

[2012/05/23 22:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Extensions
[2012/09/22 11:32:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions
[2012/09/15 08:02:32 | 000,270,876 | ---- | M] () (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/09/22 11:32:17 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\searchplugins\search-here.xml
[2012/06/02 11:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 07:20:40 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/01 10:14:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/06 06:28:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/22 12:22:09 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/09/06 06:28:24 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT3244149
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.134.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: Gmail = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/22 11:52:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {11111111-1111-1111-1111-110011501158} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120922155917.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [McPvTray_exe] C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\John Richardson\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Documents and Settings\John Richardson\Start Menu\Programs\Startup\SpywareGuard.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\John Richardson\Start Menu\Programs\Startup\Xfire.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1348016834586 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1333671003155 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD334E44-7F06-497C-A727-0B7C2627C830}: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2008 - No CLSID value found
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/22 16:23:58 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Richardson\Desktop\OTL.com
[2012/09/22 16:00:31 | 000,064,048 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\McPvDrv.sys
[2012/09/22 16:00:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2012/09/22 16:00:30 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\John Richardson\My Documents\McAfee Vaults
[2012/09/22 15:59:17 | 000,009,608 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2012/09/22 15:59:09 | 000,340,920 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2012/09/22 15:59:09 | 000,180,848 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2012/09/22 15:59:09 | 000,083,856 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2012/09/22 15:59:09 | 000,059,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2012/09/22 15:59:08 | 000,057,600 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2012/09/22 15:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2012/09/22 15:40:40 | 000,089,792 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2012/09/22 15:40:40 | 000,087,656 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2012/09/22 15:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2012/09/22 15:40:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/09/22 15:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012/09/22 15:27:08 | 000,151,912 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2012/09/22 15:09:29 | 003,178,400 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\John Richardson\Desktop\MCPR.exe
[2012/09/22 11:42:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/09/22 11:42:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/09/22 11:42:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/09/22 11:42:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/09/22 11:32:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/22 11:22:00 | 004,754,913 | R--- | C] (Swearware) -- C:\Documents and Settings\John Richardson\Desktop\ComboFix.exe
[2012/09/18 23:28:27 | 000,146,872 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\HipShieldK.sys
[2012/09/18 20:54:58 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2012/09/18 20:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Support Center
[2012/09/18 20:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\Conduit
[2012/09/10 19:35:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\John Richardson\My Documents\Chica Passwords
[2012/09/10 19:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\DefaultTab
[2012/09/10 19:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Application Data\DefaultTab
[2012/09/07 19:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Application Data\raidcall
[2012/09/07 19:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Start Menu\Programs\RaidCall
[2012/09/07 19:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\RaidCall
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/22 16:09:17 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2012/09/22 16:04:05 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/22 16:03:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/22 16:03:17 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/22 15:59:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/22 15:48:01 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-879840139-2802958703-907680667-1005UA.job
[2012/09/22 15:07:45 | 003,178,400 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\John Richardson\Desktop\MCPR.exe
[2012/09/22 12:10:22 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2012/09/22 11:52:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/09/22 11:22:01 | 004,754,913 | R--- | M] (Swearware) -- C:\Documents and Settings\John Richardson\Desktop\ComboFix.exe
[2012/09/22 00:48:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-879840139-2802958703-907680667-1005Core.job
[2012/09/21 19:38:17 | 000,405,729 | ---- | M] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\census.cache
[2012/09/21 19:38:15 | 000,236,975 | ---- | M] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\ars.cache
[2012/09/21 18:40:28 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Richardson\Desktop\OTL.com
[2012/09/19 15:01:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/18 20:53:11 | 000,000,568 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/09/17 07:30:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/12 03:05:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/07 19:14:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\RaidCall.lnk
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/22 16:01:02 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2012/09/22 12:10:22 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2012/09/22 11:42:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/09/22 11:42:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/09/22 11:42:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/09/22 11:42:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/09/22 11:42:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/20 07:31:01 | 3487,744,000 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/18 21:09:06 | 000,201,806 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-879840139-2802958703-907680667-1005-0.dat
[2012/09/18 21:09:02 | 000,201,806 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/09/18 20:53:10 | 000,000,568 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/09/12 03:05:28 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/09/07 19:14:05 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\RaidCall.lnk
[2012/06/03 11:44:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/23 22:26:32 | 000,034,814 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\dt.dat
[2012/05/23 07:36:35 | 000,886,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/02 22:54:46 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2012/05/02 00:14:07 | 011,272,192 | ---- | C] () -- C:\Documents and Settings\John Richardson\NTUSER.bak
[2012/04/09 18:17:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/26 01:00:10 | 000,405,729 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\census.cache
[2011/10/26 00:59:53 | 000,236,975 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\ars.cache
[2011/10/25 23:25:51 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\housecall.guid.cache
[2011/05/30 19:55:28 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2011/05/30 19:55:28 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2011/03/13 11:38:17 | 000,000,463 | ---- | C] () -- C:\Documents and Settings\John Richardson\test
[2011/02/21 16:11:38 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011/02/21 16:11:08 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/04/26 12:38:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John Richardson\Application Data\wklnhst.dat
[2008/03/06 23:08:23 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/25 20:02:55 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/08/11 18:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

========== LOP Check ==========

[2012/04/01 10:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/08/21 19:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2012/05/23 21:11:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/08/07 00:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Curse Client
[2011/06/05 18:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/10/29 19:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2011/01/04 19:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2012/02/10 08:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/05/24 21:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/05 18:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2012/09/18 20:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/04/03 18:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/06/27 07:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/04/05 07:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/12/27 18:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Acreon
[2012/05/26 09:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\AVG
[2012/05/23 21:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\AVG Secure Search
[2012/05/23 21:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\AVG2012
[2011/07/16 20:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Bioshock
[2011/05/30 19:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\BugTrap Console Test108
[2008/03/01 15:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Canon
[2012/09/22 11:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\DefaultTab
[2012/06/03 13:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Downloaded Installations
[2012/06/18 20:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\DriverCure
[2010/03/28 14:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\FOG Downloader
[2011/08/20 12:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\IGG
[2012/02/10 08:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\IObit
[2011/03/27 12:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Itibiti
[2011/07/16 20:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Kalypso Media
[2012/04/05 07:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\PCDr
[2012/06/03 13:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\PingPlotter
[2012/09/18 20:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\raidcall
[2011/03/27 13:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\RegistryKeys
[2011/08/06 14:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Sony Online Entertainment
[2012/06/18 20:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\SpeedMaxPc
[2008/04/26 12:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Template
[2011/07/07 21:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Unity
[2011/05/03 21:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\wargaming.net
[2012/06/02 09:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Wise Registry Cleaner

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\WINDOWS\System32\XPSViewer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\SxsCaPendDel:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\ie8updates:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\ie8:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2736233$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2731847$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2723135$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2719985$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2718704$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2718523$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2709162$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2698365$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2685939$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2655992$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\World of Warcraft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Ubisoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Sun:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\SpywareBlaster:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Sony Online Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Reference Assemblies:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\RaidCall:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\QuickTax 2009:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\QuickTax 2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\QuickTax 2007:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\PingPlotter Standard:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Origin Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\NOS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\MSECache:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\MSBuild:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Mozilla Maintenance Service:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\IObit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\IObit Toolbar:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\FreeApps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\File Type Assistant:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\EA SPORTS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Diablo III:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\DefaultTab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Common Files\Intuit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Common Files\AnswerWorks 4.0:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\AVG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\AAS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\NetmarbleGlobal:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ie-spyad_zo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Download:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\SACore:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\McAfee:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\Macromedia:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\RaidCall:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\FreeApps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\Administrative Tools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\PrivacIE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\SH3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\QuickTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\Madden NFL 07:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\KOEI:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\Diablo III:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Temp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Electronic Arts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Dell:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Blizzard Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\AskToolbar:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\IECompatCache:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\ZonedOut:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\Runes_of_Magic_2.1.6.2049:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\New Hampshire Trip 2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\Adobe Reader 9 Installer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\SpeedMaxPc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Sony Online Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\RegistryKeys:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\raidcall:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\PingPlotter:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Mozilla:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Itibiti:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\IObit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Intuit Canada:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\FOG Downloader:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\DriverCure:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Downloaded Installations:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\DefaultTab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\AVG Secure Search:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Acreon:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Ventrilo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\QuickTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\NetmarbleGlobal:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Diablo III:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\SpeedMaxPc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\NOS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Mozilla:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\MFAData:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Intuit Canada:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\FreeApp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Common Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Blizzard:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Battle.net:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Ask:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Config.Msi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\b90c13be94acef04c636:Roxio EMC Stream
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

#6
Essexboy

Posted 22 September 2012 - 03:40 PM

GeekU Moderator

Retired Staff
69,964 posts

The malware damaged McAfee and usually the first thing to go is the firewall which will block internet access

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[emptytemp]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
In the Run box, type in ComboFix /Uninstall
(Notice the space between the "x" and "/")
then click OK
Follow the prompts on the screen
A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to this site and click Do I have Java
It will check your current version and then offer to update to the latest version

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:

#7
Ardant

Posted 22 September 2012 - 04:49 PM

Member

Topic Starter
Member
229 posts

I have done all you suggested. According to File Hippo I have updates but IE will not allow me to access them. Any ideas as to how to gain access?

#8
Essexboy

Posted 23 September 2012 - 04:25 AM

GeekU Moderator

Retired Staff
69,964 posts

When you try to download the programmes what errors do you get, or how is it blocked ?

#9
Ardant

Posted 23 September 2012 - 08:08 AM

Member

Topic Starter
Member
229 posts

Got it. Had to change the browser. Just took some time for me to find it

Edited by Ardant, 23 September 2012 - 08:43 AM.

#10
Essexboy

Posted 23 September 2012 - 09:05 AM

GeekU Moderator

Retired Staff
69,964 posts

All well now ?

#11
Essexboy

Posted 25 September 2012 - 11:30 AM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.