Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

No program will update many programs auto download and install [Closed


  • This topic is locked This topic is locked

#1
314

314

    Member

  • Member
  • PipPip
  • 65 posts
I cant do any updates at all doesn't matter windows update or updating vlc etc.
all of a sudden randomly some programs auto download and then install without my permission
I am a advanced computer user with technical background

here's my OTL thank you for your time.



OTL logfile created on: 6/16/2013 12:57:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jason\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 40.06% Memory free
5.98 Gb Paging File | 3.93 Gb Available in Paging File | 65.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 183.01 Gb Free Space | 78.58% Space Free | Partition Type: NTFS

Computer Name: JASON7 | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/16 00:55:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
PRC - [2013/05/28 23:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/02/05 09:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2011/11/03 17:41:16 | 000,329,072 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
PRC - [2011/08/04 13:37:56 | 000,140,656 | ---- | M] (Sierra Wireless Inc.) -- C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe
PRC - [2010/10/28 15:26:44 | 001,196,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2010/10/28 15:21:56 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/06/10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2009/11/16 09:27:48 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/28 23:27:38 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll
MOD - [2013/05/28 23:27:35 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013/05/28 23:26:40 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libglesv2.dll
MOD - [2013/05/28 23:26:39 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libegl.dll
MOD - [2013/05/28 23:26:36 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2011/11/03 17:39:14 | 000,251,248 | ---- | M] () -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/04/03 13:34:46 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/04/03 13:32:06 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/03/01 09:08:02 | 000,388,680 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2013/02/28 09:46:18 | 001,017,016 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/05 09:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/01/30 15:26:50 | 000,833,616 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Users\Jason\AppData\Local\Temp\0092841371358778mcinst.exe -- (0092841371358778mcinstcleanup)
SRV - [2012/12/04 10:54:14 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/11/03 17:12:04 | 000,321,392 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/04/13 20:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/22 15:46:12 | 000,074,560 | ---- | M] (McAfee, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\McPvDrv.sys -- (McPvDrv)
DRV:64bit: - [2013/04/03 13:37:38 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/04/03 13:34:58 | 000,342,416 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/04/03 13:33:06 | 000,772,944 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/04/03 13:32:14 | 000,516,608 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/04/03 13:31:36 | 000,309,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/04/03 13:31:14 | 000,179,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/02/18 07:46:56 | 000,095,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2013/02/18 07:46:50 | 000,337,120 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/28 12:45:43 | 000,297,472 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV:64bit: - [2011/05/16 12:44:24 | 000,109,312 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swiwdmbx64.sys -- (swiwdmbx)
DRV:64bit: - [2011/05/13 14:54:12 | 000,258,432 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swg3kser00.sys -- (swg3kser00)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/05/25 08:14:34 | 000,031,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OXUDIDRV_x64.sys -- (OXUDIDRV)
DRV:64bit: - [2010/04/13 20:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/11/02 21:06:35 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009/11/02 21:06:35 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2009/09/28 09:55:42 | 000,051,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OXSDIDRV_x64.sys -- (OXSDIDRV_x64)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 15:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 14:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/20 04:31:40 | 000,514,048 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MRVW148.sys -- (MRVW148)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...opt=0&ocid=iehp
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC 71 89 87 3A B5 CD 01 [binary data]
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\..\SearchScopes\{3FD6CBF3-17CC-42D7-A801-053AAC56E9B4}: "URL" = http://websearch.ask...72-CC7EFAD759DB
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\..\SearchScopes\{83E77049-768A-4A6C-B311-35267C3402CC}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}:1.4.9
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledAddons: {3bbd3c14-4c16-4989-8366-95bc9179779d}:10.13.40.15
FF - prefs.js..extensions.enabledAddons: [email protected]:1.20.00
FF - prefs.js..extensions.enabledAddons: [email protected]:2.1.355.0
FF - prefs.js..extensions.enabledAddons: {607b689f-7600-45e4-b8e5-887f72dab15c}:1.0
FF - prefs.js..extensions.enabledAddons: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}:10.13.40.15
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/27 15:42:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2012/08/27 15:43:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/08/30 07:37:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/06/15 23:02:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/06/15 23:00:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/27 15:42:00 | 000,000,000 | ---D | M]

[2012/08/04 12:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2013/06/15 21:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions
[2012/11/12 12:27:11 | 000,000,000 | ---D | M] (Yolobar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}
[2012/11/05 16:21:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/10/28 16:30:43 | 000,012,929 | ---- | M] () (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2012/11/12 12:23:37 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/11/12 12:34:41 | 000,001,074 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\searchplugins\produtools-manuals-21-customized-web-search.xml
[2012/10/30 15:02:14 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mystarttb.xml

========== Chrome ==========

CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Jason\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: SiteAdvisor = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [WatcherHelper] C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14EB5EFB-4DD1-43D0-8850-D570A8A6FC3B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CB2B0D9-E961-4979-A1FC-214E794505CC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C37A7633-251E-41C7-8164-06395E2F26FF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4eada76b-de43-11e1-a8a8-00e0b8e479e1}\Shell - "" = AutoRun
O33 - MountPoints2\{4eada76b-de43-11e1-a8a8-00e0b8e479e1}\Shell\AutoRun\command - "" = G:\HPLauncher.exe
O33 - MountPoints2\{4eada7f4-de43-11e1-a8a8-00e0b8e479e1}\Shell - "" = AutoRun
O33 - MountPoints2\{4eada7f4-de43-11e1-a8a8-00e0b8e479e1}\Shell\AutoRun\command - "" = J:\HPLauncher.exe
O33 - MountPoints2\{85ba3f83-deb5-11e1-8775-00e0b8e479e1}\Shell - "" = AutoRun
O33 - MountPoints2\{85ba3f83-deb5-11e1-8775-00e0b8e479e1}\Shell\AutoRun\command - "" = F:\WIN\setup.exe -ap
O33 - MountPoints2\{fb802eb1-dd3b-11e1-b2b5-00e0b8e479e1}\Shell - "" = AutoRun
O33 - MountPoints2\{fb802eb1-dd3b-11e1-b2b5-00e0b8e479e1}\Shell\AutoRun\command - "" = H:\WIN\setup.exe -ap
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/16 00:55:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2013/06/15 23:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfeeMOBK
[2013/06/15 23:00:40 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Online Backup
[2013/06/15 23:00:38 | 000,066,040 | ---- | C] (Mozy, Inc.) -- C:\Windows\SysNative\drivers\MOBK.sys
[2013/06/15 23:00:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/06/15 23:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Online Backup
[2013/06/15 23:00:30 | 000,197,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2013/06/15 22:59:58 | 000,074,560 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\McPvDrv.sys
[2013/06/15 22:59:58 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\McAfee File Lock
[2013/06/15 22:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2013/06/15 22:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2013/06/15 22:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2013/06/15 22:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2013/06/15 22:41:57 | 000,182,752 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2013/06/15 22:41:57 | 000,182,312 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe.ad82.deleteme
[2013/06/15 22:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2013/06/15 22:35:29 | 005,102,984 | ---- | C] (McAfee, Inc.) -- C:\Users\Jason\Desktop\McAfeeSetup.exe
[2013/06/15 22:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2013/06/15 21:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2013/06/15 21:53:31 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Citrix
[2013/06/15 21:43:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\McAfee
[2013/06/15 21:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/06/15 21:15:22 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Jason\Desktop\ATF-Cleaner.exe
[2013/06/15 20:44:10 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\RK_Quarantine
[2013/06/12 17:23:07 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Pics to sort
[2013/06/09 12:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/06/09 12:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/06/06 05:26:31 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/06/05 23:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2013/06/01 16:01:25 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Animethon Guidebooks A4 - A19
[2013/06/01 15:59:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Animethon 20 August 9-11,2013
[2013/05/29 03:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2013/05/28 21:19:09 | 000,000,000 | ---D | C] -- C:\Stinger_Quarantine
[2013/05/28 21:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2013/05/28 18:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2013/05/28 18:27:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN

========== Files - Modified Within 30 Days ==========

[2013/06/16 00:55:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2013/06/16 00:28:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/15 23:35:42 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/15 23:35:42 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/15 23:30:40 | 002,692,328 | ---- | M] (CPUID) -- C:\Users\Jason\Desktop\cpuz_x64.exe
[2013/06/15 23:30:40 | 000,000,202 | ---- | M] () -- C:\Users\Jason\Desktop\cpuz.ini
[2013/06/15 23:16:15 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/15 23:16:15 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/15 23:16:15 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/15 23:10:23 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2013/06/15 22:50:43 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/15 22:45:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/15 22:45:44 | 2408,390,656 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/15 22:35:29 | 005,102,984 | ---- | M] (McAfee, Inc.) -- C:\Users\Jason\Desktop\McAfeeSetup.exe
[2013/06/15 22:27:14 | 000,002,926 | ---- | M] () -- C:\Users\Jason\Desktop\mbam_backup.reg
[2013/06/15 21:32:55 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/06/15 21:15:25 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Jason\Desktop\ATF-Cleaner.exe
[2013/06/15 20:43:42 | 000,000,512 | ---- | M] () -- C:\Users\Jason\Desktop\MBR.dat
[2013/06/06 05:18:33 | 000,218,184 | ---- | M] () -- C:\Users\Jason\winlogon.exe
[2013/06/06 05:18:32 | 000,218,184 | ---- | M] () -- C:\Users\Jason\svchost.exe
[2013/06/06 05:18:32 | 000,218,184 | ---- | M] () -- C:\Users\Jason\rundll32.exe
[2013/06/06 05:18:31 | 000,218,184 | ---- | M] () -- C:\Users\Jason\mbam-chameleon.scr
[2013/06/06 05:18:31 | 000,218,184 | ---- | M] () -- C:\Users\Jason\mbam-chameleon.pif
[2013/06/06 05:18:29 | 000,218,184 | ---- | M] () -- C:\Users\Jason\mbam-chameleon.exe
[2013/06/06 05:18:28 | 000,218,184 | ---- | M] () -- C:\Users\Jason\mbam-chameleon.com
[2013/06/06 05:18:27 | 000,218,184 | ---- | M] () -- C:\Users\Jason\iexplore.exe
[2013/06/06 05:18:26 | 000,218,184 | ---- | M] () -- C:\Users\Jason\firefox.scr
[2013/06/06 05:18:26 | 000,218,184 | ---- | M] () -- C:\Users\Jason\firefox.pif
[2013/06/06 05:18:25 | 000,218,184 | ---- | M] () -- C:\Users\Jason\firefox.exe
[2013/06/06 05:18:24 | 000,218,184 | ---- | M] () -- C:\Users\Jason\firefox.com
[2013/06/06 05:18:20 | 000,186,068 | ---- | M] () -- C:\Users\Jason\chameleon.chm
[2013/05/28 18:27:01 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk

========== Files Created - No Company Name ==========

[2013/06/15 23:01:19 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2013/06/15 23:00:23 | 000,002,641 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencrk.inf
[2013/06/15 23:00:10 | 000,002,951 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencbdc.inf
[2013/06/15 22:27:14 | 000,002,926 | ---- | C] () -- C:\Users\Jason\Desktop\mbam_backup.reg
[2013/06/15 21:32:55 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/06/15 20:43:42 | 000,000,512 | ---- | C] () -- C:\Users\Jason\Desktop\MBR.dat
[2013/05/28 18:27:01 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2012/11/11 21:23:32 | 000,000,089 | ---- | C] () -- C:\Windows\fnerr.dat
[2012/08/27 16:13:08 | 000,001,333 | ---- | C] () -- C:\Windows\hpomdl52.dat.temp
[2012/08/27 15:32:08 | 000,212,842 | ---- | C] () -- C:\Windows\hpoins52.dat
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\winlogon.exe
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\svchost.exe
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\rundll32.exe
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\mbam-chameleon.scr
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\mbam-chameleon.pif
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\mbam-chameleon.exe
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\mbam-chameleon.com
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\iexplore.exe
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\firefox.scr
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\firefox.pif
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\firefox.exe
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\firefox.com
[2012/08/05 17:50:54 | 000,000,049 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2012/08/05 11:08:16 | 000,000,260 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/08/05 11:08:16 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/08/05 11:07:37 | 000,005,897 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2012/08/05 11:05:47 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/08/05 11:05:47 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/08/05 11:05:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/08/05 11:05:35 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/08/03 01:06:32 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/03 11:32:48 | 000,186,068 | ---- | C] () -- C:\Users\Jason\chameleon.chm

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >




OTL Extras logfile created on: 6/16/2013 12:57:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jason\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 40.06% Memory free
5.98 Gb Paging File | 3.93 Gb Available in Paging File | 65.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 183.01 Gb Free Space | 78.58% Space Free | Partition Type: NTFS

Computer Name: JASON7 | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3985219517-3064427757-3219208395-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMuxX.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX
"C:\Program Files (x86)\Rogers\Rogers Connection Manager\SwiApiMuxX.exe" = C:\Program Files (x86)\Rogers\Rogers Connection Manager\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX
"C:\Program Files (x86)\Rogers\Rogers Connection Manager\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMuxX.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX
"C:\Program Files (x86)\Rogers\Rogers Connection Manager\SwiApiMuxX.exe" = C:\Program Files (x86)\Rogers\Rogers Connection Manager\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX
"C:\Program Files (x86)\Rogers\Rogers Connection Manager\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1146D9CC-E9E9-45F8-9AB7-8BDD96201AA6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B1561E2-C1C9-4C94-B699-3D368AEDD464}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31C6B61C-8BEA-49EE-8C78-9592AA02C0CA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{379A9090-DAAC-4532-9AB0-6AFA9871782D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3CABB2F4-2692-45E7-A7B6-8C3F2D76F425}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{44963E11-E975-404D-87BB-D71C2F0E6DBF}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{44FB7252-794B-4AA1-ABBF-2B6F7B83EABD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{58782F18-AE97-43BE-A368-34E809465EC6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6382F184-6E96-46D9-B536-B0CC9AE36B86}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85770A13-9830-4AB9-9DF0-2A57B781701A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{880C80B4-BD85-484B-84E4-9275BF62C2BA}" = lport=445 | protocol=6 | dir=in | app=system |
"{ABE6D49D-E475-40EA-A796-15C9338B8E8C}" = rport=139 | protocol=6 | dir=out | app=system |
"{B2A0821E-6604-404B-A8DE-4CC3DBA923F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B39AFCD2-159F-450B-9A72-9D1EDE4D207A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B55DB846-9805-4AAB-8850-6605CF8F4E92}" = rport=137 | protocol=17 | dir=out | app=system |
"{B5FDADB7-C043-449B-B8CC-0DEDE90B08A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BBAED527-18A5-4991-8719-75CBEF11E4C6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BCF04283-B956-48C7-98D5-B795753AC803}" = rport=138 | protocol=17 | dir=out | app=system |
"{BDA855FF-FC96-4432-B518-F762B07B4A0F}" = lport=137 | protocol=17 | dir=in | app=system |
"{BF0B38F1-0DD8-495A-B506-47118EB78B9F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C5B38867-1DC0-4265-95D2-346A41F30474}" = rport=445 | protocol=6 | dir=out | app=system |
"{DA1F5A88-99D7-4722-A508-42727E479B36}" = lport=139 | protocol=6 | dir=in | app=system |
"{DEA26161-CDB2-4A3E-BEDE-9D3C7100CE63}" = lport=138 | protocol=17 | dir=in | app=system |
"{E9B06AC8-E40F-44C1-B89B-726981A3B9AF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CC14AB-B699-428B-B1EE-B0EEBA96D56B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{019D6402-3FDF-417C-BF07-8D125CC594E9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{0C686ABA-75D8-428D-866A-11796C8BB6BD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{0DA4F938-D0A6-42EB-B15B-17AB1801F8E1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{0FA4D0DE-68BE-4121-95A6-9B8FB03C5BF4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{109EA343-3E65-468F-9ACC-B42E31D68C9D}" = dir=in | app=d:\setup\hpznui40.exe |
"{19EA71F8-1675-4130-A5C7-8A7929DC2050}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{1F339FDA-2650-45B7-8356-5C2210838B51}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{1F8F41E2-951C-4795-9B6B-29A8820F7017}" = protocol=58 | dir=in | [email protected],-28545 |
"{20986032-EE8D-409C-A99E-83BEF49E93ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2BA74DB8-A40D-4FCE-B276-456AAD714C69}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{381D82FE-47A0-41F0-A9A4-C60597B11A98}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{47A273DC-8153-4601-97C0-DE7DB67FB3FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4DC4D099-B679-4166-B5AB-44B61E091AA3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5146B387-8949-4886-A1C7-00611B2D74C0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{514DBC4E-A552-4069-9973-88892AE03B9F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{581B8A56-6496-4C83-9F68-25BEB22DCD82}" = protocol=6 | dir=out | app=system |
"{5DCD3C3A-3077-4AFB-8FE6-90086C933D65}" = protocol=1 | dir=out | [email protected],-28544 |
"{5F9829D3-5281-4947-92DB-C0A3D8F5A8B0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5FE8E216-47EE-4092-96CE-6740CBD4D3B0}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{663FD789-8E21-4E1C-B9CD-A88EB66ADC69}" = protocol=1 | dir=in | [email protected],-28543 |
"{67362F10-8E09-4916-8626-B024638FCD2F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{6A1BACE6-411A-4FD8-8F28-376399FE2B09}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{76395CE9-6ED5-49B5-A113-21B53AE4235B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{766FBD86-1FF4-4731-8F8A-D84746653FF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D26916E-FB19-46F0-837C-884789DDEFD4}" = protocol=58 | dir=out | [email protected],-28546 |
"{936F4A9C-780C-4794-BE53-F320D675F30F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98250FC9-F07C-4CEE-BA51-77604CEF15F4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{98F38F07-F523-47CF-B50D-EB50932AE944}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AA71B64F-41BE-4C25-B2C7-E71C979100BB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF5D7CBD-1E33-4F37-966B-F88DEE53658D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C6A3AFEC-389D-4053-AF3D-82133ECA60A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C73B5C22-FFFB-44C0-A33D-75E0438A24E7}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{C850BC37-DF1E-4594-AA59-0D25C15EE298}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{CA478B3B-4AFE-472A-A24A-1B5133F972B5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{CCA358A1-3B44-4F4B-B7FA-639D400277CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CE79617E-35CA-4BA3-B423-9CC626D069D0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{D847BAA9-50F8-46BB-B9A8-CB71BEBA11AD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{DC6308D6-3A4B-45C1-9F9B-F5F8B31062FA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E5230A2C-4269-49DF-A454-0B3D49CE9CA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6CF329D-CB5F-4265-AF48-E8A57B4923B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EF64999F-61C2-4628-AD9C-91625C4DDBF8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{F36D983D-8FC7-4F17-8B82-D783C6393F83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{578831A8-CB47-471F-A552-907EC3E9E040}" = Iomega Encryption
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}" = HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{04FCD5DE-1662-4F99-BDA9-C57212113EF2}" = RemoteComms External Disk Access
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}" = Brother MFL-Pro Suite MFC-J6910DW
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1DDDFDF2-4A92-4E77-959F-59D196B99C0C}" = C410
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2E3EBFFD-951C-48D1-8BB3-DA4E26080222}" = HP System maintenance for HP Designjet 111 series
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7EB211F2-7D8B-4A01-887B-276A227431CA}" = HP Web Registration
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C295E308-5238-4157-962C-FDBF090ECC7E}" = Rogers Connection Manager
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{F217D8AF-965B-4D3E-8F14-AC47B9CA535B}" = PS_AIO_07_C410_SW_Min
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"FileASSASSIN" = FileASSASSIN
"Font Management System4.3.0.0" = Font Management System
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Designjet 111 Printer Series" = HP Designjet 111 Printer Series
"HP Photo Creations" = HP Photo Creations
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfee Virtual Technician" = McAfee Virtual Technician
"MSC" = McAfee Total Protection
"PremElem90" = Adobe Premiere Elements 9
"VLC media player" = VLC media player 2.0.6

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/13/2013 10:34:45 AM | Computer Name = Jason7 | Source = WinMgmt | ID = 10
Description =

Error - 6/13/2013 7:10:16 PM | Computer Name = Jason7 | Source = WinMgmt | ID = 10
Description =

Error - 6/15/2013 10:19:43 PM | Computer Name = Jason7 | Source = WinMgmt | ID = 10
Description =

Error - 6/15/2013 10:53:41 PM | Computer Name = Jason7 | Source = WinMgmt | ID = 10
Description =

Error - 6/15/2013 11:07:16 PM | Computer Name = Jason7 | Source = WinMgmt | ID = 10
Description =

Error - 6/15/2013 11:14:07 PM | Computer Name = Jason7 | Source = WinMgmt | ID = 10
Description =

Error - 6/15/2013 11:48:46 PM | Computer Name = Jason7 | Source = WinMgmt | ID = 10
Description =

Error - 6/16/2013 12:38:08 AM | Computer Name = Jason7 | Source = WinMgmt | ID = 10
Description =

Error - 6/16/2013 12:47:33 AM | Computer Name = Jason7 | Source = WinMgmt | ID = 10
Description =

Error - 6/16/2013 1:01:01 AM | Computer Name = Jason7 | Source = VSS | ID = 8194
Description =

[ Media Center Events ]
Error - 6/1/2013 12:40:44 PM | Computer Name = Jason7 | Source = MCUpdate | ID = 0
Description = 10:40:44 AM - Error connecting to the internet. 10:40:44 AM - Unable
to contact server..

Error - 6/1/2013 12:40:56 PM | Computer Name = Jason7 | Source = MCUpdate | ID = 0
Description = 10:40:50 AM - Error connecting to the internet. 10:40:50 AM - Unable
to contact server..

Error - 6/1/2013 1:41:02 PM | Computer Name = Jason7 | Source = MCUpdate | ID = 0
Description = 11:41:02 AM - Error connecting to the internet. 11:41:02 AM - Unable
to contact server..

Error - 6/1/2013 1:41:12 PM | Computer Name = Jason7 | Source = MCUpdate | ID = 0
Description = 11:41:07 AM - Error connecting to the internet. 11:41:07 AM - Unable
to contact server..

Error - 6/1/2013 5:48:29 PM | Computer Name = Jason7 | Source = MCUpdate | ID = 0
Description = 3:48:29 PM - Error connecting to the internet. 3:48:29 PM - Unable
to contact server..

Error - 6/1/2013 5:48:43 PM | Computer Name = Jason7 | Source = MCUpdate | ID = 0
Description = 3:48:35 PM - Error connecting to the internet. 3:48:35 PM - Unable
to contact server..

Error - 6/2/2013 4:15:43 PM | Computer Name = Jason7 | Source = MCUpdate | ID = 0
Description = 2:15:34 PM - Error connecting to the internet. 2:15:34 PM - Unable
to contact server..

Error - 6/2/2013 5:16:18 PM | Computer Name = Jason7 | Source = MCUpdate | ID = 0
Description = 3:16:10 PM - Error connecting to the internet. 3:16:10 PM - Unable
to contact server..

Error - 6/2/2013 6:16:31 PM | Computer Name = Jason7 | Source = MCUpdate | ID = 0
Description = 4:16:27 PM - Error connecting to the internet. 4:16:27 PM - Unable
to contact server..

Error - 6/2/2013 7:16:37 PM | Computer Name = Jason7 | Source = MCUpdate | ID = 0
Description = 5:16:35 PM - Error connecting to the internet. 5:16:35 PM - Unable
to contact server..

[ System Events ]
Error - 5/11/2013 11:18:28 AM | Computer Name = Jason7 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the McODS service.

Error - 5/11/2013 11:45:10 AM | Computer Name = Jason7 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:41:30 AM on ?5/?11/?2013 was unexpected.

Error - 5/13/2013 1:10:13 AM | Computer Name = Jason7 | Source = SWNC8UA3 | ID = 5009
Description =

Error - 5/15/2013 12:21:37 AM | Computer Name = Jason7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 5/17/2013 8:48:37 AM | Computer Name = Jason7 | Source = MRVW148 | ID = 515
Description =

Error - 5/17/2013 8:49:05 AM | Computer Name = Jason7 | Source = MRVW148 | ID = 515
Description =

Error - 5/18/2013 12:08:18 PM | Computer Name = Jason7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 5/18/2013 12:08:18 PM | Computer Name = Jason7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 5/18/2013 12:08:19 PM | Computer Name = Jason7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 5/18/2013 12:08:19 PM | Computer Name = Jason7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.


< End of report >
  • 0

Advertisements


#2
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello 314 and :welcome:

I am nathdep and I will be helping you with your malware problems.

Note: Just to let you know, I am still in the process of training to become a malware expert. I want you to know that I have a teacher who will be reviewing all the fixes that I post here. Thank you for being part of my learning process! :)


First, here are some general steps to follow during the clean up procedure:


  • Please print these instructions as well as future instructions as you may have to boot in safe mode and will not be able to access this site via the internet. Another solution is saving these instructions by copying and pasting them into notebook and saving the file in a convenient location.
  • Please be patient as the malware removal process could be lengthy, complex, and at times frustrating. Your cooperation throughout the entire process will benefit you as it will expedite your removal time. Please keep this issue in this post and do not post this same issue on a different site. Doing so can be compared to a patient seeing two different doctors. If the two different doctors are not aware of what medication the other doctor is prescribing, the patient could be risking his life. This is synonymous to a computer's health.
  • Please read (and re-read) the instructions entirely as not following the instructions carefully can produce damaging results.
  • Please tell me how your computer is running in the beginning of each post. Tell me both recurring and new
    issues
    as this added information can shed even more light to the problems you are experiencing.

I have to approve my first fix with my teacher. I will be back as soon as possible!
  • 0

#3
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello again! :)

First, please disable your security software (such as McAfee) as it can interfere with the malware removal process.

Second, download ADWcleaner by clicking here. Download it to your Desktop.

  • Open ADWcleaner and click the Delete button.
    Posted Image
  • When prompted to reboot, please allow it to do so.
  • A resulting log will open after reboot. Please post it here in your next response.
Third, I also noticed that RogueKiller was previously run on this machine. Could you post the most up to date log from RogueKiller?

Fourth, Please follow these instructions:
  • Open OTL
  • Click the box next to Scan All Users
  • Copy and paste the following into the Custom Scans/Fixes box:
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
    
  • Click Quick Scan
  • A resulting log will appear after the scan is finished. Please post this into your next reply

In your next post, please include the following:
  • The ADWcleaner log
  • The RogueKiller log
  • The OTL log
  • A report on if any of your problems resolved or if any new problems have been created.

  • 0

#4
314

314

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
ok before I try what you suggested let me give you the logs of what i have done,

aswMBR


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-15 20:37:23
-----------------------------
20:37:23.542 OS Version: Windows x64 6.1.7601 Service Pack 1
20:37:23.542 Number of processors: 2 586 0xF0D
20:37:23.542 ComputerName: JASON7 UserName: Jason
20:37:28.331 Initialize success
20:37:33.070 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
20:37:33.086 Disk 0 Vendor: WDC_WD2500BEVS-22UST0 01.01A01 Size: 238475MB BusType: 11
20:37:33.694 Disk 0 MBR read successfully
20:37:33.710 Disk 0 MBR scan
20:37:33.710 Disk 0 Windows 7 default MBR code
20:37:33.756 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238473 MB offset 2048
20:37:33.866 Disk 0 scanning C:\Windows\system32\drivers
20:37:58.342 Service scanning
20:38:26.734 Service TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe **HIDDEN**
20:38:33.239 Modules scanning
20:38:33.239 Disk 0 trace - called modules:
20:38:33.271 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:38:33.286 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003429060]
20:38:33.286 3 CLASSPNP.SYS[fffff8800188443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa8002e8e1f0]
20:38:33.302 Scan finished successfully
20:43:42.167 Disk 0 MBR has been saved successfully to "C:\Users\Jason\Desktop\MBR.dat"
20:43:42.167 The log file has been saved successfully to "C:\Users\Jason\Desktop\aswMBR.txt"

~~~~~~~~~~~~~RogueKiller~~~~~~~~~~~~~~



RogueKiller V8.6.0 _x64_ [Jun 15 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7
Started in : Normal mode
User : Jason [Admin rights]
Mode : Scan -- Date : 06/15/2013 20:47:25
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] agent.exe -- C:\ProgramData\FLEXnet\Connect\11\agent.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[DNS] HKLM\[...]\CCSet[...]\{2D2A27F3-9E1E-484B-9DAD-E68A102500C8} : NameServer (64.71.255.205 64.71.255.253) -> FOUND
[DNS] HKLM\[...]\CS001[...]\{2D2A27F3-9E1E-484B-9DAD-E68A102500C8} : NameServer (64.71.255.205 64.71.255.253) -> FOUND
[DNS] HKLM\[...]\CS002[...]\{2D2A27F3-9E1E-484B-9DAD-E68A102500C8} : NameServer (64.71.255.205 64.71.255.253) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][ROGUE ST] 4688 : wscript.exe - C:\Users\Jason\AppData\Local\Temp\launchie.vbs //B -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVS-22UST0 ATA Device +++++
--- User ---
[MBR] 2ab19664c5e2e3364adf4455349337a2
[BSP] e535c47c2364a6e385fde88581b8cdf3 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD2500BEVS-22UST0 ATA Device +++++
--- User ---
[MBR] 6f7ff21c376c712613579e183138a6fb
[BSP] 5108853ba8f13b56a17b17e3fd604427 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 7639 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_06152013_204725.txt >>


RogueKiller V8.6.0 _x64_ [Jun 15 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7
Started in : Normal mode
User : Jason [Admin rights]
Mode : Remove -- Date : 06/15/2013 20:49:42
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] agent.exe -- C:\ProgramData\FLEXnet\Connect\11\agent.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[DNS] HKLM\[...]\CCSet[...]\{2D2A27F3-9E1E-484B-9DAD-E68A102500C8} : NameServer (64.71.255.205 64.71.255.253) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CS001[...]\{2D2A27F3-9E1E-484B-9DAD-E68A102500C8} : NameServer (64.71.255.205 64.71.255.253) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CS002[...]\{2D2A27F3-9E1E-484B-9DAD-E68A102500C8} : NameServer (64.71.255.205 64.71.255.253) -> NOT REMOVED, USE DNSFIX
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][ROGUE ST] 4688 : wscript.exe - C:\Users\Jason\AppData\Local\Temp\launchie.vbs //B -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVS-22UST0 ATA Device +++++
--- User ---
[MBR] 2ab19664c5e2e3364adf4455349337a2
[BSP] e535c47c2364a6e385fde88581b8cdf3 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD2500BEVS-22UST0 ATA Device +++++
--- User ---
[MBR] 6f7ff21c376c712613579e183138a6fb
[BSP] 5108853ba8f13b56a17b17e3fd604427 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 7639 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_D_06152013_204942.txt >>
RKreport[0]_S_06152013_204725.txt



RogueKiller V8.6.0 _x64_ [Jun 15 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7
Started in : Normal mode
User : Jason [Admin rights]
Mode : Scan -- Date : 06/15/2013 20:57:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[DNS] HKLM\[...]\CCSet[...]\{2D2A27F3-9E1E-484B-9DAD-E68A102500C8} : NameServer (64.71.255.205 64.71.255.253) -> FOUND
[DNS] HKLM\[...]\CS001[...]\{2D2A27F3-9E1E-484B-9DAD-E68A102500C8} : NameServer (64.71.255.205 64.71.255.253) -> FOUND
[DNS] HKLM\[...]\CS002[...]\{2D2A27F3-9E1E-484B-9DAD-E68A102500C8} : NameServer (64.71.255.205 64.71.255.253) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVS-22UST0 ATA Device +++++
--- User ---
[MBR] 2ab19664c5e2e3364adf4455349337a2
[BSP] e535c47c2364a6e385fde88581b8cdf3 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD2500BEVS-22UST0 ATA Device +++++
--- User ---
[MBR] 6f7ff21c376c712613579e183138a6fb
[BSP] 5108853ba8f13b56a17b17e3fd604427 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 7639 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_S_06152013_205720.txt >>
RKreport[0]_S_06152013_204725.txt;RKreport[1]_D_06152013_204942.txt



RogueKiller V8.6.0 _x64_ [Jun 15 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7
Started in : Normal mode
User : Jason [Admin rights]
Mode : DNSFix -- Date : 06/15/2013 20:58:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[DNS] HKLM\[...]\CCSet[...]\{2D2A27F3-9E1E-484B-9DAD-E68A102500C8} : NameServer (64.71.255.205 64.71.255.253) -> REPLACED ()
[DNS] HKLM\[...]\CS001[...]\{2D2A27F3-9E1E-484B-9DAD-E68A102500C8} : NameServer (64.71.255.205 64.71.255.253) -> REPLACED ()
[DNS] HKLM\[...]\CS002[...]\{2D2A27F3-9E1E-484B-9DAD-E68A102500C8} : NameServer (64.71.255.205 64.71.255.253) -> REPLACED ()

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3]_DN_06152013_205820.txt >>
RKreport[0]_S_06152013_204725.txt;RKreport[1]_D_06152013_204942.txt;RKreport[2]_S_06152013_205720.txt



~~~~~~~~~~~~adwCleaner~~~~~~~~~~~~


# AdwCleaner v2.303 - Logfile created 06/15/2013 at 20:58:57
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Jason - JASON7
# Boot Mode : Normal
# Running from : C:\Users\Jason\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\searchplugins\Askcom.xml
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\yolobartb
Folder Found : C:\Users\Jason\AppData\Roaming\DriverCure
Folder Found : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\CT3201318
Folder Found : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\CT3209604
Folder Found : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}
Folder Found : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}
Folder Found : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\Smartbar
Folder Found : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\yolobartb
Folder Found : C:\Users\Jason\AppData\Roaming\ParetoLogic

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\prefs.js

Found : user_pref("CT3201318.1000082.isPlayDisplay", "true");
Found : user_pref("CT3201318.1000082.muteState", "off");
Found : user_pref("CT3201318.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3201318.1000234.TWC_TMP_city", "VANCOUVER");
Found : user_pref("CT3201318.1000234.TWC_TMP_country", "CA");
Found : user_pref("CT3201318.1000234.TWC_locId", "CAXX0126");
Found : user_pref("CT3201318.1000234.TWC_location", "Edmonton, Canada");
Found : user_pref("CT3201318.1000234.TWC_region", "OT");
Found : user_pref("CT3201318.1000234.TWC_temp_dis", "c");
Found : user_pref("CT3201318.1000234.TWC_wind_dis", "kmh");
Found : user_pref("CT3201318.1000234.weatherData", "{\"icon\":\"31.png\",\"temperature\":\"12°C\",\"temperat[...]
Found : user_pref("CT3201318.129774027300123987.APP_WIN_FEATURES", "openposition=offset:50;50,savelocation=0[...]
Found : user_pref("CT3201318.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3201318.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3201318.FirstTime", "true");
Found : user_pref("CT3201318.FirstTimeFF3", "true");
Found : user_pref("CT3201318.LoginRevertSettingsEnabled", false);
Found : user_pref("CT3201318.RevertSettingsEnabled", true);
Found : user_pref("CT3201318.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSBC[...]
Found : user_pref("CT3201318.UserID", "UN63486652559504430");
Found : user_pref("CT3201318.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3201318.browser.search.defaultthis.engineName", true);
Found : user_pref("CT3201318.cb_experience_000", "4");
Found : user_pref("CT3201318.cb_firstuse0100", "1");
Found : user_pref("CT3201318.cbcountry_001", "CA");
Found : user_pref("CT3201318.cbfirsttime", "Sun Aug 26 2012 20:37:07 GMT-0600 (Mountain Daylight Time)");
Found : user_pref("CT3201318.embeddedsData", "[{\"appId\":\"129774027300123987\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3201318.enableAlerts", "always");
Found : user_pref("CT3201318.event_data", "%5B%5D");
Found : user_pref("CT3201318.fired_events", "");
Found : user_pref("CT3201318.firstTimeDialogOpened", "true");
Found : user_pref("CT3201318.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3201318.fixUrls", true);
Found : user_pref("CT3201318.isCheckedStartAsHidden", true);
Found : user_pref("CT3201318.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3201318.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3201318.isNewTabEnabled", true);
Found : user_pref("CT3201318.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3201318.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3201318.key_date", "19");
Found : user_pref("CT3201318.keyword", true);
Found : user_pref("CT3201318.migrateAppsAndComponents", true);
Found : user_pref("CT3201318.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Found : user_pref("CT3201318.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3201318.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"][...]
Found : user_pref("CT3201318.search.searchAppId", "129768733323172459");
Found : user_pref("CT3201318.search.searchCount", "2");
Found : user_pref("CT3201318.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3201318.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3201318.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3201318.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3201318.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3201318.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1353343401650");
Found : user_pref("CT3201318.serviceLayer_services_appsMetadata_lastUpdate", "1353474216204");
Found : user_pref("CT3201318.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353343401331");
Found : user_pref("CT3201318.serviceLayer_services_login_10.10.22.13_lastUpdate", "1346326326233");
Found : user_pref("CT3201318.serviceLayer_services_login_10.10.27.6_lastUpdate", "1352742200294");
Found : user_pref("CT3201318.serviceLayer_services_login_10.13.40.15_lastUpdate", "1353474216593");
Found : user_pref("CT3201318.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13533[...]
Found : user_pref("CT3201318.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13533[...]
Found : user_pref("CT3201318.serviceLayer_services_optimizer_lastUpdate", "1346415485934");
Found : user_pref("CT3201318.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353343401657");
Found : user_pref("CT3201318.serviceLayer_services_searchAPI_lastUpdate", "1353474216795");
Found : user_pref("CT3201318.serviceLayer_services_serviceMap_lastUpdate", "1353474215859");
Found : user_pref("CT3201318.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353343401264");
Found : user_pref("CT3201318.serviceLayer_services_toolbarSettings_lastUpdate", "1353474216771");
Found : user_pref("CT3201318.serviceLayer_services_translation_lastUpdate", "1353474216974");
Found : user_pref("CT3201318.settingsINI", true);
Found : user_pref("CT3201318.smartbar.CTID", "CT3201318");
Found : user_pref("CT3201318.smartbar.Uninstall", "0");
Found : user_pref("CT3201318.smartbar.homepage", true);
Found : user_pref("CT3201318.smartbar.toolbarName", "FLV Runner ");
Found : user_pref("CT3201318.toolbarBornServerTime", "27-8-2012");
Found : user_pref("CT3201318.toolbarCurrentServerTime", "21-11-2012");
Found : user_pref("CT3201318.upgradeFromClearSBVersion", true);
Found : user_pref("CT3201318.url_history0001", "hxxp://images.search.yahoo.com/images/view;_ylt=A2KJkeyh9URQ[...]
Found : user_pref("CT3201318_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("CT3209604.1000082.isDisplayHidden", "true");
Found : user_pref("CT3209604.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3209604.CBOpenMAMSettings.enc", "MA==");
Found : user_pref("CT3209604.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3209604.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3209604.FirstTime", "true");
Found : user_pref("CT3209604.FirstTimeFF3", "true");
Found : user_pref("CT3209604.LoginRevertSettingsEnabled", false);
Found : user_pref("CT3209604.RevertSettingsEnabled", true);
Found : user_pref("CT3209604.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT320[...]
Found : user_pref("CT3209604.UserID", "UN70176744417122151");
Found : user_pref("CT3209604.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3209604.browser.search.defaultthis.engineName", true);
Found : user_pref("CT3209604.cb_experience_000.enc", "Mg==");
Found : user_pref("CT3209604.cb_firstuse0100.enc", "MQ==");
Found : user_pref("CT3209604.cbcountry_001.enc", "Q0E=");
Found : user_pref("CT3209604.cbfirsttime.enc", "TW9uIE5vdiAxMiAyMDEyIDEwOjUwOjE5IEdNVC0wNzAwIChNb3VudGFpbiBT[...]
Found : user_pref("CT3209604.embeddedsData", "[{\"appId\":\"129785153989088931\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3209604.enableAlerts", "always");
Found : user_pref("CT3209604.firstTimeDialogOpened", "true");
Found : user_pref("CT3209604.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3209604.fixUrls", true);
Found : user_pref("CT3209604.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc",[...]
Found : user_pref("CT3209604.installType", "Unknown");
Found : user_pref("CT3209604.isCheckedStartAsHidden", true);
Found : user_pref("CT3209604.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3209604.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3209604.isNewTabEnabled", true);
Found : user_pref("CT3209604.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3209604.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3209604.keyword", true);
Found : user_pref("CT3209604.migrateAppsAndComponents", true);
Found : user_pref("CT3209604.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fdownload.cnet.co[...]
Found : user_pref("CT3209604.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3209604.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"][...]
Found : user_pref("CT3209604.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Found : user_pref("CT3209604.price-gong.isManagedApp", "true");
Found : user_pref("CT3209604.search.searchAppId", "129785153989088931");
Found : user_pref("CT3209604.search.searchCount", "0");
Found : user_pref("CT3209604.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3209604.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3209604.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3209604.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3209604.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3209604.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3209604.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3209604.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3209604.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1352742608730");
Found : user_pref("CT3209604.serviceLayer_services_appTracking_lastUpdate", "1352744886123");
Found : user_pref("CT3209604.serviceLayer_services_appsMetadata_lastUpdate", "1353474218687");
Found : user_pref("CT3209604.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1352742615669");
Found : user_pref("CT3209604.serviceLayer_services_login_10.13.40.15_lastUpdate", "1353474218847");
Found : user_pref("CT3209604.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13533[...]
Found : user_pref("CT3209604.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1352742615733");
Found : user_pref("CT3209604.serviceLayer_services_searchAPI_lastUpdate", "1353474218963");
Found : user_pref("CT3209604.serviceLayer_services_serviceMap_lastUpdate", "1353474218529");
Found : user_pref("CT3209604.serviceLayer_services_toolbarContextMenu_lastUpdate", "1352742615618");
Found : user_pref("CT3209604.serviceLayer_services_toolbarSettings_lastUpdate", "1353474218749");
Found : user_pref("CT3209604.serviceLayer_services_translation_lastUpdate", "1353474218717");
Found : user_pref("CT3209604.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate",[...]
Found : user_pref("CT3209604.serviceLayer_services_userApps_lastUpdate", "1353358627197");
Found : user_pref("CT3209604.settingsINI", true);
Found : user_pref("CT3209604.smartbar.CTID", "CT3209604");
Found : user_pref("CT3209604.smartbar.Uninstall", "0");
Found : user_pref("CT3209604.smartbar.homepage", true);
Found : user_pref("CT3209604.smartbar.toolbarName", "Produtools Manuals 2.1 ");
Found : user_pref("CT3209604.toolbarBornServerTime", "12-11-2012");
Found : user_pref("CT3209604.toolbarCurrentServerTime", "21-11-2012");
Found : user_pref("CT3209604.url_history0001.enc", "aHR0cDovL2NhLnNlYXJjaC55YWhvby5jb20vci9feWx0PUEwb0dkTnRq[...]
Found : user_pref("CT3209604_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=1[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3209604");
Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=13&CUI[...]
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=13[...]
Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?SSPV=FFSBCUID&ctid=CT3201318&Sear[...]
Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT320[...]
Found : user_pref("smartbar.originalSearchEngine", false);
Found : user_pref("browser.search.selectedEngine", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www2.mystart.com/results.php?pr=vmn&id[...]

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.38] : icon_url = "hxxp://www.ask.com/favicon.ico",
Found [l.41] : keyword = "ask.com",
Found [l.45] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=75CEE43B-DB63-407C-8F62-68D841E85FB2&apn_ptnrs=U3&apn_sauid=51F10334-D92B-4BEE-8E72-CC7EFAD759DB&apn_dtid=OSJ000YYCA&q={searchTerms}",
Found [l.46] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}"
Found [l.2277] : homepage = "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=13&CUI=SB_CUI",

*************************

AdwCleaner[R1].txt - [17383 octets] - [15/06/2013 20:58:57]

########## EOF - C:\AdwCleaner[R1].txt - [17444 octets] ##########



# AdwCleaner v2.303 - Logfile created 06/15/2013 at 21:01:05
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Jason - JASON7
# Boot Mode : Normal
# Running from : C:\Users\Jason\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\searchplugins\Askcom.xml
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\yolobartb
Folder Found : C:\Users\Jason\AppData\Roaming\DriverCure
Folder Found : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\CT3201318
Folder Found : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\CT3209604
Folder Found : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}
Folder Found : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}
Folder Found : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\Smartbar
Folder Found : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\yolobartb
Folder Found : C:\Users\Jason\AppData\Roaming\ParetoLogic

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\prefs.js

Found : user_pref("CT3201318.1000082.isPlayDisplay", "true");
Found : user_pref("CT3201318.1000082.muteState", "off");
Found : user_pref("CT3201318.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3201318.1000234.TWC_TMP_city", "VANCOUVER");
Found : user_pref("CT3201318.1000234.TWC_TMP_country", "CA");
Found : user_pref("CT3201318.1000234.TWC_locId", "CAXX0126");
Found : user_pref("CT3201318.1000234.TWC_location", "Edmonton, Canada");
Found : user_pref("CT3201318.1000234.TWC_region", "OT");
Found : user_pref("CT3201318.1000234.TWC_temp_dis", "c");
Found : user_pref("CT3201318.1000234.TWC_wind_dis", "kmh");
Found : user_pref("CT3201318.1000234.weatherData", "{\"icon\":\"31.png\",\"temperature\":\"12°C\",\"temperat[...]
Found : user_pref("CT3201318.129774027300123987.APP_WIN_FEATURES", "openposition=offset:50;50,savelocation=0[...]
Found : user_pref("CT3201318.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3201318.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3201318.FirstTime", "true");
Found : user_pref("CT3201318.FirstTimeFF3", "true");
Found : user_pref("CT3201318.LoginRevertSettingsEnabled", false);
Found : user_pref("CT3201318.RevertSettingsEnabled", true);
Found : user_pref("CT3201318.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSBC[...]
Found : user_pref("CT3201318.UserID", "UN63486652559504430");
Found : user_pref("CT3201318.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3201318.browser.search.defaultthis.engineName", true);
Found : user_pref("CT3201318.cb_experience_000", "4");
Found : user_pref("CT3201318.cb_firstuse0100", "1");
Found : user_pref("CT3201318.cbcountry_001", "CA");
Found : user_pref("CT3201318.cbfirsttime", "Sun Aug 26 2012 20:37:07 GMT-0600 (Mountain Daylight Time)");
Found : user_pref("CT3201318.embeddedsData", "[{\"appId\":\"129774027300123987\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3201318.enableAlerts", "always");
Found : user_pref("CT3201318.event_data", "%5B%5D");
Found : user_pref("CT3201318.fired_events", "");
Found : user_pref("CT3201318.firstTimeDialogOpened", "true");
Found : user_pref("CT3201318.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3201318.fixUrls", true);
Found : user_pref("CT3201318.isCheckedStartAsHidden", true);
Found : user_pref("CT3201318.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3201318.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3201318.isNewTabEnabled", true);
Found : user_pref("CT3201318.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3201318.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3201318.key_date", "19");
Found : user_pref("CT3201318.keyword", true);
Found : user_pref("CT3201318.migrateAppsAndComponents", true);
Found : user_pref("CT3201318.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Found : user_pref("CT3201318.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3201318.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"][...]
Found : user_pref("CT3201318.search.searchAppId", "129768733323172459");
Found : user_pref("CT3201318.search.searchCount", "2");
Found : user_pref("CT3201318.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3201318.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3201318.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3201318.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3201318.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3201318.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1353343401650");
Found : user_pref("CT3201318.serviceLayer_services_appsMetadata_lastUpdate", "1353474216204");
Found : user_pref("CT3201318.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353343401331");
Found : user_pref("CT3201318.serviceLayer_services_login_10.10.22.13_lastUpdate", "1346326326233");
Found : user_pref("CT3201318.serviceLayer_services_login_10.10.27.6_lastUpdate", "1352742200294");
Found : user_pref("CT3201318.serviceLayer_services_login_10.13.40.15_lastUpdate", "1353474216593");
Found : user_pref("CT3201318.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13533[...]
Found : user_pref("CT3201318.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13533[...]
Found : user_pref("CT3201318.serviceLayer_services_optimizer_lastUpdate", "1346415485934");
Found : user_pref("CT3201318.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353343401657");
Found : user_pref("CT3201318.serviceLayer_services_searchAPI_lastUpdate", "1353474216795");
Found : user_pref("CT3201318.serviceLayer_services_serviceMap_lastUpdate", "1353474215859");
Found : user_pref("CT3201318.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353343401264");
Found : user_pref("CT3201318.serviceLayer_services_toolbarSettings_lastUpdate", "1353474216771");
Found : user_pref("CT3201318.serviceLayer_services_translation_lastUpdate", "1353474216974");
Found : user_pref("CT3201318.settingsINI", true);
Found : user_pref("CT3201318.smartbar.CTID", "CT3201318");
Found : user_pref("CT3201318.smartbar.Uninstall", "0");
Found : user_pref("CT3201318.smartbar.homepage", true);
Found : user_pref("CT3201318.smartbar.toolbarName", "FLV Runner ");
Found : user_pref("CT3201318.toolbarBornServerTime", "27-8-2012");
Found : user_pref("CT3201318.toolbarCurrentServerTime", "21-11-2012");
Found : user_pref("CT3201318.upgradeFromClearSBVersion", true);
Found : user_pref("CT3201318.url_history0001", "hxxp://images.search.yahoo.com/images/view;_ylt=A2KJkeyh9URQ[...]
Found : user_pref("CT3201318_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("CT3209604.1000082.isDisplayHidden", "true");
Found : user_pref("CT3209604.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3209604.CBOpenMAMSettings.enc", "MA==");
Found : user_pref("CT3209604.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3209604.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3209604.FirstTime", "true");
Found : user_pref("CT3209604.FirstTimeFF3", "true");
Found : user_pref("CT3209604.LoginRevertSettingsEnabled", false);
Found : user_pref("CT3209604.RevertSettingsEnabled", true);
Found : user_pref("CT3209604.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT320[...]
Found : user_pref("CT3209604.UserID", "UN70176744417122151");
Found : user_pref("CT3209604.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3209604.browser.search.defaultthis.engineName", true);
Found : user_pref("CT3209604.cb_experience_000.enc", "Mg==");
Found : user_pref("CT3209604.cb_firstuse0100.enc", "MQ==");
Found : user_pref("CT3209604.cbcountry_001.enc", "Q0E=");
Found : user_pref("CT3209604.cbfirsttime.enc", "TW9uIE5vdiAxMiAyMDEyIDEwOjUwOjE5IEdNVC0wNzAwIChNb3VudGFpbiBT[...]
Found : user_pref("CT3209604.embeddedsData", "[{\"appId\":\"129785153989088931\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3209604.enableAlerts", "always");
Found : user_pref("CT3209604.firstTimeDialogOpened", "true");
Found : user_pref("CT3209604.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3209604.fixUrls", true);
Found : user_pref("CT3209604.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc",[...]
Found : user_pref("CT3209604.installType", "Unknown");
Found : user_pref("CT3209604.isCheckedStartAsHidden", true);
Found : user_pref("CT3209604.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3209604.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3209604.isNewTabEnabled", true);
Found : user_pref("CT3209604.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3209604.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3209604.keyword", true);
Found : user_pref("CT3209604.migrateAppsAndComponents", true);
Found : user_pref("CT3209604.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fdownload.cnet.co[...]
Found : user_pref("CT3209604.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3209604.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"][...]
Found : user_pref("CT3209604.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Found : user_pref("CT3209604.price-gong.isManagedApp", "true");
Found : user_pref("CT3209604.search.searchAppId", "129785153989088931");
Found : user_pref("CT3209604.search.searchCount", "0");
Found : user_pref("CT3209604.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3209604.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3209604.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3209604.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3209604.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3209604.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3209604.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3209604.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3209604.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1352742608730");
Found : user_pref("CT3209604.serviceLayer_services_appTracking_lastUpdate", "1352744886123");
Found : user_pref("CT3209604.serviceLayer_services_appsMetadata_lastUpdate", "1353474218687");
Found : user_pref("CT3209604.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1352742615669");
Found : user_pref("CT3209604.serviceLayer_services_login_10.13.40.15_lastUpdate", "1353474218847");
Found : user_pref("CT3209604.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13533[...]
Found : user_pref("CT3209604.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1352742615733");
Found : user_pref("CT3209604.serviceLayer_services_searchAPI_lastUpdate", "1353474218963");
Found : user_pref("CT3209604.serviceLayer_services_serviceMap_lastUpdate", "1353474218529");
Found : user_pref("CT3209604.serviceLayer_services_toolbarContextMenu_lastUpdate", "1352742615618");
Found : user_pref("CT3209604.serviceLayer_services_toolbarSettings_lastUpdate", "1353474218749");
Found : user_pref("CT3209604.serviceLayer_services_translation_lastUpdate", "1353474218717");
Found : user_pref("CT3209604.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate",[...]
Found : user_pref("CT3209604.serviceLayer_services_userApps_lastUpdate", "1353358627197");
Found : user_pref("CT3209604.settingsINI", true);
Found : user_pref("CT3209604.smartbar.CTID", "CT3209604");
Found : user_pref("CT3209604.smartbar.Uninstall", "0");
Found : user_pref("CT3209604.smartbar.homepage", true);
Found : user_pref("CT3209604.smartbar.toolbarName", "Produtools Manuals 2.1 ");
Found : user_pref("CT3209604.toolbarBornServerTime", "12-11-2012");
Found : user_pref("CT3209604.toolbarCurrentServerTime", "21-11-2012");
Found : user_pref("CT3209604.url_history0001.enc", "aHR0cDovL2NhLnNlYXJjaC55YWhvby5jb20vci9feWx0PUEwb0dkTnRq[...]
Found : user_pref("CT3209604_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=1[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3209604");
Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=13&CUI[...]
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=13[...]
Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?SSPV=FFSBCUID&ctid=CT3201318&Sear[...]
Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT320[...]
Found : user_pref("smartbar.originalSearchEngine", false);
Found : user_pref("browser.search.selectedEngine", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www2.mystart.com/results.php?pr=vmn&id[...]

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.38] : icon_url = "hxxp://www.ask.com/favicon.ico",
Found [l.41] : keyword = "ask.com",
Found [l.45] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=75CEE43B-DB63-407C-8F62-68D841E85FB2&apn_ptnrs=U3&apn_sauid=51F10334-D92B-4BEE-8E72-CC7EFAD759DB&apn_dtid=OSJ000YYCA&q={searchTerms}",
Found [l.46] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}"
Found [l.2277] : homepage = "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=13&CUI=SB_CUI",

*************************

AdwCleaner[R1].txt - [17512 octets] - [15/06/2013 20:58:57]
AdwCleaner[R2].txt - [17444 octets] - [15/06/2013 21:01:05]

########## EOF - C:\AdwCleaner[R2].txt - [17505 octets] ##########



# AdwCleaner v2.303 - Logfile created 06/15/2013 at 21:03:08
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Jason - JASON7
# Boot Mode : Normal
# Running from : C:\Users\Jason\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\searchplugins\Askcom.xml
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\yolobartb
Folder Deleted : C:\Users\Jason\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\CT3201318
Folder Deleted : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\CT3209604
Folder Deleted : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}
Folder Deleted : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}
Folder Deleted : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\Smartbar
Folder Deleted : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\yolobartb
Folder Deleted : C:\Users\Jason\AppData\Roaming\ParetoLogic

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\prefs.js

C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\user.js ... Deleted !

Deleted : user_pref("CT3201318.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3201318.1000082.muteState", "off");
Deleted : user_pref("CT3201318.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3201318.1000234.TWC_TMP_city", "VANCOUVER");
Deleted : user_pref("CT3201318.1000234.TWC_TMP_country", "CA");
Deleted : user_pref("CT3201318.1000234.TWC_locId", "CAXX0126");
Deleted : user_pref("CT3201318.1000234.TWC_location", "Edmonton, Canada");
Deleted : user_pref("CT3201318.1000234.TWC_region", "OT");
Deleted : user_pref("CT3201318.1000234.TWC_temp_dis", "c");
Deleted : user_pref("CT3201318.1000234.TWC_wind_dis", "kmh");
Deleted : user_pref("CT3201318.1000234.weatherData", "{\"icon\":\"31.png\",\"temperature\":\"12°C\",\"temperat[...]
Deleted : user_pref("CT3201318.129774027300123987.APP_WIN_FEATURES", "openposition=offset:50;50,savelocation=0[...]
Deleted : user_pref("CT3201318.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3201318.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3201318.FirstTime", "true");
Deleted : user_pref("CT3201318.FirstTimeFF3", "true");
Deleted : user_pref("CT3201318.LoginRevertSettingsEnabled", false);
Deleted : user_pref("CT3201318.RevertSettingsEnabled", true);
Deleted : user_pref("CT3201318.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSBC[...]
Deleted : user_pref("CT3201318.UserID", "UN63486652559504430");
Deleted : user_pref("CT3201318.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3201318.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3201318.cb_experience_000", "4");
Deleted : user_pref("CT3201318.cb_firstuse0100", "1");
Deleted : user_pref("CT3201318.cbcountry_001", "CA");
Deleted : user_pref("CT3201318.cbfirsttime", "Sun Aug 26 2012 20:37:07 GMT-0600 (Mountain Daylight Time)");
Deleted : user_pref("CT3201318.embeddedsData", "[{\"appId\":\"129774027300123987\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3201318.enableAlerts", "always");
Deleted : user_pref("CT3201318.event_data", "%5B%5D");
Deleted : user_pref("CT3201318.fired_events", "");
Deleted : user_pref("CT3201318.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3201318.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3201318.fixUrls", true);
Deleted : user_pref("CT3201318.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3201318.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3201318.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3201318.isNewTabEnabled", true);
Deleted : user_pref("CT3201318.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3201318.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3201318.key_date", "19");
Deleted : user_pref("CT3201318.keyword", true);
Deleted : user_pref("CT3201318.migrateAppsAndComponents", true);
Deleted : user_pref("CT3201318.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3201318.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3201318.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"][...]
Deleted : user_pref("CT3201318.search.searchAppId", "129768733323172459");
Deleted : user_pref("CT3201318.search.searchCount", "2");
Deleted : user_pref("CT3201318.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3201318.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3201318.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3201318.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3201318.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3201318.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1353343401650");
Deleted : user_pref("CT3201318.serviceLayer_services_appsMetadata_lastUpdate", "1353474216204");
Deleted : user_pref("CT3201318.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353343401331");
Deleted : user_pref("CT3201318.serviceLayer_services_login_10.10.22.13_lastUpdate", "1346326326233");
Deleted : user_pref("CT3201318.serviceLayer_services_login_10.10.27.6_lastUpdate", "1352742200294");
Deleted : user_pref("CT3201318.serviceLayer_services_login_10.13.40.15_lastUpdate", "1353474216593");
Deleted : user_pref("CT3201318.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13533[...]
Deleted : user_pref("CT3201318.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13533[...]
Deleted : user_pref("CT3201318.serviceLayer_services_optimizer_lastUpdate", "1346415485934");
Deleted : user_pref("CT3201318.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353343401657");
Deleted : user_pref("CT3201318.serviceLayer_services_searchAPI_lastUpdate", "1353474216795");
Deleted : user_pref("CT3201318.serviceLayer_services_serviceMap_lastUpdate", "1353474215859");
Deleted : user_pref("CT3201318.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353343401264");
Deleted : user_pref("CT3201318.serviceLayer_services_toolbarSettings_lastUpdate", "1353474216771");
Deleted : user_pref("CT3201318.serviceLayer_services_translation_lastUpdate", "1353474216974");
Deleted : user_pref("CT3201318.settingsINI", true);
Deleted : user_pref("CT3201318.smartbar.CTID", "CT3201318");
Deleted : user_pref("CT3201318.smartbar.Uninstall", "0");
Deleted : user_pref("CT3201318.smartbar.homepage", true);
Deleted : user_pref("CT3201318.smartbar.toolbarName", "FLV Runner ");
Deleted : user_pref("CT3201318.toolbarBornServerTime", "27-8-2012");
Deleted : user_pref("CT3201318.toolbarCurrentServerTime", "21-11-2012");
Deleted : user_pref("CT3201318.upgradeFromClearSBVersion", true);
Deleted : user_pref("CT3201318.url_history0001", "hxxp://images.search.yahoo.com/images/view;_ylt=A2KJkeyh9URQ[...]
Deleted : user_pref("CT3201318_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CT3209604.1000082.isDisplayHidden", "true");
Deleted : user_pref("CT3209604.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3209604.CBOpenMAMSettings.enc", "MA==");
Deleted : user_pref("CT3209604.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3209604.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3209604.FirstTime", "true");
Deleted : user_pref("CT3209604.FirstTimeFF3", "true");
Deleted : user_pref("CT3209604.LoginRevertSettingsEnabled", false);
Deleted : user_pref("CT3209604.RevertSettingsEnabled", true);
Deleted : user_pref("CT3209604.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT320[...]
Deleted : user_pref("CT3209604.UserID", "UN70176744417122151");
Deleted : user_pref("CT3209604.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3209604.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3209604.cb_experience_000.enc", "Mg==");
Deleted : user_pref("CT3209604.cb_firstuse0100.enc", "MQ==");
Deleted : user_pref("CT3209604.cbcountry_001.enc", "Q0E=");
Deleted : user_pref("CT3209604.cbfirsttime.enc", "TW9uIE5vdiAxMiAyMDEyIDEwOjUwOjE5IEdNVC0wNzAwIChNb3VudGFpbiBT[...]
Deleted : user_pref("CT3209604.embeddedsData", "[{\"appId\":\"129785153989088931\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3209604.enableAlerts", "always");
Deleted : user_pref("CT3209604.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3209604.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3209604.fixUrls", true);
Deleted : user_pref("CT3209604.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc",[...]
Deleted : user_pref("CT3209604.installType", "Unknown");
Deleted : user_pref("CT3209604.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3209604.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3209604.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3209604.isNewTabEnabled", true);
Deleted : user_pref("CT3209604.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3209604.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3209604.keyword", true);
Deleted : user_pref("CT3209604.migrateAppsAndComponents", true);
Deleted : user_pref("CT3209604.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fdownload.cnet.co[...]
Deleted : user_pref("CT3209604.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3209604.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"][...]
Deleted : user_pref("CT3209604.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Deleted : user_pref("CT3209604.price-gong.isManagedApp", "true");
Deleted : user_pref("CT3209604.search.searchAppId", "129785153989088931");
Deleted : user_pref("CT3209604.search.searchCount", "0");
Deleted : user_pref("CT3209604.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3209604.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3209604.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3209604.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3209604.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3209604.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3209604.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3209604.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3209604.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1352742608730");
Deleted : user_pref("CT3209604.serviceLayer_services_appTracking_lastUpdate", "1352744886123");
Deleted : user_pref("CT3209604.serviceLayer_services_appsMetadata_lastUpdate", "1353474218687");
Deleted : user_pref("CT3209604.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1352742615669");
Deleted : user_pref("CT3209604.serviceLayer_services_login_10.13.40.15_lastUpdate", "1353474218847");
Deleted : user_pref("CT3209604.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13533[...]
Deleted : user_pref("CT3209604.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1352742615733");
Deleted : user_pref("CT3209604.serviceLayer_services_searchAPI_lastUpdate", "1353474218963");
Deleted : user_pref("CT3209604.serviceLayer_services_serviceMap_lastUpdate", "1353474218529");
Deleted : user_pref("CT3209604.serviceLayer_services_toolbarContextMenu_lastUpdate", "1352742615618");
Deleted : user_pref("CT3209604.serviceLayer_services_toolbarSettings_lastUpdate", "1353474218749");
Deleted : user_pref("CT3209604.serviceLayer_services_translation_lastUpdate", "1353474218717");
Deleted : user_pref("CT3209604.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate",[...]
Deleted : user_pref("CT3209604.serviceLayer_services_userApps_lastUpdate", "1353358627197");
Deleted : user_pref("CT3209604.settingsINI", true);
Deleted : user_pref("CT3209604.smartbar.CTID", "CT3209604");
Deleted : user_pref("CT3209604.smartbar.Uninstall", "0");
Deleted : user_pref("CT3209604.smartbar.homepage", true);
Deleted : user_pref("CT3209604.smartbar.toolbarName", "Produtools Manuals 2.1 ");
Deleted : user_pref("CT3209604.toolbarBornServerTime", "12-11-2012");
Deleted : user_pref("CT3209604.toolbarCurrentServerTime", "21-11-2012");
Deleted : user_pref("CT3209604.url_history0001.enc", "aHR0cDovL2NhLnNlYXJjaC55YWhvby5jb20vci9feWx0PUEwb0dkTnRq[...]
Deleted : user_pref("CT3209604_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3209604");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=13&CUI[...]
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=13[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?SSPV=FFSBCUID&ctid=CT3201318&Sear[...]
Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT320[...]
Deleted : user_pref("smartbar.originalSearchEngine", false);
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www2.mystart.com/results.php?pr=vmn&id[...]

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.38] : icon_url = "hxxp://www.ask.com/favicon.ico",
Deleted [l.41] : keyword = "ask.com",
Deleted [l.45] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=75[...]
Deleted [l.46] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
Deleted [l.2277] : homepage = "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=13&CUI=SB_CUI",

*************************

AdwCleaner[R1].txt - [17512 octets] - [15/06/2013 20:58:57]
AdwCleaner[R2].txt - [17573 octets] - [15/06/2013 21:01:05]
AdwCleaner[S1].txt - [17745 octets] - [15/06/2013 21:03:08]

########## EOF - C:\AdwCleaner[S1].txt - [17806 octets] ##########
  • 0

#5
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello again 314!

Thank you for posting all of those logs! I reviewed them and saw that quite a bit of malware was removed.

I'm still interested, however, in what the OTL scan has in store.

Please follow my instructions regarding OTL in post #3.

There is no need to post an ADWcleaner log since it has already been used.

In your next post, be sure to include:
  • The OTL log
  • A report on if any of your problems resolved or if any new problems have been created.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#7
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Opened at user request, user returned.
  • 0

#8
314

314

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
I apologize for the time it took me do post this log thanks again for your help.




OTL logfile created on: 6/21/2013 9:56:47 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jason\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 49.46% Memory free
5.98 Gb Paging File | 4.20 Gb Available in Paging File | 70.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 179.63 Gb Free Space | 77.13% Space Free | Partition Type: NTFS

Computer Name: JASON7 | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/16 00:55:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
PRC - [2013/05/28 23:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/05/22 10:30:52 | 000,661,360 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2013/02/05 09:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2011/11/03 17:41:16 | 000,329,072 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
PRC - [2011/08/04 13:37:56 | 000,140,656 | ---- | M] (Sierra Wireless Inc.) -- C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe
PRC - [2010/10/28 15:26:44 | 001,196,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2010/10/28 15:21:56 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/07/29 01:40:56 | 000,311,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/06/10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2009/11/16 09:27:48 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/28 23:27:38 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll
MOD - [2013/05/28 23:27:35 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013/05/28 23:26:40 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libglesv2.dll
MOD - [2013/05/28 23:26:39 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libegl.dll
MOD - [2013/05/28 23:26:36 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2011/11/03 17:39:14 | 000,251,248 | ---- | M] () -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/04/03 13:34:46 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/04/03 13:32:06 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/03/01 09:08:02 | 000,388,680 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2013/02/28 09:46:18 | 001,017,016 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/22 10:24:02 | 000,120,592 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/02/05 09:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/11/03 17:12:04 | 000,321,392 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/04/13 20:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/22 15:46:12 | 000,074,560 | ---- | M] (McAfee, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\McPvDrv.sys -- (McPvDrv)
DRV:64bit: - [2013/04/03 13:37:38 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/04/03 13:34:58 | 000,342,416 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/04/03 13:33:06 | 000,772,944 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/04/03 13:32:14 | 000,516,608 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/04/03 13:31:36 | 000,309,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/04/03 13:31:14 | 000,179,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/02/18 07:46:56 | 000,095,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2013/02/18 07:46:50 | 000,337,120 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2013/02/11 22:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/28 12:45:43 | 000,297,472 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV:64bit: - [2011/05/16 12:44:24 | 000,109,312 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swiwdmbx64.sys -- (swiwdmbx)
DRV:64bit: - [2011/05/13 14:54:12 | 000,258,432 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swg3kser00.sys -- (swg3kser00)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/05/25 08:14:34 | 000,031,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OXUDIDRV_x64.sys -- (OXUDIDRV)
DRV:64bit: - [2010/04/13 20:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/11/02 21:06:35 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009/11/02 21:06:35 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2009/09/28 09:55:42 | 000,051,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OXSDIDRV_x64.sys -- (OXSDIDRV_x64)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 14:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/20 04:31:40 | 000,514,048 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MRVW148.sys -- (MRVW148)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...opt=0&ocid=iehp
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC 71 89 87 3A B5 CD 01 [binary data]
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\..\SearchScopes\{3FD6CBF3-17CC-42D7-A801-053AAC56E9B4}: "URL" = http://websearch.ask...72-CC7EFAD759DB
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\..\SearchScopes\{83E77049-768A-4A6C-B311-35267C3402CC}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}:1.4.9
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledAddons: {3bbd3c14-4c16-4989-8366-95bc9179779d}:10.13.40.15
FF - prefs.js..extensions.enabledAddons: [email protected]:1.20.00
FF - prefs.js..extensions.enabledAddons: [email protected]:2.1.355.0
FF - prefs.js..extensions.enabledAddons: {607b689f-7600-45e4-b8e5-887f72dab15c}:1.0
FF - prefs.js..extensions.enabledAddons: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}:10.13.40.15
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/27 15:42:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2012/08/27 15:43:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/08/30 07:37:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/06/16 23:07:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/06/15 23:00:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/27 15:42:00 | 000,000,000 | ---D | M]

[2012/08/04 12:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2013/06/15 21:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions
[2012/11/12 12:27:11 | 000,000,000 | ---D | M] (Yolobar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}
[2012/11/05 16:21:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/10/28 16:30:43 | 000,012,929 | ---- | M] () (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2012/11/12 12:23:37 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/11/12 12:34:41 | 000,001,074 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\searchplugins\produtools-manuals-21-customized-web-search.xml
[2012/10/30 15:02:14 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mystarttb.xml

========== Chrome ==========

CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Jason\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: SiteAdvisor = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [WatcherHelper] C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14EB5EFB-4DD1-43D0-8850-D570A8A6FC3B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CB2B0D9-E961-4979-A1FC-214E794505CC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C37A7633-251E-41C7-8164-06395E2F26FF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4eada76b-de43-11e1-a8a8-00e0b8e479e1}\Shell - "" = AutoRun
O33 - MountPoints2\{4eada76b-de43-11e1-a8a8-00e0b8e479e1}\Shell\AutoRun\command - "" = G:\HPLauncher.exe
O33 - MountPoints2\{4eada7f4-de43-11e1-a8a8-00e0b8e479e1}\Shell - "" = AutoRun
O33 - MountPoints2\{4eada7f4-de43-11e1-a8a8-00e0b8e479e1}\Shell\AutoRun\command - "" = J:\HPLauncher.exe
O33 - MountPoints2\{85ba3f83-deb5-11e1-8775-00e0b8e479e1}\Shell - "" = AutoRun
O33 - MountPoints2\{85ba3f83-deb5-11e1-8775-00e0b8e479e1}\Shell\AutoRun\command - "" = F:\WIN\setup.exe -ap
O33 - MountPoints2\{fb802eb1-dd3b-11e1-b2b5-00e0b8e479e1}\Shell - "" = AutoRun
O33 - MountPoints2\{fb802eb1-dd3b-11e1-b2b5-00e0b8e479e1}\Shell\AutoRun\command - "" = H:\WIN\setup.exe -ap
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/06/16 03:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/06/16 03:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/06/16 03:03:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/06/16 02:39:05 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\New folder
[2013/06/16 00:55:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2013/06/15 23:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfeeMOBK
[2013/06/15 23:00:40 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Online Backup
[2013/06/15 23:00:38 | 000,066,040 | ---- | C] (Mozy, Inc.) -- C:\Windows\SysNative\drivers\MOBK.sys
[2013/06/15 23:00:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/06/15 23:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Online Backup
[2013/06/15 23:00:30 | 000,197,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2013/06/15 22:59:58 | 000,074,560 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\McPvDrv.sys
[2013/06/15 22:59:58 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\McAfee File Lock
[2013/06/15 22:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2013/06/15 22:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2013/06/15 22:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2013/06/15 22:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2013/06/15 22:41:57 | 000,182,752 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2013/06/15 22:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2013/06/15 22:35:29 | 005,102,984 | ---- | C] (McAfee, Inc.) -- C:\Users\Jason\Desktop\McAfeeSetup.exe
[2013/06/15 22:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2013/06/15 21:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2013/06/15 21:53:31 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Citrix
[2013/06/15 21:43:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\McAfee
[2013/06/15 21:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/06/15 20:44:10 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\RK_Quarantine
[2013/06/12 17:23:07 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Pics to sort
[2013/06/09 12:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/06/09 12:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/06/06 05:26:31 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/06/05 23:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2013/06/01 16:01:25 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Animethon Guidebooks A4 - A19
[2013/06/01 15:59:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Animethon 20 August 9-11,2013
[2013/05/29 03:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2013/05/28 21:19:09 | 000,000,000 | ---D | C] -- C:\Stinger_Quarantine
[2013/05/28 21:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2013/05/28 18:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2013/05/28 18:27:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN

========== Files - Modified Within 30 Days ==========

[2013/06/21 10:06:31 | 000,000,075 | ---- | M] () -- C:\Users\Jason\Desktop\numlock.vbs
[2013/06/21 10:02:41 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/21 10:02:41 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/21 10:02:01 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2013/06/21 09:57:58 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/21 09:57:58 | 000,624,276 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/21 09:57:58 | 000,106,620 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/21 09:52:04 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/21 09:51:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/21 09:50:47 | 2408,390,656 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/18 06:28:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/17 21:02:46 | 000,002,259 | ---- | M] () -- C:\Users\Jason\Desktop\Google Chrome.lnk
[2013/06/16 23:14:08 | 017,341,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/06/16 03:19:45 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/16 03:19:43 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/06/16 00:55:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2013/06/15 23:30:40 | 002,692,328 | ---- | M] (CPUID) -- C:\Users\Jason\Desktop\cpuz_x64.exe
[2013/06/15 23:30:40 | 000,000,202 | ---- | M] () -- C:\Users\Jason\Desktop\cpuz.ini
[2013/06/15 22:35:29 | 005,102,984 | ---- | M] (McAfee, Inc.) -- C:\Users\Jason\Desktop\McAfeeSetup.exe
[2013/06/15 22:27:14 | 000,002,926 | ---- | M] () -- C:\Users\Jason\Desktop\mbam_backup.reg
[2013/06/15 21:32:55 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/06/15 20:43:42 | 000,000,512 | ---- | M] () -- C:\Users\Jason\Desktop\MBR.dat
[2013/06/06 05:18:33 | 000,218,184 | ---- | M] () -- C:\Users\Jason\winlogon.exe
[2013/06/06 05:18:32 | 000,218,184 | ---- | M] () -- C:\Users\Jason\svchost.exe
[2013/06/06 05:18:32 | 000,218,184 | ---- | M] () -- C:\Users\Jason\rundll32.exe
[2013/06/06 05:18:31 | 000,218,184 | ---- | M] () -- C:\Users\Jason\mbam-chameleon.scr
[2013/06/06 05:18:31 | 000,218,184 | ---- | M] () -- C:\Users\Jason\mbam-chameleon.pif
[2013/06/06 05:18:29 | 000,218,184 | ---- | M] () -- C:\Users\Jason\mbam-chameleon.exe
[2013/06/06 05:18:28 | 000,218,184 | ---- | M] () -- C:\Users\Jason\mbam-chameleon.com
[2013/06/06 05:18:27 | 000,218,184 | ---- | M] () -- C:\Users\Jason\iexplore.exe
[2013/06/06 05:18:26 | 000,218,184 | ---- | M] () -- C:\Users\Jason\firefox.scr
[2013/06/06 05:18:26 | 000,218,184 | ---- | M] () -- C:\Users\Jason\firefox.pif
[2013/06/06 05:18:25 | 000,218,184 | ---- | M] () -- C:\Users\Jason\firefox.exe
[2013/06/06 05:18:24 | 000,218,184 | ---- | M] () -- C:\Users\Jason\firefox.com
[2013/06/06 05:18:20 | 000,186,068 | ---- | M] () -- C:\Users\Jason\chameleon.chm
[2013/05/28 18:27:01 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk

========== Files Created - No Company Name ==========

[2013/06/21 10:06:31 | 000,000,075 | ---- | C] () -- C:\Users\Jason\Desktop\numlock.vbs
[2013/06/17 21:02:46 | 000,002,259 | ---- | C] () -- C:\Users\Jason\Desktop\Google Chrome.lnk
[2013/06/16 03:19:45 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/16 03:19:43 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/06/15 23:01:19 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2013/06/15 23:00:23 | 000,002,641 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencrk.inf
[2013/06/15 23:00:10 | 000,002,951 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencbdc.inf
[2013/06/15 22:27:14 | 000,002,926 | ---- | C] () -- C:\Users\Jason\Desktop\mbam_backup.reg
[2013/06/15 21:32:55 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/06/15 20:43:42 | 000,000,512 | ---- | C] () -- C:\Users\Jason\Desktop\MBR.dat
[2013/05/28 18:27:01 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2012/11/11 21:23:32 | 000,000,089 | ---- | C] () -- C:\Windows\fnerr.dat
[2012/08/27 16:13:08 | 000,001,333 | ---- | C] () -- C:\Windows\hpomdl52.dat.temp
[2012/08/27 15:32:08 | 000,212,842 | ---- | C] () -- C:\Windows\hpoins52.dat
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\winlogon.exe
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\svchost.exe
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\rundll32.exe
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\mbam-chameleon.scr
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\mbam-chameleon.pif
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\mbam-chameleon.exe
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\mbam-chameleon.com
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\iexplore.exe
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\firefox.scr
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\firefox.pif
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\firefox.exe
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\firefox.com
[2012/08/05 17:50:54 | 000,000,049 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2012/08/05 11:08:16 | 000,000,260 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/08/05 11:08:16 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/08/05 11:07:37 | 000,005,897 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2012/08/05 11:05:47 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/08/05 11:05:47 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/08/05 11:05:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/08/05 11:05:35 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/08/03 01:06:32 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/03 11:32:48 | 000,186,068 | ---- | C] () -- C:\Users\Jason\chameleon.chm

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 23:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 22:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/05 11:12:09 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ControlCenter4
[2012/11/21 00:02:08 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Foxit Reader
[2012/12/09 02:32:41 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Foxit Software
[2012/08/05 10:51:24 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Nuance
[2012/08/04 21:19:58 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Sierra Wireless
[2012/11/09 19:48:59 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Zeon

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 23:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 21:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/05/12 23:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/05/12 22:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 21:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 21:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 21:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 05:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 21:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 21:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 21:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 21:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 21:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 21:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 21:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 21:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 21:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 21:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 21:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 21:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 21:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 21:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 21:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 21:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 21:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 21:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 21:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011/04/12 02:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 02:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2011/04/12 02:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 02:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 02:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 02:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/06/06 05:18:32 | 000,218,184 | ---- | M] () MD5=B6381489F9C8612AFFD4A2765ABD341C -- C:\Users\Jason\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/08/15 08:48:46 | 000,218,184 | ---- | M] () MD5=B6381489F9C8612AFFD4A2765ABD341C -- C:\Users\Jason\AppData\Local\Temp\Temp2_mbam-chameleon-1.62.1.1000.zip\winlogon.exe
[2013/06/06 05:18:33 | 000,218,184 | ---- | M] () MD5=B6381489F9C8612AFFD4A2765ABD341C -- C:\Users\Jason\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 34E4-0E93
Directory of C:\
07/13/2009 11:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 11:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 11:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 11:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 11:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 11:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 11:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 11:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 11:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 11:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 11:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Jason
08/03/2012 12:30 AM <JUNCTION> Application Data [C:\Users\Jason\AppData\Roaming]
08/03/2012 12:30 AM <JUNCTION> Cookies [C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Cookies]
08/03/2012 12:30 AM <JUNCTION> Local Settings [C:\Users\Jason\AppData\Local]
08/03/2012 12:30 AM <JUNCTION> My Documents [C:\Users\Jason\Documents]
08/03/2012 12:30 AM <JUNCTION> NetHood [C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/03/2012 12:30 AM <JUNCTION> PrintHood [C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/03/2012 12:30 AM <JUNCTION> Recent [C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Recent]
08/03/2012 12:30 AM <JUNCTION> SendTo [C:\Users\Jason\AppData\Roaming\Microsoft\Windows\SendTo]
08/03/2012 12:30 AM <JUNCTION> Start Menu [C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu]
08/03/2012 12:30 AM <JUNCTION> Templates [C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Jason\AppData\Local
08/03/2012 12:30 AM <JUNCTION> Application Data [C:\Users\Jason\AppData\Local]
08/03/2012 12:30 AM <JUNCTION> History [C:\Users\Jason\AppData\Local\Microsoft\Windows\History]
08/03/2012 12:30 AM <JUNCTION> Temporary Internet Files [C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Jason\Documents
08/03/2012 12:30 AM <JUNCTION> My Music [C:\Users\Jason\Music]
08/03/2012 12:30 AM <JUNCTION> My Pictures [C:\Users\Jason\Pictures]
08/03/2012 12:30 AM <JUNCTION> My Videos [C:\Users\Jason\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 192,692,207,616 bytes free

< End of report >
  • 0

#9
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello again 314!

I apologize for the time it took me do post this log thanks again for your help.


No worries! :P

Please follow these instructions very carefully:

First, please run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL
    FF - prefs.js..extensions.enabledAddons: {3bbd3c14-4c16-4989-8366-95bc9179779d}:10.13.40.15
    FF - prefs.js..extensions.enabledAddons: [email protected]:1.20.00
    FF - prefs.js..extensions.enabledAddons: [email protected]:2.1.355.0
    FF - prefs.js..extensions.enabledAddons: {607b689f-7600-45e4-b8e5-887f72dab15c}:1.0
    FF - prefs.js..extensions.enabledAddons: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}:10.13.40.15
    [2012/11/12 12:27:11 | 000,000,000 | ---D | M] (Yolobar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}
    [2013/06/05 23:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
    [2013/06/06 05:18:33 | 000,218,184 | ---- | M] () -- C:\Users\Jason\winlogon.exe
    [2013/06/06 05:18:32 | 000,218,184 | ---- | M] () -- C:\Users\Jason\svchost.exe
    [2013/06/06 05:18:32 | 000,218,184 | ---- | M] () -- C:\Users\Jason\rundll32.exe
    
    :Commands
    [emptytemp]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • A resulting log will be created. Please post that in your next reply.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

In your next post, please include the following:
  • The OTL logs (The fix log and the log after the Quick Scan)
  • A report on if any of your problems resolved or if any new problems have been created.

  • 0

#10
314

314

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
here you go, sorry for the delay but something we did or something i have killed my wireless. i doesn't work anymore, I have tried using the hardware switch via fn+f2, doesn't work, I have enabled and disabled my wireless in my bios, i have enabled and disabled my wireless in windows, I have uninstalled my wireless(with delete driver option) re-installed my wireless still doesn't work.



All processes killed
========== OTL ==========
Prefs.js: {3bbd3c14-4c16-4989-8366-95bc9179779d}:10.13.40.15 removed from extensions.enabledAddons
Prefs.js: [email protected]:1.20.00 removed from extensions.enabledAddons
Prefs.js: [email protected]:2.1.355.0 removed from extensions.enabledAddons
Prefs.js: {607b689f-7600-45e4-b8e5-887f72dab15c}:1.0 removed from extensions.enabledAddons
Prefs.js: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}:10.13.40.15 removed from extensions.enabledAddons
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\Setup\ADA folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\Setup folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\components folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\skin\options folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\skin\lib\radio folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\skin\lib\panels\js folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\skin\lib folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\skin folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\data\search folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\data folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.YouTubeShortcut folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.TwitterShortcut folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.TuneIn folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.MyStartCoupon folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.MailCollection\skin\scripts folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.MailCollection\skin\images folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.MailCollection\skin\css folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.MailCollection\skin folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.MailCollection\js folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.MailCollection\images folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.MailCollection\css folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.MailCollection folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.FacebookShortcut folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.ebayshortcut folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Coupons_v4\skin\js folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Coupons_v4\skin\images folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Coupons_v4\skin\css folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Coupons_v4\skin folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Coupons_v4\panel\js folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Coupons_v4\panel\images folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Coupons_v4\panel\css folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Coupons_v4\panel folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Coupons_v4\js folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Coupons_v4\images folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Coupons_v4\css folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Coupons_v4 folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Bizrate\skin\scripts folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Bizrate\skin\images folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Bizrate\skin\css folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Bizrate\skin folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Bizrate\js folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Bizrate\images folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Bizrate\css folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.Bizrate folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets\net.vmn.www.AmazonShortcut folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\widgets folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\newtab\images folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\newtab folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\modules folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content\lib folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome\content folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\chrome folder moved successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c} folder moved successfully.
C:\ProgramData\Uniblue\DriverScanner folder moved successfully.
C:\ProgramData\Uniblue folder moved successfully.
C:\Users\Jason\winlogon.exe moved successfully.
C:\Users\Jason\svchost.exe moved successfully.
C:\Users\Jason\rundll32.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jason
->Temp folder emptied: 77773990 bytes
->Temporary Internet Files folder emptied: 105222693 bytes
->Java cache emptied: 8306 bytes
->FireFox cache emptied: 68854635 bytes
->Google Chrome cache emptied: 390298709 bytes
->Flash cache emptied: 6482 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 113633440 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42293692 bytes
RecycleBin emptied: 21869 bytes

Total Files Cleaned = 761.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06212013_142449

Files\Folders moved on Reboot...
C:\Users\Jason\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...





OTL logfile created on: 6/21/2013 2:32:31 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jason\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 59.55% Memory free
5.98 Gb Paging File | 4.72 Gb Available in Paging File | 78.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 178.94 Gb Free Space | 76.84% Space Free | Partition Type: NTFS

Computer Name: JASON7 | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/16 00:55:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
PRC - [2013/02/05 09:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2011/11/03 17:41:16 | 000,329,072 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
PRC - [2011/08/04 13:37:56 | 000,140,656 | ---- | M] (Sierra Wireless Inc.) -- C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe
PRC - [2010/10/28 15:26:44 | 001,196,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2010/10/28 15:21:56 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/06/10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2009/11/16 09:27:48 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/03 17:39:14 | 000,251,248 | ---- | M] () -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/04/03 13:34:46 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/04/03 13:32:06 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/03/01 09:08:02 | 000,388,680 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2013/02/28 09:46:18 | 001,017,016 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/22 10:24:02 | 000,120,592 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/02/05 09:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/11/03 17:12:04 | 000,321,392 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/04/13 20:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/22 15:46:12 | 000,074,560 | ---- | M] (McAfee, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\McPvDrv.sys -- (McPvDrv)
DRV:64bit: - [2013/04/03 13:37:38 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/04/03 13:34:58 | 000,342,416 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/04/03 13:33:06 | 000,772,944 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/04/03 13:32:14 | 000,516,608 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/04/03 13:31:36 | 000,309,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/04/03 13:31:14 | 000,179,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/02/18 07:46:56 | 000,095,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2013/02/18 07:46:50 | 000,337,120 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2013/02/11 22:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/28 12:45:43 | 000,297,472 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV:64bit: - [2011/05/16 12:44:24 | 000,109,312 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swiwdmbx64.sys -- (swiwdmbx)
DRV:64bit: - [2011/05/13 14:54:12 | 000,258,432 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swg3kser00.sys -- (swg3kser00)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/05/25 08:14:34 | 000,031,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OXUDIDRV_x64.sys -- (OXUDIDRV)
DRV:64bit: - [2010/04/13 20:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/11/02 21:06:35 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009/11/02 21:06:35 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2009/09/28 09:55:42 | 000,051,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OXSDIDRV_x64.sys -- (OXSDIDRV_x64)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 14:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/20 04:31:40 | 000,514,048 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MRVW148.sys -- (MRVW148)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...opt=0&ocid=iehp
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC 71 89 87 3A B5 CD 01 [binary data]
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\..\SearchScopes\{3FD6CBF3-17CC-42D7-A801-053AAC56E9B4}: "URL" = http://websearch.ask...72-CC7EFAD759DB
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\..\SearchScopes\{83E77049-768A-4A6C-B311-35267C3402CC}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}:1.4.9
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/27 15:42:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2012/08/27 15:43:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/08/30 07:37:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/06/16 23:07:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/06/15 23:00:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/27 15:42:00 | 000,000,000 | ---D | M]

[2012/08/04 12:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2013/06/15 21:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions
[2012/11/05 16:21:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/10/28 16:30:43 | 000,012,929 | ---- | M] () (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2012/11/12 12:23:37 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/11/12 12:34:41 | 000,001,074 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\mt85vcqu.default\searchplugins\produtools-manuals-21-customized-web-search.xml
[2012/10/30 15:02:14 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mystarttb.xml

========== Chrome ==========

CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Jason\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: SiteAdvisor = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [WatcherHelper] C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3985219517-3064427757-3219208395-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14EB5EFB-4DD1-43D0-8850-D570A8A6FC3B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C37A7633-251E-41C7-8164-06395E2F26FF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4eada76b-de43-11e1-a8a8-00e0b8e479e1}\Shell - "" = AutoRun
O33 - MountPoints2\{4eada76b-de43-11e1-a8a8-00e0b8e479e1}\Shell\AutoRun\command - "" = G:\HPLauncher.exe
O33 - MountPoints2\{4eada7f4-de43-11e1-a8a8-00e0b8e479e1}\Shell - "" = AutoRun
O33 - MountPoints2\{4eada7f4-de43-11e1-a8a8-00e0b8e479e1}\Shell\AutoRun\command - "" = J:\HPLauncher.exe
O33 - MountPoints2\{85ba3f83-deb5-11e1-8775-00e0b8e479e1}\Shell - "" = AutoRun
O33 - MountPoints2\{85ba3f83-deb5-11e1-8775-00e0b8e479e1}\Shell\AutoRun\command - "" = F:\WIN\setup.exe -ap
O33 - MountPoints2\{fb802eb1-dd3b-11e1-b2b5-00e0b8e479e1}\Shell - "" = AutoRun
O33 - MountPoints2\{fb802eb1-dd3b-11e1-b2b5-00e0b8e479e1}\Shell\AutoRun\command - "" = H:\WIN\setup.exe -ap
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/21 14:24:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/16 03:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/06/16 03:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/06/16 03:03:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/06/16 02:39:05 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\New folder
[2013/06/16 00:55:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2013/06/15 23:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfeeMOBK
[2013/06/15 23:00:40 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Online Backup
[2013/06/15 23:00:38 | 000,066,040 | ---- | C] (Mozy, Inc.) -- C:\Windows\SysNative\drivers\MOBK.sys
[2013/06/15 23:00:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/06/15 23:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Online Backup
[2013/06/15 23:00:30 | 000,197,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2013/06/15 22:59:58 | 000,074,560 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\McPvDrv.sys
[2013/06/15 22:59:58 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\McAfee File Lock
[2013/06/15 22:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2013/06/15 22:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2013/06/15 22:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2013/06/15 22:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2013/06/15 22:41:57 | 000,182,752 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2013/06/15 22:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2013/06/15 22:35:29 | 005,102,984 | ---- | C] (McAfee, Inc.) -- C:\Users\Jason\Desktop\McAfeeSetup.exe
[2013/06/15 22:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2013/06/15 21:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2013/06/15 21:53:31 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Citrix
[2013/06/15 21:43:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\McAfee
[2013/06/15 21:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/06/15 20:44:10 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\RK_Quarantine
[2013/06/12 17:23:07 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Pics to sort
[2013/06/09 12:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/06/09 12:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/06/06 05:26:31 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/06/01 16:01:25 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Animethon Guidebooks A4 - A19
[2013/06/01 15:59:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Animethon 20 August 9-11,2013
[2013/05/29 03:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2013/05/28 21:19:09 | 000,000,000 | ---D | C] -- C:\Stinger_Quarantine
[2013/05/28 21:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2013/05/28 18:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2013/05/28 18:27:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN

========== Files - Modified Within 30 Days ==========

[2013/06/21 14:40:33 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/21 14:40:33 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/21 14:37:13 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/21 14:37:13 | 000,624,276 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/21 14:37:13 | 000,106,620 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/21 14:35:04 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2013/06/21 14:30:06 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/21 14:29:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/21 14:29:22 | 2408,390,656 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/21 14:28:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/21 10:06:31 | 000,000,075 | ---- | M] () -- C:\Users\Jason\Desktop\numlock.vbs
[2013/06/17 21:02:46 | 000,002,259 | ---- | M] () -- C:\Users\Jason\Desktop\Google Chrome.lnk
[2013/06/16 23:14:08 | 017,341,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/06/16 03:19:45 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/16 03:19:43 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/06/16 00:55:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2013/06/15 23:30:40 | 002,692,328 | ---- | M] (CPUID) -- C:\Users\Jason\Desktop\cpuz_x64.exe
[2013/06/15 23:30:40 | 000,000,202 | ---- | M] () -- C:\Users\Jason\Desktop\cpuz.ini
[2013/06/15 22:35:29 | 005,102,984 | ---- | M] (McAfee, Inc.) -- C:\Users\Jason\Desktop\McAfeeSetup.exe
[2013/06/15 22:27:14 | 000,002,926 | ---- | M] () -- C:\Users\Jason\Desktop\mbam_backup.reg
[2013/06/15 21:32:55 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/06/15 20:43:42 | 000,000,512 | ---- | M] () -- C:\Users\Jason\Desktop\MBR.dat
[2013/06/06 05:18:31 | 000,218,184 | ---- | M] () -- C:\Users\Jason\mbam-chameleon.scr
[2013/06/06 05:18:31 | 000,218,184 | ---- | M] () -- C:\Users\Jason\mbam-chameleon.pif
[2013/06/06 05:18:29 | 000,218,184 | ---- | M] () -- C:\Users\Jason\mbam-chameleon.exe
[2013/06/06 05:18:28 | 000,218,184 | ---- | M] () -- C:\Users\Jason\mbam-chameleon.com
[2013/06/06 05:18:27 | 000,218,184 | ---- | M] () -- C:\Users\Jason\iexplore.exe
[2013/06/06 05:18:26 | 000,218,184 | ---- | M] () -- C:\Users\Jason\firefox.scr
[2013/06/06 05:18:26 | 000,218,184 | ---- | M] () -- C:\Users\Jason\firefox.pif
[2013/06/06 05:18:25 | 000,218,184 | ---- | M] () -- C:\Users\Jason\firefox.exe
[2013/06/06 05:18:24 | 000,218,184 | ---- | M] () -- C:\Users\Jason\firefox.com
[2013/06/06 05:18:20 | 000,186,068 | ---- | M] () -- C:\Users\Jason\chameleon.chm
[2013/05/28 18:27:01 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk

========== Files Created - No Company Name ==========

[2013/06/21 10:06:31 | 000,000,075 | ---- | C] () -- C:\Users\Jason\Desktop\numlock.vbs
[2013/06/17 21:02:46 | 000,002,259 | ---- | C] () -- C:\Users\Jason\Desktop\Google Chrome.lnk
[2013/06/16 03:19:45 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/16 03:19:43 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/06/15 23:01:19 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2013/06/15 23:00:23 | 000,002,641 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencrk.inf
[2013/06/15 23:00:10 | 000,002,951 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencbdc.inf
[2013/06/15 22:27:14 | 000,002,926 | ---- | C] () -- C:\Users\Jason\Desktop\mbam_backup.reg
[2013/06/15 21:32:55 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/06/15 20:43:42 | 000,000,512 | ---- | C] () -- C:\Users\Jason\Desktop\MBR.dat
[2013/05/28 18:27:01 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2012/11/11 21:23:32 | 000,000,089 | ---- | C] () -- C:\Windows\fnerr.dat
[2012/08/27 16:13:08 | 000,001,333 | ---- | C] () -- C:\Windows\hpomdl52.dat.temp
[2012/08/27 15:32:08 | 000,212,842 | ---- | C] () -- C:\Windows\hpoins52.dat
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\mbam-chameleon.scr
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\mbam-chameleon.pif
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\mbam-chameleon.exe
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\mbam-chameleon.com
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\iexplore.exe
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\firefox.scr
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\firefox.pif
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\firefox.exe
[2012/08/15 08:48:46 | 000,218,184 | ---- | C] () -- C:\Users\Jason\firefox.com
[2012/08/05 17:50:54 | 000,000,049 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2012/08/05 11:08:16 | 000,000,260 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/08/05 11:08:16 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/08/05 11:07:37 | 000,005,897 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2012/08/05 11:05:47 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/08/05 11:05:47 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/08/05 11:05:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/08/05 11:05:35 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/08/03 01:06:32 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/03 11:32:48 | 000,186,068 | ---- | C] () -- C:\Users\Jason\chameleon.chm

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 23:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 22:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/05 11:12:09 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ControlCenter4
[2012/11/21 00:02:08 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Foxit Reader
[2012/12/09 02:32:41 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Foxit Software
[2012/08/05 10:51:24 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Nuance
[2012/08/04 21:19:58 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Sierra Wireless
[2012/11/09 19:48:59 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Zeon

========== Purity Check ==========



< End of report >
  • 0

#11
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello 314!

Let's try to tackle that connectivity issue! :)

Please follow these instructions very carefully:

First, you must run MiniToolBox.

  • Download MiniToolBox by clicking here and save the file to the Desktop.
  • Close the browser and run the tool, check the following options
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Devices (Only Problems)
  • Click Go.
  • Post the resulting log in your next reply.
Next, I'm going to need another Extras.txt from OTL.
  • Please open OTL.
  • Under the Extras Registry heading, choose Use SafeList.
  • Click the Quick Scan button. Allow the scan to complete.
  • Post both OTL.txt and Extras.txt in your next reply.

In your next reply, please include the following:
  • The MiniToolBox log
  • OTL.txt
  • Extras.txt

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP