Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ads Ads Ads Ads on Chrome Browser


  • Please log in to reply

#1
Jeris

Jeris

    Member

  • Member
  • PipPip
  • 92 posts

Help! My office computer's chrome browser seems riddled with ads and video ads and they seem to refresh so constantly that my Back button is totally inoperable.

 

This is affecting my work and I don't know where to begin to fix this problem.  Any help with this would be much appreciated.

Attached Files


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Post logs directly to the forum, don't attach them please.

First

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post:
    1-AdwCleaner [SO].txt
    2-JRT.txt

    Thanks
    Joe :)
I'm putting your log here so I may refer to it.

OTL logfile created on: 5/15/2014 10:24:34 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OfficeA\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.91 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 58.57% Memory free
3.81 Gb Paging File | 2.65 Gb Available in Paging File | 69.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.69 Gb Total Space | 171.75 Gb Free Space | 78.90% Space Free | Partition Type: NTFS

Computer Name: OFFICEA | User Name: OfficeA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/15 10:00:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OfficeA\Desktop\OTL.exe
PRC - [2014/05/05 18:10:35 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014/04/25 18:29:38 | 000,145,568 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\McAPExe.exe
PRC - [2014/04/25 10:03:52 | 022,415,552 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2014/03/17 19:37:32 | 000,175,480 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2014/03/17 19:28:58 | 000,169,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2014/01/21 04:06:18 | 000,644,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
PRC - [2013/12/18 08:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/06 07:30:16 | 000,273,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
PRC - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
PRC - [2013/02/25 05:58:30 | 003,093,024 | ---- | M] (Fitbit, Inc.) -- C:\Program Files\Fitbit Connect\Fitbit Connect.exe
PRC - [2013/02/25 05:58:30 | 001,239,584 | ---- | M] (Fitbit, Inc.) -- C:\Program Files\Fitbit Connect\FitbitConnectService.exe
PRC - [2012/11/22 16:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/18 03:27:06 | 004,386,816 | ---- | M] () -- C:\Program Files\OtShot\otshot.exe
PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012/04/16 21:36:12 | 002,594,584 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/04/16 21:36:10 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/07 12:13:43 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/09/28 15:06:00 | 000,717,824 | ---- | M] (Xerox Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\x2jobtHH.exe
PRC - [2011/03/08 11:52:08 | 000,227,328 | ---- | M] (Dell Computer Corporation) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe
PRC - [2010/10/01 12:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [1999/03/29 18:37:40 | 000,225,280 | ---- | M] (Corel Corporation Limited) -- C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
PRC - [1999/03/29 09:05:18 | 000,225,280 | ---- | M] (Corel Corporation Limited) -- C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
PRC - [1998/07/22 20:06:26 | 000,067,584 | ---- | M] (IntelliQuest Communications, Inc.) -- C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe


========== Modules (No Company Name) ==========

MOD - [2014/05/14 08:21:54 | 000,027,136 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\_multiprocessing.pyd
MOD - [2014/05/14 08:21:53 | 001,159,680 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\_ssl.pyd
MOD - [2014/05/14 08:21:53 | 000,811,008 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\wx._windows_.pyd
MOD - [2014/05/14 08:21:53 | 000,805,888 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\wx._gdi_.pyd
MOD - [2014/05/14 08:21:53 | 000,713,216 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\_hashlib.pyd
MOD - [2014/05/14 08:21:53 | 000,110,080 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\PyWinTypes27.dll
MOD - [2014/05/14 08:21:53 | 000,070,656 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\wx._html2.pyd
MOD - [2014/05/14 08:21:53 | 000,024,064 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\win32pipe.pyd
MOD - [2014/05/14 08:21:52 | 001,062,400 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\wx._controls_.pyd
MOD - [2014/05/14 08:21:52 | 000,686,080 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\unicodedata.pyd
MOD - [2014/05/14 08:21:52 | 000,127,488 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\pyexpat.pyd
MOD - [2014/05/14 08:21:52 | 000,038,912 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\win32inet.pyd
MOD - [2014/05/14 08:21:52 | 000,035,840 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\win32process.pyd
MOD - [2014/05/14 08:21:52 | 000,025,600 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\win32pdh.pyd
MOD - [2014/05/14 08:21:52 | 000,018,432 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\win32event.pyd
MOD - [2014/05/14 08:21:52 | 000,010,240 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\select.pyd
MOD - [2014/05/14 08:21:51 | 000,525,640 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\windows._lib_cacheinvalidation.pyd
MOD - [2014/05/14 08:21:51 | 000,119,808 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\win32file.pyd
MOD - [2014/05/14 08:21:51 | 000,108,544 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\win32security.pyd
MOD - [2014/05/14 08:21:51 | 000,017,408 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\win32profile.pyd
MOD - [2014/05/14 08:21:50 | 001,175,040 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\wx._core_.pyd
MOD - [2014/05/14 08:21:50 | 000,557,056 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\pysqlite2._sqlite.pyd
MOD - [2014/05/14 08:21:50 | 000,364,544 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\pythoncom27.dll
MOD - [2014/05/14 08:21:50 | 000,320,512 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\win32com.shell.shell.pyd
MOD - [2014/05/14 08:21:50 | 000,167,936 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\win32gui.pyd
MOD - [2014/05/14 08:21:50 | 000,128,512 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\_elementtree.pyd
MOD - [2014/05/14 08:21:50 | 000,098,816 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\win32api.pyd
MOD - [2014/05/14 08:21:50 | 000,087,552 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\_ctypes.pyd
MOD - [2014/05/14 08:21:50 | 000,045,568 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\_socket.pyd
MOD - [2014/05/14 08:21:50 | 000,022,528 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\win32ts.pyd
MOD - [2014/05/14 08:21:49 | 000,735,232 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\wx._misc_.pyd
MOD - [2014/05/14 08:21:49 | 000,122,368 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\wx._wizard.pyd
MOD - [2014/05/14 08:21:49 | 000,078,336 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\wx._animate.pyd
MOD - [2014/05/14 08:21:49 | 000,011,264 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI40282\win32crypt.pyd
MOD - [2014/02/13 03:32:16 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 03:32:10 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 03:31:52 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 03:31:43 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2012/10/18 03:27:06 | 004,386,816 | ---- | M] () -- C:\Program Files\OtShot\otshot.exe
MOD - [2011/06/10 08:36:34 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [1999/03/30 20:33:38 | 000,417,792 | ---- | M] () -- C:\Windows\System32\fxdb.dll


========== Services (SafeList) ==========

SRV - [2014/05/13 09:54:24 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/25 18:29:38 | 000,145,568 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV - [2014/03/17 19:37:32 | 000,175,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2014/03/17 19:28:58 | 000,169,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2014/03/05 21:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/01/21 04:06:18 | 000,644,088 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe -- (mfecore)
SRV - [2013/12/18 08:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/06 07:29:38 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/08/02 17:50:58 | 000,471,592 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV - [2013/05/26 18:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/13 17:40:52 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/02/25 05:58:30 | 001,239,584 | ---- | M] (Fitbit, Inc.) [Auto | Running] -- C:\Program Files\Fitbit Connect\FitbitConnectService.exe -- (Fitbit Connect)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012/04/16 21:36:12 | 002,594,584 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/04/16 21:36:10 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/19 03:00:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 15:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 15:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 15:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - [2014/03/17 19:45:20 | 000,061,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2014/03/17 19:38:00 | 000,214,856 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2014/03/17 19:31:40 | 000,573,968 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2014/03/17 19:29:28 | 000,367,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2014/03/17 19:28:32 | 000,066,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2014/03/17 19:27:36 | 000,236,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2014/03/17 19:26:14 | 000,134,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2014/01/21 03:49:16 | 000,081,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfencrk.sys -- (mfencrk)
DRV - [2014/01/21 03:48:54 | 000,330,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfencbdc.sys -- (mfencbdc)
DRV - [2013/02/27 07:57:50 | 000,289,792 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2012/02/07 12:13:54 | 000,296,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2012/02/07 12:13:50 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2012/02/07 12:13:48 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2012/02/07 12:13:48 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2011/09/21 19:08:36 | 000,041,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2011/03/10 13:28:24 | 001,281,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/11/20 11:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:29:03 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc)
DRV - [2010/11/20 11:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 11:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 11:29:03 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)
DRV - [2010/11/20 11:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...2-D4BED9BAE7E1}
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0421BCF7-3FB6-438E-8930-9F6E3D4F3445}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...2-D4BED9BAE7E1}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...CID=msnHomepage
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGHP_enUS471
IE - HKCU\..\SearchScopes\{81BFE553-2ED2-4542-9656-08B41A37C410}: "URL" = http://search.condui...1442136248&UM=2
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...006.10045&st=23
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox

[2013/07/06 09:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OfficeA\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Dislike on Facebook = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpdjlpboamepnnngafgepjcflmmcecc\0.0.0.2_0\
CHR - Extension: Google Wallet = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 11:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [Fitbit Connect] C:\Program Files\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OtShot] C:\Program Files\OtShot\otshot.exe ()
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Fitbit Connect] C:\Program Files\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: secureexchange.net ([reports] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab (QuickTime Plugin Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D3C0D63-B339-48E1-AFB7-3DFD8AF5349E}: NameServer = 192.168.0.1
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 11:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{169c0470-7ed5-11e3-b8da-d4bed9bae7e1}\Shell - "" = AutoRun
O33 - MountPoints2\{169c0470-7ed5-11e3-b8da-d4bed9bae7e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{6df97d4c-64d5-11e1-9f1e-d4bed9bae7e1}\Shell - "" = AutoRun
O33 - MountPoints2\{6df97d4c-64d5-11e1-9f1e-d4bed9bae7e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{a01786bd-7a3e-11e3-b4b1-d4bed9bae7e1}\Shell - "" = AutoRun
O33 - MountPoints2\{a01786bd-7a3e-11e3-b4b1-d4bed9bae7e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{cff9c2d0-ed7f-11e1-ba97-d4bed9bae7e1}\Shell - "" = AutoRun
O33 - MountPoints2\{cff9c2d0-ed7f-11e1-ba97-d4bed9bae7e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{f340811e-5a5f-11e2-8a4a-d4bed9bae7e1}\Shell - "" = AutoRun
O33 - MountPoints2\{f340811e-5a5f-11e2-8a4a-d4bed9bae7e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{f3c81bae-8910-11e3-b30a-d4bed9bae7e1}\Shell - "" = AutoRun
O33 - MountPoints2\{f3c81bae-8910-11e3-b30a-d4bed9bae7e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/15 10:00:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\OfficeA\Desktop\OTL.exe
[2014/05/15 09:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/05/14 03:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/05/06 03:00:33 | 000,000,000 | --SD | C] -- C:\Windows\System32\CompatTel
[2014/05/02 11:34:38 | 000,000,000 | ---D | C] -- C:\Users\OfficeA\AppData\Local\Windows Live
[2014/05/02 11:34:03 | 000,000,000 | ---D | C] -- C:\Users\OfficeA\AppData\Local\{046644DB-E5A4-440C-9E03-ED5D2A80E556}
[2014/05/02 11:34:02 | 000,000,000 | ---D | C] -- C:\Users\OfficeA\AppData\Local\{595AA9F7-0D40-424E-96FC-D549264F7632}
[2014/04/25 11:14:29 | 000,000,000 | -HSD | C] -- C:\Users\OfficeA\AppData\Local\EmieUserList
[2014/04/25 11:14:29 | 000,000,000 | -HSD | C] -- C:\Users\OfficeA\AppData\Local\EmieSiteList
[2014/04/23 10:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/15 10:16:04 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/15 10:00:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OfficeA\Desktop\OTL.exe
[2014/05/15 09:54:14 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/15 00:18:42 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/14 18:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/14 03:32:42 | 000,021,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/14 03:32:42 | 000,021,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/14 03:29:42 | 000,689,028 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/14 03:29:42 | 000,130,802 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/14 03:24:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/14 03:24:34 | 1535,946,752 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/07 10:17:41 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2014/05/07 10:17:41 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2014/05/07 10:17:41 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2014/05/02 11:33:19 | 000,002,523 | ---- | M] () -- C:\Users\OfficeA\Desktop\2014 Ministers' Service Log - Shortcut.lnk
[2014/05/02 11:33:19 | 000,001,906 | ---- | M] () -- C:\Users\OfficeA\Desktop\HHHB Membership.lnk
[2014/05/02 11:33:19 | 000,001,572 | ---- | M] () -- C:\Users\OfficeA\Desktop\Reservations.lnk
[2014/05/02 11:33:18 | 000,002,556 | ---- | M] () -- C:\Users\OfficeA\Desktop\Acknowlegements Log.lnk
[2014/04/21 10:53:40 | 000,312,566 | ---- | M] () -- C:\Users\OfficeA\Desktop\Account_Update_3.9.12.pdf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/21 10:53:32 | 000,312,566 | ---- | C] () -- C:\Users\OfficeA\Desktop\Account_Update_3.9.12.pdf
[2013/07/06 09:00:58 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/06/24 16:41:30 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2013/05/19 05:23:08 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
[2013/05/19 05:23:01 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2013/05/19 05:22:56 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2013/05/19 05:22:52 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2013/05/19 05:22:51 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== ZeroAccess Check ==========

[2009/07/13 18:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 16:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 11:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 15:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/01/15 07:59:04 | 000,000,000 | ---D | M] -- C:\Users\OfficeA\AppData\Roaming\Oracle
[2012/02/14 14:15:15 | 000,000,000 | ---D | M] -- C:\Users\OfficeA\AppData\Roaming\Xerox

========== Purity Check ==========



< End of report >
  • 0

#3
Jeris

Jeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts

Hi Joe,

 

Thank you for your quick response! Here are the log files as requested:

 

1 - AdwCleaner [SO].txt

 

# AdwCleaner v3.208 - Report created 15/05/2014 at 16:09:07
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : OfficeA - OFFICEA
# Running from : C:\Users\OfficeA\Desktop\adwcleaner_3.208.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\otshot
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Users\OfficeA\AppData\Local\Conduit
Folder Deleted : C:\Users\OfficeA\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\OfficeA\AppData\LocalLow\PriceGong
File Deleted : C:\END
File Deleted : C:\ProgramData\uninstaller.exe
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282812
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3286042
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Updater By Sweetpacks
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v34.0.1847.137
 
[ File : C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [4160 octets] - [15/05/2014 16:06:42]
AdwCleaner[S0].txt - [4073 octets] - [15/05/2014 16:09:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4133 octets] ##########
 
2 - JRT.txt
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by OfficeA on Thu 05/15/2014 at 16:18:34.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\otshot
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2571356980-4171792588-162172980-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{81BFE553-2ED2-4542-9656-08B41A37C410}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\OfficeA\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Users\OfficeA\Local Settings\Application Data\tempdir"
Successfully deleted: [Empty Folder] C:\Users\OfficeA\appdata\local\{046644DB-E5A4-440C-9E03-ED5D2A80E556}
Successfully deleted: [Empty Folder] C:\Users\OfficeA\appdata\local\{595AA9F7-0D40-424E-96FC-D549264F7632}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/15/2014 at 16:23:15.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Next

We need to do a fix to delete some files using OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...2-D4BED9BAE7E1}
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...2-D4BED9BAE7E1}
    IE - HKCU\..\SearchScopes\{81BFE553-2ED2-4542-9656-08B41A37C410}: "URL" = http://search.condui...1442136248&UM=2
    IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...006.10045&st=23
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox
    O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
    O4 - HKLM..\Run: [OtShot] C:\Program Files\OtShot\otshot.exe ()
    O13 - gopher Prefix: missing
    O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    
    :Files
    
    ipconfig /flushdns /c
    C:\Program Files\OtShot\otshot.exe
    
    :Commands
    
    [emptytemp]
    [resethosts]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
In your next reply post
1- OTL Fix log located here->C:\_OTL\Moved Files
2- New OTL Log after quick scan.

Thanks
Joe :)
  • 0

#5
Jeris

Jeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts

1- OTL Fix Log

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{81BFE553-2ED2-4542-9656-08B41A37C410}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81BFE553-2ED2-4542-9656-08B41A37C410}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}\ not found.
File C:\Program Files\Updater By SweetPacks\Firefox not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ not found.
File  not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\OtShot not found.
File C:\Program Files\OtShot\otshot.exe not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmpx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23}\ deleted successfully.
File {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22C7F6C6-8D67-4534-92B5-529A0EC09405}\ not found.
File c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension not found.
C:\Windows\System32\SET8FC2.tmp deleted successfully.
C:\Windows\invcol.tmp deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\OfficeA\Desktop\cmd.bat deleted successfully.
C:\Users\OfficeA\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files\OtShot\otshot.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: OfficeA
->Temp folder emptied: 694646792 bytes
->Temporary Internet Files folder emptied: 718790208 bytes
->Java cache emptied: 379762 bytes
->Google Chrome cache emptied: 430934921 bytes
->Flash cache emptied: 915 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1465171643 bytes
RecycleBin emptied: 2894616 bytes
 
Total Files Cleaned = 3,159.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 05152014_164154
 
Files\Folders moved on Reboot...
C:\Users\OfficeA\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
2- New OTL Log
 

OTL logfile created on: 5/15/2014 4:54:20 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\OfficeA\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.91 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 30.38% Memory free
3.81 Gb Paging File | 2.29 Gb Available in Paging File | 59.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.69 Gb Total Space | 174.26 Gb Free Space | 80.05% Space Free | Partition Type: NTFS
 
Computer Name: OFFICEA | User Name: OfficeA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/15 10:00:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OfficeA\Desktop\OTL.exe
PRC - [2014/05/07 13:29:35 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/05/05 18:10:35 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014/04/25 18:29:38 | 000,145,568 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\McAPExe.exe
PRC - [2014/04/25 10:03:52 | 022,415,552 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2014/03/17 19:37:32 | 000,175,480 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2014/03/17 19:28:58 | 000,169,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2014/01/21 04:06:18 | 000,644,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
PRC - [2013/12/18 08:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/11 11:55:58 | 000,499,384 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
PRC - [2013/09/06 07:30:16 | 000,273,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
PRC - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
PRC - [2013/02/25 05:58:30 | 003,093,024 | ---- | M] (Fitbit, Inc.) -- C:\Program Files\Fitbit Connect\Fitbit Connect.exe
PRC - [2013/02/25 05:58:30 | 001,239,584 | ---- | M] (Fitbit, Inc.) -- C:\Program Files\Fitbit Connect\FitbitConnectService.exe
PRC - [2012/11/22 16:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012/04/16 21:36:12 | 002,594,584 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/04/16 21:36:10 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/07 12:13:43 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/03/08 11:52:08 | 000,227,328 | ---- | M] (Dell Computer Corporation) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe
PRC - [2010/10/01 12:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/07/13 15:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [1999/03/29 18:37:40 | 000,225,280 | ---- | M] (Corel Corporation Limited) -- C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
PRC - [1999/03/29 09:05:18 | 000,225,280 | ---- | M] (Corel Corporation Limited) -- C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
PRC - [1998/07/22 20:06:26 | 000,067,584 | ---- | M] (IntelliQuest Communications, Inc.) -- C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/15 16:51:17 | 000,027,136 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\_multiprocessing.pyd
MOD - [2014/05/15 16:51:16 | 001,159,680 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\_ssl.pyd
MOD - [2014/05/15 16:51:16 | 000,811,008 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\wx._windows_.pyd
MOD - [2014/05/15 16:51:16 | 000,805,888 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\wx._gdi_.pyd
MOD - [2014/05/15 16:51:16 | 000,713,216 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\_hashlib.pyd
MOD - [2014/05/15 16:51:16 | 000,110,080 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\PyWinTypes27.dll
MOD - [2014/05/15 16:51:16 | 000,070,656 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\wx._html2.pyd
MOD - [2014/05/15 16:51:16 | 000,035,840 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\win32process.pyd
MOD - [2014/05/15 16:51:16 | 000,025,600 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\win32pdh.pyd
MOD - [2014/05/15 16:51:16 | 000,024,064 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\win32pipe.pyd
MOD - [2014/05/15 16:51:15 | 001,062,400 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\wx._controls_.pyd
MOD - [2014/05/15 16:51:15 | 000,686,080 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\unicodedata.pyd
MOD - [2014/05/15 16:51:15 | 000,525,640 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\windows._lib_cacheinvalidation.pyd
MOD - [2014/05/15 16:51:15 | 000,127,488 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\pyexpat.pyd
MOD - [2014/05/15 16:51:15 | 000,119,808 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\win32file.pyd
MOD - [2014/05/15 16:51:15 | 000,108,544 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\win32security.pyd
MOD - [2014/05/15 16:51:15 | 000,038,912 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\win32inet.pyd
MOD - [2014/05/15 16:51:15 | 000,018,432 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\win32event.pyd
MOD - [2014/05/15 16:51:15 | 000,017,408 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\win32profile.pyd
MOD - [2014/05/15 16:51:15 | 000,010,240 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\select.pyd
MOD - [2014/05/15 16:51:14 | 000,557,056 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\pysqlite2._sqlite.pyd
MOD - [2014/05/15 16:51:14 | 000,320,512 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\win32com.shell.shell.pyd
MOD - [2014/05/15 16:51:14 | 000,167,936 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\win32gui.pyd
MOD - [2014/05/15 16:51:14 | 000,128,512 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\_elementtree.pyd
MOD - [2014/05/15 16:51:14 | 000,098,816 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\win32api.pyd
MOD - [2014/05/15 16:51:14 | 000,087,552 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\_ctypes.pyd
MOD - [2014/05/15 16:51:14 | 000,045,568 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\_socket.pyd
MOD - [2014/05/15 16:51:14 | 000,022,528 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\win32ts.pyd
MOD - [2014/05/15 16:51:13 | 001,175,040 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\wx._core_.pyd
MOD - [2014/05/15 16:51:13 | 000,735,232 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\wx._misc_.pyd
MOD - [2014/05/15 16:51:13 | 000,364,544 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\pythoncom27.dll
MOD - [2014/05/15 16:51:13 | 000,122,368 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\wx._wizard.pyd
MOD - [2014/05/15 16:51:13 | 000,078,336 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\wx._animate.pyd
MOD - [2014/05/15 16:51:13 | 000,011,264 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI36562\win32crypt.pyd
MOD - [2014/05/07 13:29:33 | 000,390,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.137\ppgooglenaclpluginchrome.dll
MOD - [2014/05/07 13:29:32 | 013,695,816 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll
MOD - [2014/05/07 13:29:31 | 004,081,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.137\pdf.dll
MOD - [2014/05/07 13:29:27 | 000,674,632 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
MOD - [2014/05/07 13:29:27 | 000,093,000 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.137\libegl.dll
MOD - [2014/05/07 13:29:26 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
MOD - [2014/05/07 13:29:24 | 000,065,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
MOD - [2014/02/13 03:32:16 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 03:32:10 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 03:31:52 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 03:31:43 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2011/06/10 08:36:34 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [1999/03/30 20:33:38 | 000,417,792 | ---- | M] () -- C:\Windows\System32\fxdb.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/05/13 09:54:24 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/25 18:29:38 | 000,145,568 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV - [2014/03/17 19:37:32 | 000,175,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2014/03/17 19:28:58 | 000,169,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2014/03/05 21:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/01/21 04:06:18 | 000,644,088 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe -- (mfecore)
SRV - [2013/12/18 08:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/06 07:29:38 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/08/02 17:50:58 | 000,471,592 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV - [2013/05/26 18:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/13 17:40:52 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/02/25 05:58:30 | 001,239,584 | ---- | M] (Fitbit, Inc.) [Auto | Running] -- C:\Program Files\Fitbit Connect\FitbitConnectService.exe -- (Fitbit Connect)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012/04/16 21:36:12 | 002,594,584 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/04/16 21:36:10 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/19 03:00:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 15:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 15:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 15:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2014/03/17 19:45:20 | 000,061,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2014/03/17 19:38:00 | 000,214,856 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2014/03/17 19:31:40 | 000,573,968 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2014/03/17 19:29:28 | 000,367,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2014/03/17 19:28:32 | 000,066,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2014/03/17 19:27:36 | 000,236,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2014/03/17 19:26:14 | 000,134,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2014/01/21 03:49:16 | 000,081,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfencrk.sys -- (mfencrk)
DRV - [2014/01/21 03:48:54 | 000,330,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfencbdc.sys -- (mfencbdc)
DRV - [2013/02/27 07:57:50 | 000,289,792 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2012/02/07 12:13:54 | 000,296,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2012/02/07 12:13:50 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2012/02/07 12:13:48 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2012/02/07 12:13:48 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2011/09/21 19:08:36 | 000,041,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2011/03/10 13:28:24 | 001,281,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/11/20 11:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:29:03 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc)
DRV - [2010/11/20 11:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 11:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 11:29:03 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)
DRV - [2010/11/20 11:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 13:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0421BCF7-3FB6-438E-8930-9F6E3D4F3445}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...CID=msnHomepage
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGHP_enUS471
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2013/07/06 09:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OfficeA\AppData\Roaming\Mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Dislike on Facebook = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpdjlpboamepnnngafgepjcflmmcecc\0.0.0.2_0\
CHR - Extension: Google Wallet = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/05/15 16:48:44 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [Fitbit Connect] C:\Program Files\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Fitbit Connect] C:\Program Files\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: secureexchange.net ([reports] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab (QuickTime Plugin Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D3C0D63-B339-48E1-AFB7-3DFD8AF5349E}: NameServer = 192.168.0.1
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 11:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{169c0470-7ed5-11e3-b8da-d4bed9bae7e1}\Shell - "" = AutoRun
O33 - MountPoints2\{169c0470-7ed5-11e3-b8da-d4bed9bae7e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{6df97d4c-64d5-11e1-9f1e-d4bed9bae7e1}\Shell - "" = AutoRun
O33 - MountPoints2\{6df97d4c-64d5-11e1-9f1e-d4bed9bae7e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{a01786bd-7a3e-11e3-b4b1-d4bed9bae7e1}\Shell - "" = AutoRun
O33 - MountPoints2\{a01786bd-7a3e-11e3-b4b1-d4bed9bae7e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{cff9c2d0-ed7f-11e1-ba97-d4bed9bae7e1}\Shell - "" = AutoRun
O33 - MountPoints2\{cff9c2d0-ed7f-11e1-ba97-d4bed9bae7e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{f340811e-5a5f-11e2-8a4a-d4bed9bae7e1}\Shell - "" = AutoRun
O33 - MountPoints2\{f340811e-5a5f-11e2-8a4a-d4bed9bae7e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{f3c81bae-8910-11e3-b30a-d4bed9bae7e1}\Shell - "" = AutoRun
O33 - MountPoints2\{f3c81bae-8910-11e3-b30a-d4bed9bae7e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/15 16:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/05/15 16:41:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/15 16:18:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/15 16:07:04 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/05/15 16:06:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/15 16:04:52 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\OfficeA\Desktop\JRT.exe
[2014/05/15 10:00:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\OfficeA\Desktop\OTL.exe
[2014/05/14 03:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/05/06 03:00:33 | 000,000,000 | --SD | C] -- C:\Windows\System32\CompatTel
[2014/05/02 11:34:38 | 000,000,000 | ---D | C] -- C:\Users\OfficeA\AppData\Local\Windows Live
[2014/04/25 11:14:29 | 000,000,000 | -HSD | C] -- C:\Users\OfficeA\AppData\Local\EmieUserList
[2014/04/25 11:14:29 | 000,000,000 | -HSD | C] -- C:\Users\OfficeA\AppData\Local\EmieSiteList
[2014/04/23 10:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/15 16:57:35 | 000,021,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/15 16:57:35 | 000,021,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/15 16:56:25 | 000,689,028 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/15 16:56:25 | 000,130,802 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/15 16:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/15 16:50:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/15 16:49:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/15 16:49:47 | 1535,946,752 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/15 16:48:44 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/05/15 16:15:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/15 16:04:59 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\OfficeA\Desktop\JRT.exe
[2014/05/15 16:00:16 | 001,325,827 | ---- | M] () -- C:\Users\OfficeA\Desktop\adwcleaner_3.208.exe
[2014/05/15 10:00:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OfficeA\Desktop\OTL.exe
[2014/05/15 00:18:42 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/07 10:17:41 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2014/05/07 10:17:41 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2014/05/07 10:17:41 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2014/05/02 11:33:19 | 000,002,523 | ---- | M] () -- C:\Users\OfficeA\Desktop\2014 Ministers' Service Log - Shortcut.lnk
[2014/05/02 11:33:19 | 000,001,906 | ---- | M] () -- C:\Users\OfficeA\Desktop\HHHB Membership.lnk
[2014/05/02 11:33:19 | 000,001,572 | ---- | M] () -- C:\Users\OfficeA\Desktop\Reservations.lnk
[2014/05/02 11:33:18 | 000,002,556 | ---- | M] () -- C:\Users\OfficeA\Desktop\Acknowlegements Log.lnk
[2014/04/21 10:53:40 | 000,312,566 | ---- | M] () -- C:\Users\OfficeA\Desktop\Account_Update_3.9.12.pdf
 
========== Files Created - No Company Name ==========
 
[2014/05/15 15:59:55 | 001,325,827 | ---- | C] () -- C:\Users\OfficeA\Desktop\adwcleaner_3.208.exe
[2014/04/21 10:53:32 | 000,312,566 | ---- | C] () -- C:\Users\OfficeA\Desktop\Account_Update_3.9.12.pdf
[2013/06/24 16:41:30 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2013/05/19 05:23:08 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
[2013/05/19 05:23:01 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2013/05/19 05:22:56 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2013/05/19 05:22:52 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2013/05/19 05:22:51 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
 
========== ZeroAccess Check ==========
 
[2009/07/13 18:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 16:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 11:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 15:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/01/15 07:59:04 | 000,000,000 | ---D | M] -- C:\Users\OfficeA\AppData\Roaming\Oracle
[2012/02/14 14:15:15 | 000,000,000 | ---D | M] -- C:\Users\OfficeA\AppData\Roaming\Xerox
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hello,

Need to log off, I'll review the log.

How is everything running now ?

Thanks
Joe :)
  • 0

#7
Jeris

Jeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Thanks for everything.  Yes everything seems to run a lot faster now.  I'll leave work and check back with you tomorrow.  Have a great evening.
 

  • 0

#8
Jeris

Jeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts

Hi Joe,

 

Yes, the computer seems to run a lot faster now.  If there is anything else you think I should do please let me know.  

 

Jeris  :D


  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hello,

The last thing to do is run an ESET on Line scan. This will double check for any Malware.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Please post the ESET Log, I will review it and then we will clean up the tools we used as a final step.

Thanks
Joe :)
  • 0

#10
Jeris

Jeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts

Hi Joe,

ESET Scanner found two threats but unfortunately the log file didn't save.  I checked it before and after I hit "finished."  The only thing that saved to the log file is:

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

 

My chrome browser is super slow now and constantly downloads a file entitled, "Update.exe." My antivirus program says that it is a Trojan and blocks it continuously but as soon as one is quarantined another browser download starts and my antivirus program detects it again.  over and over and over again.

 

Please help!

 

Jeris


  • 0

#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hello Jeris,
That appears to be something new update.exe

Post a fresh OTL Log and we will try and find it.

Joe
  • 0

#12
Jeris

Jeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts

Hi Joe,

Scanning my computer now.  Should I keep the default file age settings?

 

In any case, here's the log file:

 

OTL logfile created on: 5/21/2014 10:29:53 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\OfficeA\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.91 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 48.79% Memory free
3.81 Gb Paging File | 2.53 Gb Available in Paging File | 66.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.69 Gb Total Space | 173.70 Gb Free Space | 79.79% Space Free | Partition Type: NTFS
 
Computer Name: OFFICEA | User Name: OfficeA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/20 09:05:41 | 001,176,632 | ---- | M] (Spotify Ltd) -- C:\Users\OfficeA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/05/15 10:00:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OfficeA\Desktop\OTL.exe
PRC - [2014/05/13 09:54:22 | 000,847,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
PRC - [2014/05/05 18:10:35 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014/04/25 18:29:38 | 000,145,568 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\McAPExe.exe
PRC - [2014/04/25 10:03:52 | 022,415,552 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2014/03/17 19:37:32 | 000,175,480 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2014/03/17 19:28:58 | 000,169,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2014/01/21 04:06:18 | 000,644,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
PRC - [2013/12/18 08:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/11 11:55:58 | 000,499,384 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
PRC - [2013/09/06 07:30:16 | 000,273,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
PRC - [2013/08/01 14:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
PRC - [2013/02/25 05:58:30 | 003,093,024 | ---- | M] (Fitbit, Inc.) -- C:\Program Files\Fitbit Connect\Fitbit Connect.exe
PRC - [2013/02/25 05:58:30 | 001,239,584 | ---- | M] (Fitbit, Inc.) -- C:\Program Files\Fitbit Connect\FitbitConnectService.exe
PRC - [2012/11/22 16:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012/04/16 21:36:12 | 002,594,584 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/04/16 21:36:10 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/07 12:13:43 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/09/28 15:06:00 | 000,717,824 | ---- | M] (Xerox Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\x2jobtHH.exe
PRC - [2011/03/08 11:52:08 | 000,227,328 | ---- | M] (Dell Computer Corporation) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe
PRC - [2010/10/01 12:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/07/13 15:14:28 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
PRC - [1999/03/29 18:37:40 | 000,225,280 | ---- | M] (Corel Corporation Limited) -- C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
PRC - [1998/07/22 20:06:26 | 000,067,584 | ---- | M] (IntelliQuest Communications, Inc.) -- C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/20 14:01:59 | 001,175,040 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\wx._core_.pyd
MOD - [2014/05/20 14:01:59 | 001,159,680 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\_ssl.pyd
MOD - [2014/05/20 14:01:59 | 001,062,400 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\wx._controls_.pyd
MOD - [2014/05/20 14:01:59 | 000,811,008 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\wx._windows_.pyd
MOD - [2014/05/20 14:01:59 | 000,805,888 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\wx._gdi_.pyd
MOD - [2014/05/20 14:01:59 | 000,735,232 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\wx._misc_.pyd
MOD - [2014/05/20 14:01:59 | 000,713,216 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\_hashlib.pyd
MOD - [2014/05/20 14:01:59 | 000,686,080 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\unicodedata.pyd
MOD - [2014/05/20 14:01:59 | 000,557,056 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\pysqlite2._sqlite.pyd
MOD - [2014/05/20 14:01:59 | 000,525,640 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\windows._lib_cacheinvalidation.pyd
MOD - [2014/05/20 14:01:59 | 000,364,544 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\pythoncom27.dll
MOD - [2014/05/20 14:01:59 | 000,320,512 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\win32com.shell.shell.pyd
MOD - [2014/05/20 14:01:59 | 000,167,936 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\win32gui.pyd
MOD - [2014/05/20 14:01:59 | 000,128,512 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\_elementtree.pyd
MOD - [2014/05/20 14:01:59 | 000,127,488 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\pyexpat.pyd
MOD - [2014/05/20 14:01:59 | 000,122,368 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\wx._wizard.pyd
MOD - [2014/05/20 14:01:59 | 000,119,808 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\win32file.pyd
MOD - [2014/05/20 14:01:59 | 000,110,080 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\PyWinTypes27.dll
MOD - [2014/05/20 14:01:59 | 000,108,544 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\win32security.pyd
MOD - [2014/05/20 14:01:59 | 000,098,816 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\win32api.pyd
MOD - [2014/05/20 14:01:59 | 000,087,552 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\_ctypes.pyd
MOD - [2014/05/20 14:01:59 | 000,078,336 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\wx._animate.pyd
MOD - [2014/05/20 14:01:59 | 000,070,656 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\wx._html2.pyd
MOD - [2014/05/20 14:01:59 | 000,045,568 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\_socket.pyd
MOD - [2014/05/20 14:01:59 | 000,038,912 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\win32inet.pyd
MOD - [2014/05/20 14:01:59 | 000,035,840 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\win32process.pyd
MOD - [2014/05/20 14:01:59 | 000,027,136 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\_multiprocessing.pyd
MOD - [2014/05/20 14:01:59 | 000,025,600 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\win32pdh.pyd
MOD - [2014/05/20 14:01:59 | 000,024,064 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\win32pipe.pyd
MOD - [2014/05/20 14:01:59 | 000,022,528 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\win32ts.pyd
MOD - [2014/05/20 14:01:59 | 000,018,432 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\win32event.pyd
MOD - [2014/05/20 14:01:59 | 000,017,408 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\win32profile.pyd
MOD - [2014/05/20 14:01:59 | 000,011,264 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\win32crypt.pyd
MOD - [2014/05/20 14:01:59 | 000,010,240 | ---- | M] () -- C:\Users\OfficeA\AppData\Local\Temp\_MEI34442\select.pyd
MOD - [2014/02/13 03:32:16 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 03:32:10 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 03:31:52 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 03:31:43 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2011/06/10 08:36:34 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [1999/03/30 20:33:38 | 000,417,792 | ---- | M] () -- C:\Windows\System32\fxdb.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/05/13 09:54:24 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/25 18:29:38 | 000,145,568 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV - [2014/03/17 19:37:32 | 000,175,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2014/03/17 19:28:58 | 000,169,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2014/03/05 21:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/01/21 04:06:18 | 000,644,088 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe -- (mfecore)
SRV - [2013/12/18 08:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/06 07:29:38 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/08/02 17:50:58 | 000,471,592 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV - [2013/05/26 18:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/13 17:40:52 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/02/25 05:58:30 | 001,239,584 | ---- | M] (Fitbit, Inc.) [Auto | Running] -- C:\Program Files\Fitbit Connect\FitbitConnectService.exe -- (Fitbit Connect)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012/04/16 21:36:12 | 002,594,584 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/04/16 21:36:10 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/19 03:00:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 15:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 15:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 15:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2014/03/17 19:45:20 | 000,061,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2014/03/17 19:38:00 | 000,214,856 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2014/03/17 19:31:40 | 000,573,968 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2014/03/17 19:29:28 | 000,367,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2014/03/17 19:28:32 | 000,066,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2014/03/17 19:27:36 | 000,236,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2014/03/17 19:26:14 | 000,134,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2014/01/21 03:49:16 | 000,081,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfencrk.sys -- (mfencrk)
DRV - [2014/01/21 03:48:54 | 000,330,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfencbdc.sys -- (mfencbdc)
DRV - [2013/02/27 07:57:50 | 000,289,792 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2012/02/07 12:13:54 | 000,296,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2012/02/07 12:13:50 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2012/02/07 12:13:48 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2012/02/07 12:13:48 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2011/09/21 19:08:36 | 000,041,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2011/03/10 13:28:24 | 001,281,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/11/20 11:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:29:03 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc)
DRV - [2010/11/20 11:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 11:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 11:29:03 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)
DRV - [2010/11/20 11:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 13:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0421BCF7-3FB6-438E-8930-9F6E3D4F3445}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGHP_enUS471
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2013/07/06 09:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OfficeA\AppData\Roaming\Mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Dislike on Facebook = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpdjlpboamepnnngafgepjcflmmcecc\0.0.0.2_0\
CHR - Extension: Google Wallet = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\OfficeA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/05/15 16:48:44 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [Fitbit Connect] C:\Program Files\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Fitbit Connect] C:\Program Files\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Spotify] C:\Users\OfficeA\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\OfficeA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: secureexchange.net ([reports] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D3C0D63-B339-48E1-AFB7-3DFD8AF5349E}: NameServer = 192.168.0.1
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 11:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{169c0470-7ed5-11e3-b8da-d4bed9bae7e1}\Shell - "" = AutoRun
O33 - MountPoints2\{169c0470-7ed5-11e3-b8da-d4bed9bae7e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{6df97d4c-64d5-11e1-9f1e-d4bed9bae7e1}\Shell - "" = AutoRun
O33 - MountPoints2\{6df97d4c-64d5-11e1-9f1e-d4bed9bae7e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{a01786bd-7a3e-11e3-b4b1-d4bed9bae7e1}\Shell - "" = AutoRun
O33 - MountPoints2\{a01786bd-7a3e-11e3-b4b1-d4bed9bae7e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{cff9c2d0-ed7f-11e1-ba97-d4bed9bae7e1}\Shell - "" = AutoRun
O33 - MountPoints2\{cff9c2d0-ed7f-11e1-ba97-d4bed9bae7e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{f340811e-5a5f-11e2-8a4a-d4bed9bae7e1}\Shell - "" = AutoRun
O33 - MountPoints2\{f340811e-5a5f-11e2-8a4a-d4bed9bae7e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{f3c81bae-8910-11e3-b30a-d4bed9bae7e1}\Shell - "" = AutoRun
O33 - MountPoints2\{f3c81bae-8910-11e3-b30a-d4bed9bae7e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/21 07:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/05/20 14:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/05/20 09:05:44 | 000,000,000 | ---D | C] -- C:\Users\OfficeA\AppData\Local\Spotify
[2014/05/20 09:04:55 | 000,000,000 | ---D | C] -- C:\Users\OfficeA\AppData\Roaming\Spotify
[2014/05/15 16:41:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/15 16:18:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/15 16:07:04 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/05/15 16:06:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/15 16:04:52 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\OfficeA\Desktop\JRT.exe
[2014/05/15 10:00:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\OfficeA\Desktop\OTL.exe
[2014/05/14 03:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/05/06 03:00:33 | 000,000,000 | --SD | C] -- C:\Windows\System32\CompatTel
[2014/05/02 11:34:38 | 000,000,000 | ---D | C] -- C:\Users\OfficeA\AppData\Local\Windows Live
[2014/04/25 11:14:29 | 000,000,000 | -HSD | C] -- C:\Users\OfficeA\AppData\Local\EmieUserList
[2014/04/25 11:14:29 | 000,000,000 | -HSD | C] -- C:\Users\OfficeA\AppData\Local\EmieSiteList
[2014/04/23 10:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/21 10:15:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/21 09:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/21 06:30:46 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/20 18:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/20 16:19:48 | 000,689,028 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/20 16:19:48 | 000,130,802 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/20 14:08:41 | 000,021,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/20 14:08:41 | 000,021,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/20 14:01:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/20 14:01:24 | 1535,946,752 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/20 09:05:42 | 000,001,818 | ---- | M] () -- C:\Users\OfficeA\Desktop\Spotify.lnk
[2014/05/19 15:53:00 | 000,001,572 | ---- | M] () -- C:\Users\OfficeA\Desktop\Reservations.lnk
[2014/05/19 15:52:59 | 000,002,556 | ---- | M] () -- C:\Users\OfficeA\Desktop\Acknowlegements Log.lnk
[2014/05/19 15:52:59 | 000,002,523 | ---- | M] () -- C:\Users\OfficeA\Desktop\2014 Ministers' Service Log - Shortcut.lnk
[2014/05/19 15:52:59 | 000,001,906 | ---- | M] () -- C:\Users\OfficeA\Desktop\HHHB Membership.lnk
[2014/05/16 16:24:12 | 000,045,984 | ---- | M] () -- C:\Users\OfficeA\Desktop\TS101877521.xltx
[2014/05/15 16:48:44 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/05/15 16:04:59 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\OfficeA\Desktop\JRT.exe
[2014/05/15 16:00:16 | 001,325,827 | ---- | M] () -- C:\Users\OfficeA\Desktop\adwcleaner_3.208.exe
[2014/05/15 10:00:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OfficeA\Desktop\OTL.exe
[2014/05/07 10:17:41 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2014/05/07 10:17:41 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2014/05/07 10:17:41 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2014/04/21 10:53:40 | 000,312,566 | ---- | M] () -- C:\Users\OfficeA\Desktop\Account_Update_3.9.12.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/20 09:05:43 | 000,001,804 | ---- | C] () -- C:\Users\OfficeA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2014/05/20 09:05:42 | 000,001,818 | ---- | C] () -- C:\Users\OfficeA\Desktop\Spotify.lnk
[2014/05/16 16:23:58 | 000,045,984 | ---- | C] () -- C:\Users\OfficeA\Desktop\TS101877521.xltx
[2014/05/15 15:59:55 | 001,325,827 | ---- | C] () -- C:\Users\OfficeA\Desktop\adwcleaner_3.208.exe
[2014/04/21 10:53:32 | 000,312,566 | ---- | C] () -- C:\Users\OfficeA\Desktop\Account_Update_3.9.12.pdf
[2013/06/24 16:41:30 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2013/05/19 05:23:08 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
[2013/05/19 05:23:01 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2013/05/19 05:22:56 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2013/05/19 05:22:52 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2013/05/19 05:22:51 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
 
========== ZeroAccess Check ==========
 
[2009/07/13 18:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 16:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 11:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 15:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/01/15 07:59:04 | 000,000,000 | ---D | M] -- C:\Users\OfficeA\AppData\Roaming\Oracle
[2014/05/20 14:06:38 | 000,000,000 | ---D | M] -- C:\Users\OfficeA\AppData\Roaming\Spotify
[2012/02/14 14:15:15 | 000,000,000 | ---D | M] -- C:\Users\OfficeA\AppData\Roaming\Xerox
 
========== Purity Check ==========
 
 

< End of report >


  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hello

My chrome browser is super slow now and constantly downloads a file entitled, "Update.exe." My antivirus program says that it is a Trojan and blocks it continuously


That sounds to me like Chrome is trying to update and McAfee is blocking it. Can you up-date chrome manually? See Here

Joe
  • 0

#14
Jeris

Jeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts

Hi Joe, my Chrome is up to date:

 

Version 35.0.1916.114 m
 
 
Google Chrome is up to date.

 

Jeris


  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
I don't know what Chrome is doing still sounds like something is trying to up date, I can't see the file because McAfee is blocking it. Lets reset the Chrome browser for now and see what that does.

Reset Chrome Here Please read the entire page.

Joe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP