WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

McAfee Antivirus is malfunctioning [Solved]

Started by xxxerotech , Dec 28 2013 03:27 PM

This topic is locked

19 replies to this topic

#1 xxxerotech

Authentic Member

Authentic Member
110 posts

Posted 28 December 2013 - 03:27 PM

Happy holidays!

I'm having trouble with my antivirus. I keep getting a message that my computer is at risk 'cos the real time scanning is off. I turned it on but after a few seconds it goes back off. I've tried it several times already. I restarted my laptop. The result is still the same.

Anyway here are my logs:

1. HIJACK THIS

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 05:12:00, on 29/12/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Smart Bro\UIExec.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Games\Chess\Chess.exe
C:\Users\user\Desktop\HiJackThis(1).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo....?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=Userinit.exe,
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UIExec] "C:\Program Files\SMART BRO\UIExec.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0200941388259952) (0200941388259952mcinstcleanup) - Unknown owner - C:\Windows\TEMP\020094~1.EXE (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Unknown owner - D:\Sync\FreeAgentService.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\D-drive-96751\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\D-drive-96751\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - Unknown owner - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\Smart Bro\AssistantServices.exe

--
End of file - 9127 bytes

Advertisements

Register to Remove

#2 xxxerotech

Authentic Member

Authentic Member
110 posts

Posted 28 December 2013 - 03:28 PM

2A. OTL

OTL logfile created on: 29/12/2013 04:23:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.40% Memory free
4.22 Gb Paging File | 3.11 Gb Available in Paging File | 73.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 36.24 Gb Free Space | 24.31% Space Free | Partition Type: NTFS
Drive D: | 18.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\D-drive-96751\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Smart Bro\UIExec.exe ()
PRC - C:\Program Files\Smart Bro\AssistantServices.exe ()
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Smart Bro\UIExec.exe ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()

========== Services (SafeList) ==========

SRV - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV - (FreeAgentGoNext Service) -- D:\Sync\FreeAgentService.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (mfecore) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (0200941388259952mcinstcleanup) -- C:\Windows\temp\0200941388259952mcinst.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\D-drive-96751\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\D-drive-96751\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (UI Assistant Service) -- C:\Program Files\Smart Bro\AssistantServices.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mfehidk01) -- File not found
DRV - (mfeavfk02) -- File not found
DRV - (mfeavfk01) -- File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (hwusbfake) -- system32\DRIVERS\ewusbfake.sys File not found
DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program Files\CyberLink\PowerDVD8\000.fcl File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mfencrk) -- C:\Windows\System32\drivers\mfencrk.sys (McAfee, Inc.)
DRV - (mfencbdc) -- C:\Windows\System32\drivers\mfencbdc.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (HipShieldK) -- C:\Windows\System32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (ampa) -- C:\Windows\System32\ampa.sys ()
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\ZTEusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (MBB Incorporated)
DRV - (tapvpn) -- C:\Windows\System32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{22663A6E-F025-42F6-B440-5476F25B04FA}: "URL" = http://ph.search.yah...p={SearchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6FBF660E-A78D-4dc8-B9DA-302A931FFE66}: "URL" = http://websearch.qby...6E-748909B999F0
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "NationSearch"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\user\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@leeuu.com/npgboxruner;version=: C:\Users\user\AppData\Roaming\gbox\npgboxruner.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/09/23 06:55:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/12/19 11:40:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/12/25 03:04:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/12/29 03:54:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/01 08:27:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/08/10 23:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2009/08/08 13:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/08/10 23:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2013/12/19 12:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\8m0iqaze.default\extensions
[2013/06/22 17:34:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/23 19:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/21 17:31:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/19 11:40:29 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/10/30 21:00:25 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\user\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\itunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.2_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/07/27 07:25:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\SMART BRO\UIExec.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD203771-8F27-4D80-9B1F-EAC8D3B4924C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img9.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img9.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/05/13 10:48:31 | 000,000,647 | R--- | M] () - D:\AutoRun.dat -- [ CDFS ]
O32 - AutoRun File - [2011/04/21 10:20:50 | 000,334,672 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/03/16 14:23:12 | 000,009,662 | R--- | M] () - D:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/04/21 10:08:05 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.LAGS - C:\Windows\System32\Lagarith.dll ( )
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/12/29 04:19:57 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Are you Infected Need Help - Virus, Spyware & Malware Removal - What the Tech_files
[2013/12/29 04:16:01 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\user\Desktop\HiJackThis(1).exe
[2013/12/29 04:15:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/12/29 04:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/12/29 04:00:18 | 000,147,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\HipShieldK.sys
[2013/12/25 20:04:27 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\TREEHOUSE
[2013/12/19 03:40:04 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\FormatFactory
[2013/12/19 03:33:16 | 000,000,000 | ---D | C] -- C:\FFOutput
[2013/12/19 03:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/12/19 03:32:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2013/12/19 03:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime
[2013/12/14 14:15:32 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/12/08 21:57:11 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\matrix

========== Files - Modified Within 30 Days ==========

[2013/12/29 04:35:05 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ADB7C4EF-9010-443B-B014-92A8A5210DCF}.job
[2013/12/29 04:20:01 | 000,124,836 | ---- | M] () -- C:\Users\user\Desktop\Are you Infected Need Help - Virus, Spyware & Malware Removal - What the Tech.htm
[2013/12/29 04:16:59 | 000,625,664 | ---- | M] () -- C:\Users\user\Desktop\dds.scr
[2013/12/29 04:16:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\user\Desktop\HiJackThis(1).exe
[2013/12/29 04:15:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/12/29 04:08:56 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/29 04:08:56 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/29 04:00:43 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/29 04:00:23 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-722566208-2681290114-2279458060-1000UA.job
[2013/12/28 07:00:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-722566208-2681290114-2279458060-1000Core.job
[2013/12/27 15:52:48 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/12/26 14:52:48 | 000,067,790 | ---- | M] () -- C:\Users\user\Desktop\GettyTimFlachDataEntry.jpg
[2013/12/19 03:32:21 | 000,000,951 | ---- | M] () -- C:\Users\user\Desktop\Format Factory.lnk
[2013/12/14 14:36:50 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/12/14 13:15:20 | 000,064,858 | ---- | M] () -- C:\Users\user\Desktop\matrix 1213.jpg
[2013/12/11 13:07:51 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/12/11 13:07:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/12/10 16:46:18 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/10 16:46:18 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/10 16:44:52 | 000,504,730 | ---- | M] () -- C:\Users\user\Desktop\IMG_20131210_154305.jpg
[2013/12/09 00:33:40 | 000,059,016 | ---- | M] () -- C:\Users\user\Desktop\Untitled.jpg
[2013/12/08 21:56:54 | 000,107,362 | ---- | M] () -- C:\Users\user\Desktop\gawad kalinga.jpg
[2013/12/05 22:13:20 | 000,108,032 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/05 17:52:53 | 000,085,576 | ---- | M] () -- C:\Users\user\Desktop\1452057_10152028547913279_438574794_n.jpg
[2013/12/03 20:02:10 | 000,003,447 | ---- | M] () -- C:\Users\user\Desktop\mask.jpg
[2013/11/30 14:52:54 | 000,064,029 | ---- | M] () -- C:\Users\user\Desktop\1469837_764728136874599_801322371_n.jpg
[2013/11/30 07:07:57 | 000,044,176 | ---- | M] () -- C:\Users\user\Desktop\1453460_10152015880423279_1014698588_n.jpg

========== Files Created - No Company Name ==========

[2013/12/29 04:19:56 | 000,124,836 | ---- | C] () -- C:\Users\user\Desktop\Are you Infected Need Help - Virus, Spyware & Malware Removal - What the Tech.htm
[2013/12/29 04:16:49 | 000,625,664 | ---- | C] () -- C:\Users\user\Desktop\dds.scr
[2013/12/29 03:59:22 | 000,002,641 | ---- | C] () -- C:\Windows\System32\drivers\mfencrk.inf
[2013/12/29 03:59:19 | 000,002,951 | ---- | C] () -- C:\Windows\System32\drivers\mfencbdc.inf
[2013/12/26 14:52:48 | 000,067,790 | ---- | C] () -- C:\Users\user\Desktop\GettyTimFlachDataEntry.jpg
[2013/12/19 03:32:21 | 000,000,951 | ---- | C] () -- C:\Users\user\Desktop\Format Factory.lnk
[2013/12/14 13:15:06 | 000,064,858 | ---- | C] () -- C:\Users\user\Desktop\matrix 1213.jpg
[2013/12/10 16:43:46 | 000,504,730 | ---- | C] () -- C:\Users\user\Desktop\IMG_20131210_154305.jpg
[2013/12/09 00:33:40 | 000,059,016 | ---- | C] () -- C:\Users\user\Desktop\Untitled.jpg
[2013/12/08 21:56:54 | 000,107,362 | ---- | C] () -- C:\Users\user\Desktop\gawad kalinga.jpg
[2013/12/05 17:52:52 | 000,085,576 | ---- | C] () -- C:\Users\user\Desktop\1452057_10152028547913279_438574794_n.jpg
[2013/12/03 20:02:09 | 000,003,447 | ---- | C] () -- C:\Users\user\Desktop\mask.jpg
[2013/11/30 14:52:52 | 000,064,029 | ---- | C] () -- C:\Users\user\Desktop\1469837_764728136874599_801322371_n.jpg
[2013/11/30 07:07:56 | 000,044,176 | ---- | C] () -- C:\Users\user\Desktop\1453460_10152015880423279_1014698588_n.jpg
[2013/07/26 15:11:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/26 15:11:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/26 15:11:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/26 15:11:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/26 15:11:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/23 04:03:47 | 001,229,097 | ---- | C] () -- C:\Windows\unins000.exe
[2013/07/23 04:03:47 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2013/07/23 04:03:46 | 000,075,290 | ---- | C] () -- C:\Windows\unins000.dat
[2013/05/12 17:58:21 | 000,000,286 | ---- | C] () -- C:\Windows\ampa.ini
[2013/05/12 14:57:49 | 000,012,728 | ---- | C] () -- C:\Windows\System32\ampa.sys
[2013/05/12 14:57:48 | 001,428,408 | ---- | C] () -- C:\Windows\ampa.exe
[2013/01/27 06:45:21 | 000,000,000 | ---- | C] () -- C:\Windows\popcinfo.dat
[2012/08/12 03:07:57 | 000,061,525 | ---- | C] () -- C:\Users\user\AppData\Roaming\Express.dmp
[2012/08/04 19:13:21 | 000,045,194 | ---- | C] () -- C:\Users\user\AppData\Roaming\room_v3.dat
[2012/01/16 00:31:28 | 000,000,512 | ---- | C] () -- C:\Users\user\MBR.dat
[2011/05/20 04:43:04 | 000,063,915 | ---- | C] () -- C:\Users\user\Camella Projects re Cerritos Heights Computations 2.pdf
[2009/08/14 20:01:17 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2009/07/18 05:30:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/09 17:41:28 | 000,572,595 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2009/04/07 01:35:03 | 000,108,032 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/07 00:12:21 | 000,006,324 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 20:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 14:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 14:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/06/08 10:17:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Acapela Group
[2013/07/14 06:58:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\APP_NAME_NON_STRING
[2013/11/17 18:51:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Azureus
[2013/02/03 05:16:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Camfrog
[2006/01/16 19:53:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/23 07:29:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DMCache
[2012/12/16 20:41:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\eTeks
[2013/07/13 13:13:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Firefly Studios
[2011/04/29 16:53:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FrostWire
[2013/02/24 16:16:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gbox
[2011/11/10 00:08:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GrabPro
[2012/02/11 04:48:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HTML Executable
[2013/02/14 07:09:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IDM
[2010/09/08 13:14:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2009/12/31 20:00:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LimeWire
[2010/09/08 13:30:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\muvee Technologies
[2013/12/27 14:45:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Orbit
[2013/07/14 07:07:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PDF Software
[2011/11/10 00:08:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ProgSense
[2011/08/16 11:24:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SmartDraw
[2013/03/02 09:33:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2013/07/23 15:16:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.EXE >
[2008/10/29 14:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 11:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 10:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 10:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2006/11/02 20:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\en-US\explorer.exe.mui
[2006/11/02 20:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_03bbc52176b6ba20\explorer.exe.mui

< MD5 for: EXPLORER.EXE-7A3328DA.PF >
[2013/12/29 04:06:44 | 000,188,790 | ---- | M] () MD5=D755BEA9750F005FED3E4A014C0FEA4C -- C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf

< MD5 for: EXPLORER.ZIP >
[2006/03/07 02:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip

< MD5 for: IEXPLORE.EXE >
[2009/01/15 12:14:36 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=0844F5B9CB3BB85A917D347EF1565B6C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[2009/11/21 14:42:38 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=1B6362BB14FCEB9E76BCF9A953B04788 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
[2009/03/03 12:18:52 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=1DD66A2851DACDEC32EAE8F9A8865ABD -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
[2009/04/25 00:25:27 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1F44940EF1D07D0BDAF80E55853DFBD0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
[2010/02/23 23:06:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=25DB705A7DC85C208B3CF2D20F118AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
[2009/04/11 14:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[2009/08/27 13:23:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=2E48756F12C21F46895036AC089AAD97 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
[2010/01/02 22:58:26 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=3D8DA00B028DEA9517066F1CECBFC4A2 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
[2010/05/04 14:32:18 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=48A6109E8DF0365195298CC527B7426A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
[2009/07/22 14:04:09 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4B5AEA50CE77FBA4C2D169622DC9B489 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe
[2008/01/21 10:23:50 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[2010/05/04 14:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5C9B1062EA7A44E8F6BFDE994B68C7AA -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
[2010/06/26 14:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7420BE0E7D3D1320054F7ACA0594953D -- C:\Program Files\Internet Explorer\iexplore.exe
[2010/06/26 14:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7420BE0E7D3D1320054F7ACA0594953D -- C:\Windows\ERDNT\cache\iexplore.exe
[2010/06/26 14:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7420BE0E7D3D1320054F7ACA0594953D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
[2009/08/27 21:31:08 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=7DD482E4A2E3CBB0A72F718C342F5B75 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
[2010/01/02 14:40:20 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=88BD42DAE7CFFEB256CA7145A15E4843 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
[2009/03/03 12:32:44 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=8BA2B7A05F88BE0D45237A0994AD8366 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
[2009/03/03 12:40:22 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=9E6C1527D9A2C64BFD780AA23075380F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
[2010/02/23 14:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9F52FBE99C749E3F32C75124F09F1B03 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\D-drive-96751\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2009/03/09 05:09:24 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
[2009/07/22 05:53:43 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=C33BD196A0301F9B23D9A003D30ED8B0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe
[2009/04/25 00:03:18 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D5271AC4A06AD9D1E2EA0151B79B2657 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
[2009/04/25 00:01:36 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D6157423C117F24D24695866A1D0A93F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
[2009/11/21 23:05:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=E7F8DF50E483D165BB01F367D3519AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
[2009/03/03 12:22:10 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=EA4BE33726155F89D89A3FE7142878E0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
[2010/06/26 14:52:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=F05B3A2C6CB319DD1377AD566CF5ECE5 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
[2009/01/15 12:18:47 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=F0B1CA517977BA2FF6DA33F1B966C488 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
[2009/04/25 00:08:04 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=F294D8EEB05C835EC44A12CE0A1DFE7A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2006/11/02 20:41:15 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=3CCDDDBC49DEACA370F39A9F0E146A1B -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3b55b11a57da5590\iexplore.exe.mui
[2009/03/09 05:27:11 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/09 05:27:11 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.6001.18702_en-us_207795706a90d6c1\iexplore.exe.mui

< MD5 for: SERVICES >
[2006/09/19 05:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/19 05:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CFG >
[2013/09/03 21:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2008/01/21 10:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 20:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 20:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/21 10:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 10:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 20:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/19 05:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 20:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/19 05:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: WINLOGON.EXE >
[2009/04/11 14:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 14:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 14:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\D-drive-96751\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 10:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2008/01/21 10:25:40 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2008/01/21 10:25:40 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a\winlogon.exe.mui
[2006/11/02 20:40:50 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=A1D2856F3EC3C86EBBF1442B0245A8B3 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166\winlogon.exe.mui

< MD5 for: WINLOGON.EXE-8163EECC.PF >
[2013/12/29 04:06:32 | 000,038,368 | ---- | M] () MD5=725EB4DE172671F06003CF8D0D35E2A7 -- C:\Windows\Prefetch\WINLOGON.EXE-8163EECC.pf

< MD5 for: WINLOGON.MOF >
[2006/09/19 05:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\System32\wbem\winlogon.mof
[2006/09/19 05:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2013/06/06 23:18:41 | 000,009,745 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013/08/01 08:27:38 | 000,009,204 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2006/09/19 05:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 14:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/04/07 11:33:00 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/19 05:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/08/13 20:26:16 | 000,000,000 | ---- | M] () -- C:\END
[2012/06/23 23:17:06 | 000,001,758 | ---- | M] () -- C:\GingerSetup.log
[2013/01/26 13:11:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/01/26 13:11:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/12/28 06:08:46 | 2451,238,912 | -HS- | M] () -- C:\pagefile.sys
[2009/06/08 15:06:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/06/08 15:06:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/04/07 02:10:03 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 20:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 20:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 20:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/11/08 21:22:18 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/19 05:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 20:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 23:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 10:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 8412-9DC0
Directory of C:\
02/11/2006 21:02    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
Directory of C:\ProgramData
02/11/2006 21:02    <JUNCTION>     Application Data [C:\ProgramData]
02/11/2006 21:02    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
02/11/2006 21:02    <JUNCTION>     Documents [C:\Users\Public\Documents]
02/11/2006 21:02    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
02/11/2006 21:02    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 21:02    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users
02/11/2006 21:02    <SYMLINKD>     All Users [C:\ProgramData]
02/11/2006 21:02    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
Directory of C:\Users\All Users
02/11/2006 21:02    <JUNCTION>     Application Data [C:\ProgramData]
02/11/2006 21:02    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
02/11/2006 21:02    <JUNCTION>     Documents [C:\Users\Public\Documents]
02/11/2006 21:02    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
02/11/2006 21:02    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 21:02    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default
02/11/2006 21:02    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 21:02    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 21:02    <JUNCTION>     My Documents [C:\Users\Default\Documents]
02/11/2006 21:02    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 21:02    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 21:02    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 21:02    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 21:02    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 21:02    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default\AppData\Local
02/11/2006 21:02    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
02/11/2006 21:02    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 21:02    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\Default\Documents
02/11/2006 21:02    <JUNCTION>     My Music [C:\Users\Default\Music]
02/11/2006 21:02    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
02/11/2006 21:02    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Public\Documents
02/11/2006 21:02    <JUNCTION>     My Music [C:\Users\Public\Music]
02/11/2006 21:02    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
02/11/2006 21:02    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\user
07/04/2009 00:12    <JUNCTION>     Application Data [C:\Users\user\AppData\Roaming]
07/04/2009 00:12    <JUNCTION>     Cookies [C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies]
07/04/2009 00:12    <JUNCTION>     Local Settings [C:\Users\user\AppData\Local]
07/04/2009 00:12    <JUNCTION>     My Documents [C:\Users\user\Documents]
07/04/2009 00:12    <JUNCTION>     NetHood [C:\Users\user\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/04/2009 00:12    <JUNCTION>     PrintHood [C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/04/2009 00:12    <JUNCTION>     Recent [C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent]
07/04/2009 00:12    <JUNCTION>     SendTo [C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo]
07/04/2009 00:12    <JUNCTION>     Start Menu [C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu]
07/04/2009 00:12    <JUNCTION>     Templates [C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\user\AppData\Local
07/04/2009 00:12    <JUNCTION>     Application Data [C:\Users\user\AppData\Local]
07/04/2009 00:12    <JUNCTION>     History [C:\Users\user\AppData\Local\Microsoft\Windows\History]
07/04/2009 00:12    <JUNCTION>     Temporary Internet Files [C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\user\Documents
07/04/2009 00:12    <JUNCTION>     My Music [C:\Users\user\Music]
07/04/2009 00:12    <JUNCTION>     My Pictures [C:\Users\user\Pictures]
07/04/2009 00:12    <JUNCTION>     My Videos [C:\Users\user\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              49 Dir(s) 37,979,324,416 bytes free

< %systemroot%\System32\config\*.sav >
[2008/01/21 11:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 11:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 11:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 18:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 18:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/08 13:21:14 | 000,000,352 | -HS- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2013/12/29 04:16:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\user\Desktop\HiJackThis(1).exe
[2013/12/29 04:15:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-06-01 11:22:28

<   >
[2006/11/02 21:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 21:01:49 | 000,032,600 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 01:16:30 | 000,000,420 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{ADB7C4EF-9010-443B-B014-92A8A5210DCF}.job
[2013/07/02 06:55:19 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-722566208-2681290114-2279458060-1000Core.job
[2013/07/02 06:55:21 | 000,000,924 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-722566208-2681290114-2279458060-1000UA.job
[2013/08/07 19:43:11 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\user\Desktop\VID_20131121_204121.3gp:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\user\Desktop\VID_20131121_053744.3gp:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\user\Desktop\VID_20131121_053421.3gp:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\user\Desktop\VID_20131011_184823.3gp:TOC.WMV

< End of report >

2B. EXTRAS

OTL Extras logfile created on: 29/12/2013 04:23:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.40% Memory free
4.22 Gb Paging File | 3.11 Gb Available in Paging File | 73.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 36.24 Gb Free Space | 24.31% Space Free | Partition Type: NTFS
Drive D: | 18.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FB80B8-06CB-4722-B535-0E28B5040111}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{1FBACB71-DA98-42D3-B2D3-20926ACC3E66}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{42F215B9-A6C7-4D79-9575-58522438FEF6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{64EF9FC1-B237-40D4-980B-80EA27438629}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{769D6591-57D0-47F4-BE5A-496C3A7219A9}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{AA580204-7C4F-474B-B41F-17667FF19EEA}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{E9B37F59-E8BD-4716-A567-1C630A7BF146}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{0948E2A0-28EE-4BF0-BECB-CDA88D252BD4}C:\users\user\desktop\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\orbitdownloader\orbitnet.exe |
"TCP Query User{1A95BB0C-84AF-4639-8F59-9044FD4CA5D6}C:\users\user\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{368E1FFD-3A9F-4B05-9F9C-99DD0FAC136E}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{6283D9F4-64EC-4ACC-AFBF-089D67D2694C}C:\users\user\downloads\honinstaller.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\honinstaller.exe |
"TCP Query User{65CA66B4-65BA-4580-B556-BB7BF6C22277}D:\movies\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\movies\warcraft iii\war3.exe |
"TCP Query User{82FB03C0-2958-4F0D-87C2-10701E1AE477}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"TCP Query User{A2232651-43D3-473F-8C03-D9C40AF0C681}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{B2EF22F8-7F5E-4ECC-83B8-17F461F18DD4}D:\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=d:\garena plus\room\garena_room.exe |
"TCP Query User{CA67FBCF-A529-415C-A921-83DB4F7F83A2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{CBEB4C15-84A7-4A4F-BB4A-EDBA8EC8F624}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{FA76029E-64B6-44BB-9F6A-C8647D3FFE6E}C:\d-drive-96751\movies\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\d-drive-96751\movies\warcraft iii\war3.exe |
"UDP Query User{0D9814D6-ED31-4C44-8A95-9830E65A0CDA}C:\d-drive-96751\movies\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\d-drive-96751\movies\warcraft iii\war3.exe |
"UDP Query User{3422A79B-70D2-4732-A03B-3586B7F6ACBA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5C496C48-331B-4784-BA27-6F8D03BCA26C}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"UDP Query User{60F3BFA1-BC44-4E0B-9E0C-7F697B4A89E4}C:\users\user\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{9ED4B224-E935-4ACF-B93A-802C5F6EBD68}C:\users\user\downloads\honinstaller.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\honinstaller.exe |
"UDP Query User{A07C51C3-0FDA-4E13-8401-298E60726FF7}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{BDE7F9D6-D62A-450E-A40D-520D3C1D59BE}D:\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=d:\garena plus\room\garena_room.exe |
"UDP Query User{D0444C3E-ADA8-4D41-A414-3A4361A7DBB7}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{E8D0AFA6-CB45-4452-80E7-331495689ECC}D:\movies\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\movies\warcraft iii\war3.exe |
"UDP Query User{F467162A-0497-4F75-92B3-2C84C236CD43}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{F75B7A79-370F-4ABB-B496-B0FF0F09614B}C:\users\user\desktop\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\orbitdownloader\orbitnet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = SMART BRO
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1" = CBR Reader
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1" = Ezvid
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FormatFactory" = FormatFactory 3.2.1.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"HTMLExecutableIERuntimeSetup44" = HTML Executable IERuntime
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.4.5 Full
"LAGARITH" = Lagarith lossless video codec (Remove Only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee AntiVirus Plus
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.93
"VLC media player" = VLC media player 2.0.6
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 28/12/2013 16:00:23 | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

Error - 28/12/2013 16:01:35 | Computer Name = user-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

Error - 28/12/2013 16:01:49 | Computer Name = user-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

Error - 28/12/2013 16:01:57 | Computer Name = user-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

Error - 28/12/2013 16:02:05 | Computer Name = user-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

Error - 28/12/2013 16:02:21 | Computer Name = user-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

Error - 28/12/2013 16:02:32 | Computer Name = user-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

Error - 28/12/2013 16:02:42 | Computer Name = user-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

Error - 28/12/2013 16:04:46 | Computer Name = user-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

Error - 28/12/2013 16:11:15 | Computer Name = user-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

[ System Events ]
Error - 26/12/2013 19:47:52 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26/12/2013 19:47:55 | Computer Name = user-PC | Source = DCOM | ID = 10000
Description =

Error - 27/12/2013 03:50:52 | Computer Name = user-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 27/12/2013 03:52:30 | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

Error - 27/12/2013 18:10:21 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27/12/2013 18:10:21 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27/12/2013 18:10:21 | Computer Name = user-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 27/12/2013 18:11:22 | Computer Name = user-PC | Source = DCOM | ID = 10000
Description =

Error - 28/12/2013 15:53:26 | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

Error - 28/12/2013 15:58:43 | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

< End of report >

#3 xxxerotech

Authentic Member

Authentic Member
110 posts

Posted 28 December 2013 - 03:29 PM

3A. DDS

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by user at 5:12:51.29 on 29/12/2013
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 10.25.2
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2038.867 [GMT 8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\D-drive-96751\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Smart Bro\UIExec.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Games\Chess\Chess.exe
C:\Windows\system32\conime.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\user\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com...rch/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=Userinit.exe,
BHO: MSS+ Identifier: {0e8a89ad-95d7-40eb-8d9d-083ef7066a01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Facebook Update] "c:\users\user\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UIExec] "c:\program files\smart bro\UIExec.exe"
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\8m0iqaze.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\user\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\user\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-11-16 572528]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-11-16 213392]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2013-5-10 65640]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMScheduler;MBAMScheduler;c:\d-drive-96751\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-2 418376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-17 103112]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-8-23 167784]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-11-16 203840]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-12-29 643608]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-11-16 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-11-16 172416]
R2 UI Assistant Service;UI Assistant Service;c:\program files\smart bro\AssistantServices.exe [2013-11-6 253264]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-19 22856]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-11-16 236000]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-11-16 365416]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2013-11-26 319808]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [2013-11-6 107776]
S2 0200941388259952mcinstcleanup;McAfee Application Installer Cleanup (0200941388259952);c:\windows\temp\020094~1.exe -cleanup -nolog --> c:\windows\temp\020094~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FreeAgentGoNext Service;Seagate Service;d:\sync\freeagentservice.exe --> d:\sync\FreeAgentService.exe [?]
S2 MBAMService;MBAMService;c:\d-drive-96751\malwarebytes' anti-malware\mbamservice.exe [2013-6-2 701512]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [?]
S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-8-23 167784]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-8 257416]
S3 ampa;ampa;c:\windows\system32\ampa.sys [2013-5-12 12728]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-11-16 60920]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-12-29 147912]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2013-11-6 9216]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-12-14 40776]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-11-16 65928]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2013-11-26 80752]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-11-16 92632]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-16 119408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-12-28 20:00:18   147912   ----a-w-   c:\windows\system32\drivers\HipShieldK.sys
2013-12-18 19:33:16   --------   dc----w-   C:\FFOutput
2013-12-18 19:32:46   --------   d-----w-   c:\progra~2\APN
2013-12-18 19:31:20   --------   d-----w-   c:\program files\FreeTime
2013-12-14 06:15:32   40776   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
.
==================== Find3M ====================
.
2013-12-11 05:07:51   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-12-11 05:07:50   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-04 09:16:54   172416   ----a-w-   c:\windows\system32\mfevtps.exe
.
============= FINISH: 5:14:02.00 ===============

3B. ATTACH

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 07/04/2009 10:38:41
System Uptime: 28/12/2013 06:08:07 (23 hours ago)
.
Motherboard: Acer | | Columbia
Processor: Intel® Pentium® Dual CPU T2330 @ 1.60GHz | U2E1 | 800/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 35.38 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0081
Manufacturer: Microsoft
Name: isatap.{ADDC55A4-81C7-4A27-9E54-D027BE216942}
PNP Device ID: ROOT\*ISATAP\0081
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0090
Manufacturer: Microsoft
Name: isatap.{ADDC55A4-81C7-4A27-9E54-D027BE216942}
PNP Device ID: ROOT\*ISATAP\0090
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0126
Manufacturer: Microsoft
Name: isatap.{ADDC55A4-81C7-4A27-9E54-D027BE216942}
PNP Device ID: ROOT\*ISATAP\0126
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink ™ Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011C1025&REV_02\4&87CE153&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetLink ™ Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011C1025&REV_02\4&87CE153&0&00E0
Service: b57nd60x
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_GGSAFERDRIVER\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_GGSAFERDRIVER\0000
Service:
.
==== System Restore Points ===================
.
RP1166: 28/12/2013 13:54:04 - Scheduled Checkpoint
RP1167: 29/12/2013 04:29:03 - OTL Restore Point - 29/12/2013 04:29:03
.
==== Installed Programs ======================
.
Acer Crystal Eye Webcam
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.6
CBR Reader
CCleaner
CyberLink PowerDVD 8
ESET Online Scanner v3
Ezvid
Facebook Video Calling 1.2.0.287
FormatFactory 3.2.1.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HTML Executable IERuntime
Intel® Graphics Media Accelerator Driver
Java 7 Update 25
Java Auto Updater
K-Lite Codec Pack 3.4.5 Full
Lagarith lossless video codec (Remove Only)
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee AntiVirus Plus
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Revo Uninstaller 1.93
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Shared C Run-time for x86
SMART BRO
swMSM
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2279264)
VCRedistSetup
VLC media player 2.0.6
Vuze
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
28/12/2013 06:11:22, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}. The error: "740" Happened while starting this command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe -Embedding
28/12/2013 06:10:21, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
28/12/2013 06:10:21, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
28/12/2013 06:10:21, Error: Service Control Manager [7000] - The {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} service failed to start due to the following error: The system cannot find the file specified.
27/12/2013 15:50:52, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
27/12/2013 07:46:24, Error: EventLog [6008] - The previous system shutdown at 7:44:31 AM on 12/27/2013 was unexpected.
26/12/2013 03:44:44, Error: EventLog [6008] - The previous system shutdown at 3:42:51 AM on 12/26/2013 was unexpected.
.
==== End Of File ===========================

#4 Jo*

SuperMember

Malware Team
1,208 posts

Posted 05 January 2014 - 10:59 AM

:welcome:

Hello xxxerotech,

my name is Jo and I will help you with your computer problems.

Please be advised that I am currently in training, so my responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies.

Please follow these guidelines:

Logs can take a while to research, so please be patient.
Read and follow the instructions in the sequence they are posted.
print or copy & save instructions.
Do not install / uninstall any applications, unless otherwise instructed.
Use only that tools you have been instructed to use.
Copy and Paste the log files inside your post, unless otherwise instructed.
Ask for clarification, if you have any questions.
Stay with this topic til you get the all clean post.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

I will return as soon as possible with more instructions.

***

Graduate of the WTT Classroom
Cheers,
Jo

#5 Jo*

SuperMember

Malware Team
1,208 posts

Posted 05 January 2014 - 02:58 PM

Hello xxxerotech,

1. Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
Vista / Windows 7/8 users right-click and select Run As Administrator.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***

2. Please download Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.
Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
Scan your system for malware
If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.

***

Graduate of the WTT Classroom
Cheers,
Jo

#6 xxxerotech

Authentic Member

Authentic Member
110 posts

Posted 06 January 2014 - 01:28 PM

Hi, Jo. Thank you for taking time to help me out. Malwarebytes Anti-Roolkit did not find any malware. And here's the log from Security Check:

Results of screen317's Security Check version 0.99.78
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 25
Java version out of Date!
Adobe Flash Player 11.9.900.170
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 54 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

#7 Jo*

SuperMember

Malware Team
1,208 posts

Posted 06 January 2014 - 03:19 PM

Hi xxxerotech,

Please download AdwCleaner by Xplode and save to your Desktop.
Right-click AdwCleaner.exe and select Run As Administrator.

Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***

Please download Farbar Service Scanner and run it on the computer with the issue.
Vista / Windows 7/8 users right-click and select Run As Administrator.

Make sure "Include All Files" option remains checked.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

***

Graduate of the WTT Classroom
Cheers,
Jo

#8 xxxerotech

Authentic Member

Authentic Member
110 posts

Posted 09 January 2014 - 06:09 AM

I just checked all the check boxes for FARBAR SERVICE SCANNER 'cos I didn't see the option INCLUDE ALL FILES.

Here are the logs that you requested:

*** ADWCLEANER

# AdwCleaner v3.016 - Report created 09/01/2014 at 19:50:55
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : user - USER-PC
# Running from : C:\Users\user\Downloads\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8m0iqaze.default\user.js
File Found : C:\Windows\System32\Tasks\NCH Software
Folder Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Folder Found C:\Program Files\Vuze
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\CodecCheck
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Found C:\ProgramData\NCH Software
Folder Found C:\users\user\AppData\Local\Conduit
Folder Found C:\users\user\AppData\Local\OpenCandy
Folder Found C:\users\user\AppData\Local\Temp\apn
Folder Found C:\users\user\AppData\Local\visi_coupon
Folder Found C:\users\user\AppData\LocalLow\Conduit
Folder Found C:\users\user\AppData\LocalLow\facemoods.com
Folder Found C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8m0iqaze.default\ConduitCommon
Folder Found C:\users\user\AppData\Roaming\NCH Software
Folder Found C:\users\user\Desktop\orbitdownloader

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\BS_StillCap
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Orbit_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\NCH Software
Key Found : HKCU\Software\Orbit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1868DAD-83B1-4E89-8F92-D7BE0303658D}
Key Found : HKLM\Software\NCH Software
Key Found : HKLM\Software\Trymedia Systems
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\Software\Uniblue\DriverScanner
Value Found : HKLM\SOFTWARE\mozilla\Firefox\Extensions [crossriderapp435@crossrider.com]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18943

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8m0iqaze.default\prefs.js ]

Line Found : user_pref("CT2786678..clientLogIsEnabled", true);
Line Found : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Found : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Line Found : user_pref("CT2786678.CTID", "CT2786678");
Line Found : user_pref("CT2786678.CurrentServerDate", "15-1-2012");
Line Found : user_pref("CT2786678.DSInstall", false);
Line Found : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2786678.DialogsGetterLastCheckTime", "Sun Jan 15 2012 11:32:13 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Found : user_pref("CT2786678.EMailNotifierPollDate", "Sun Jan 15 2012 11:31:17 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.FeedLastCount5690698542593514850", 200);
Line Found : user_pref("CT2786678.FeedPollDate2429156812186649977", "Sun Jan 15 2012 11:31:18 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813040823546", "Sun Jan 15 2012 11:31:17 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813130095866", "Sun Jan 15 2012 11:31:17 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813224203613", "Sun Jan 15 2012 11:31:17 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813230837251", "Sun Jan 15 2012 11:31:17 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813454291735", "Sun Jan 15 2012 11:31:17 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813729834876", "Sun Jan 15 2012 11:31:17 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813860870021", "Sun Jan 15 2012 11:31:18 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156814264681793", "Sun Jan 15 2012 11:31:18 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156814863075366", "Sun Jan 15 2012 11:31:17 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156815257761081", "Sun Jan 15 2012 11:31:17 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Line Found : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Line Found : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Line Found : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Line Found : user_pref("CT2786678.FirstServerDate", "27-11-2011");
Line Found : user_pref("CT2786678.FirstTime", true);
Line Found : user_pref("CT2786678.FirstTimeFF3", true);
Line Found : user_pref("CT2786678.FixPageNotFoundErrors", false);
Line Found : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2786678.HPInstall", false);
Line Found : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Found : user_pref("CT2786678.HomePageProtectorEnabled", false);
Line Found : user_pref("CT2786678.HomepageBeforeUnload", "about:home");
Line Found : user_pref("CT2786678.Initialize", true);
Line Found : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Found : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Line Found : user_pref("CT2786678.InstalledDate", "Sun Nov 27 2011 18:28:30 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.IsGrouping", false);
Line Found : user_pref("CT2786678.IsInitSetupIni", true);
Line Found : user_pref("CT2786678.IsMulticommunity", false);
Line Found : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Found : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Found : user_pref("CT2786678.LanguagePackLastCheckTime", "Sun Jan 15 2012 11:31:21 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2786678.LastLogin_3.8.0.8", "Sun Nov 27 2011 18:28:43 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.LastLogin_3.9.0.3", "Sun Jan 15 2012 11:31:51 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.LatestVersion", "3.9.0.3");
Line Found : user_pref("CT2786678.Locale", "en");
Line Found : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT2786678.OriginalFirstVersion", "3.8.0.8");
Line Found : user_pref("CT2786678.SearchCaption", " ");
Line Found : user_pref("CT2786678.SearchEngineBeforeUnload", "Search the web (Babylon)");
Line Found : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Line Found : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Sun Jan 15 2012 11:31:26 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2786678.SearchProtectorEnabled", false);
Line Found : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Line Found : user_pref("CT2786678.SendProtectorDataViaLogin", true);
Line Found : user_pref("CT2786678.ServiceMapLastCheckTime", "Sun Jan 15 2012 11:31:18 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.SettingsLastCheckTime", "Sun Jan 15 2012 11:31:16 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.SettingsLastUpdate", "1325059723");
Line Found : user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
Line Found : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sun Jan 15 2012 11:31:16 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Line Found : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Line Found : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT2786678.Uninstall", true);
Line Found : user_pref("CT2786678.UserID", "UN47024743823604343");
Line Found : user_pref("CT2786678.WeatherNetwork", "");
Line Found : user_pref("CT2786678.WeatherPollDate", "Sun Jan 15 2012 11:31:17 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.WeatherUnit", "C");
Line Found : user_pref("CT2786678.alertChannelId", "1178763");
Line Found : user_pref("CT2786678.backendstorage.cbfirsttime", "53756E204E6F7620323720323031312031383A32393A313920474D542B3034303020284172616269616E205374616E646172642054696D6529");
Line Found : user_pref("CT2786678.backendstorage.pairingkey", "37354139384631443042433434383338444534464230453934443430413642354344303944353841");
Line Found : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
Line Found : user_pref("CT2786678.backendstorage.uttorrents", "7B226275696C64223A32363437332C226C6162656C223A5B5D2C22746F7272656E7473223A5B5B223342374530454538443733393642414432313037383639444232353046323530443831[...]
Line Found : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Sun Jan 15 2012 11:31:21 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT2786678.initDone", true);
Line Found : user_pref("CT2786678.isAppTrackingManagerOn", true);
Line Found : user_pref("CT2786678.myStuffEnabled", true);
Line Found : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804,1000034,129526967958500204,129309489763975460,5690698542593514850,129309485163350924,12931541142425[...]
Line Found : user_pref("CT2786678.revertSettingsEnabled", true);
Line Found : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT2786678.testingCtid", "");
Line Found : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Sun Jan 15 2012 11:31:23 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Sun Jan 15 2012 11:31:25 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/PH", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1313448428\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:1254\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"6a637346d78ccc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"6a637346d78ccc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"567c96be3ef640e157660940cadc2edb\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=CT2786678", "\"1325059724\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"dbff24cb6381b84c110a44581d65040e\"");
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\user\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8m0iqaze.default\\conduitCommon\\modules\\3.8.0.8");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://ph.search.yahoo.com/search?fr=mcafee&p=");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678");
Line Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Jan 15 2012 11:31:17 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CommunityToolbar.globalUserId", "341c599e-08e6-484b-b552-24b79bc0a674");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Nov 27 2011 18:28:31 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Nov 27 2011 18:28:39 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Nov 27 2011 18:20:36 GMT+0400 (Arabian Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "b6dd86c7-6469-41f9-a6dc-51cf3a6e8d31");
Line Found : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Line Found : user_pref("CommunityToolbar.originalSearchEngine", "Secure Search");
Line Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Found : user_pref("browser.newtab.url", "hxxp://search.nation.com/?orig=HP&affid=14000&cztbid=38947349");
Line Found : user_pref("extensions.BabylonToolbar.admin", false);
Line Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=100886");
Line Found : user_pref("extensions.BabylonToolbar.bbDpng", 24);
Line Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Line Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Line Found : user_pref("extensions.BabylonToolbar.id", "84129dc0000000000000000000000000");
Line Found : user_pref("extensions.BabylonToolbar.instlDay", "15332");
Line Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar.lastDP", 24);
Line Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1722:54:18");
Line Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0");
Line Found : user_pref("extensions.BabylonToolbar.newTab", true);
Line Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Line Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Line Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar.propectorlck", 63314739);
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Line Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1722:54:18");
Line Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100886");
Line Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100886&babsrc=NT_ss&mntrId=84129dc0000000000000000000000000");
Line Found : user_pref("extensions.crossrider.bic", "133e56592ff02dab9ae473fe7de0a1bd");
Line Found : user_pref("extensions.crossriderapp435.bic", "133e56592ff02dab9ae473fe7de0a1bd");
Line Found : user_pref("extensions.crossriderapp435.firstrun", false);
Line Found : user_pref("extensions.crossriderapp435.installationdate", 1322403599);
Line Found : user_pref("extensions.crossriderapp435.lastcheck", 22040060);
Line Found : user_pref("extensions.crossriderapp435.lastcheckitem", 22040108);
Line Found : user_pref("extensions.crossriderapp435.misc.lastBgWorkerTimer", "1322406505613");
Line Found : user_pref("extensions.crossriderapp435.misc.lastDomWorkerTimer", "1322406505509");
Line Found : user_pref("extensions.facemoods._xpiupdate", true);
Line Found : user_pref("extensions.facemoods.aflt", "_#wbst");
Line Found : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");
Line Found : user_pref("extensions.facemoods.first_time", false);
Line Found : user_pref("extensions.facemoods.forceOptOutPrefs", true);
Line Found : user_pref("extensions.facemoods.id", "_#0337f1c8b6bf463d89b66be85a391aa9");
Line Found : user_pref("extensions.facemoods.instlDay", "_#15305");
Line Found : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Line Found : user_pref("extensions.facemoods.sid", "_#0337f1c8b6bf463d89b66be85a391aa9");
Line Found : user_pref("extensions.facemoods.update", "_#v1.4.0");
Line Found : user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");

-\\ Google Chrome v

[ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [22056 octets] - [09/01/2014 19:50:55]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [22117 octets] ##########

*** FARBAR SERVICE SCANNER

Farbar Service Scanner Version: 08-01-2014
Ran by user (administrator) on 09-01-2014 at 19:57:39
Running from "C:\Users\user\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
WAN connected
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#9 Jo*

SuperMember

Malware Team
1,208 posts

Posted 09 January 2014 - 03:04 PM

Hi xxxerotech,

Right click on AdwCleaner.exe to run the tool again and select Run As Administrator.

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***

Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Right click JRT.exe to run the tool and select Run As Administrator.

JRT will begin to backup your registry and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, the log JRT.txt is saved on your desktop and will automatically open.

Enable your antivirus!
Post the contents of JRT.txt into your next reply.

***

Run OTL again.
Vista / Windows 7/8 users right-click and select Run As Administrator.

Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
don't check the boxes beside LOP Check and Purity Check this time.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window OTL.Txt.
Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***

How the computer is running now?

***

Graduate of the WTT Classroom
Cheers,
Jo

#10 xxxerotech

Authentic Member

Authentic Member
110 posts

Posted 11 January 2014 - 04:46 AM

Well, it still hangs occassionally due to MCAFEE ANTIVIRUS plugin that I got. Now it says that it has expired and I need to renew it.

Anyway, here are the logs that you requested.

# AdwCleaner v3.016 - Report created 11/01/2014

at 16:35:13
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista ™ Home

Premium Service Pack 2 (32 bits)
# Username : user - USER-PC
# Running from :

C:\Users\user\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\CodecCheck
[x] Not Deleted :

C:\ProgramData\Microsoft\Windows\Start

Menu\Programs\hotspot shield
[x] Not Deleted : C:\Program Files\Vuze
Folder Deleted :

C:\users\user\AppData\Local\Conduit
Folder Deleted :

C:\users\user\AppData\Local\OpenCandy
Folder Deleted :

C:\users\user\AppData\Local\visi_coupon
Folder Deleted :

C:\users\user\AppData\Local\Temp\apn
Folder Deleted :

C:\users\user\AppData\LocalLow\Conduit
Folder Deleted :

C:\users\user\AppData\LocalLow\facemoods.com
Folder Deleted :

C:\users\user\AppData\Roaming\NCH Software
[x] Not Deleted :

C:\users\user\Desktop\orbitdownloader
Folder Deleted :

C:\users\user\AppData\Roaming\Mozilla\Firefox\P

rofiles\8m0iqaze.default\ConduitCommon
Folder Deleted :

C:\Users\user\AppData\Local\Google\Chrome\User

Data\Default\Extensions\jpnbdefcbnoefmmcpelplab

bkfmfhlho
File Deleted : C:\END
File Deleted :

C:\users\user\AppData\Roaming\Mozilla\Firefox\P

rofiles\8m0iqaze.default\user.js
File Deleted : C:\Windows\System32\Tasks\NCH

Software

***** [ Shortcuts ] *****

***** [ Registry ] *****

[#] Key Deleted :

HKLM\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Schedule\TaskCache\Tasks\{B18

68DAD-83B1-4E89-8F92-D7BE0303658D}
Key Deleted :

HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKCU\Software\BS_StillCap
Value Deleted :

HKLM\SOFTWARE\mozilla\Firefox\Extensions

[crossriderapp435@crossrider.com]
Key Deleted :

HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-

4964-9FBA-1978A1BB060D}
Key Deleted :

HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-

40D7-8BA4-932B0121B472}
Key Deleted :

HKCU\Software\Microsoft\Windows\CurrentVersion\

Ext\Stats\{000123B4-9B42-4900-B3F7-

F4B073EFC214}
Key Deleted :

HKCU\Software\Microsoft\Windows\CurrentVersion\

Ext\Stats\{DF780F87-FF2B-4DF8-92D0-

73DB16A1543A}
Key Deleted :

HKCU\Software\Microsoft\Windows\CurrentVersion\

Ext\Settings\{000123B4-9B42-4900-B3F7-

F4B073EFC214}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet

Explorer\Low Rights\ElevationPolicy\{4250488A-

CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\Orbit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Uniblue
Key Deleted :

HKCU\Software\Microsoft\Windows\CurrentVersion\

App Management\ARPCache\{C2F8CA82-2BD9-4513-

B2D1-08A47914C1DA}_is1
Key Deleted :

HKCU\Software\Microsoft\Windows\CurrentVersion\

App Management\ARPCache\Orbit_is1

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18943

-\\ Mozilla Firefox v26.0 (en-US)

[ File :

C:\users\user\AppData\Roaming\Mozilla\Firefox\P

rofiles\8m0iqaze.default\prefs.js ]

Line Deleted : user_pref

("CT2786678..clientLogIsEnabled", true);
Line Deleted : user_pref

("CT2786678..clientLogServiceUrl",

"hxxp://clientlog.users.conduit.com/ClientDiagn

ostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref

("CT2786678..uninstallLogServiceUrl",

"hxxp://uninstall.users.conduit.com/Uninstall.a

smx/RegisterToolbarUninstallation");
Line Deleted : user_pref

("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR",

false);
Line Deleted : user_pref

("CT2786678.AboutPrivacyUrl",

"hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref

("CT2786678.BrowserCompStateIsOpen_129579220236

217502", true);
Line Deleted : user_pref("CT2786678.CTID",

"CT2786678");
Line Deleted : user_pref

("CT2786678.CurrentServerDate", "15-1-2012");
Line Deleted : user_pref("CT2786678.DSInstall",

false);
Line Deleted : user_pref

("CT2786678.DialogsAlignMode", "LTR");
Line Deleted : user_pref

("CT2786678.DialogsGetterLastCheckTime", "Sun

Jan 15 2012 11:32:13 GMT+0400 (Arabian Standard

Time)");
Line Deleted : user_pref

("CT2786678.DownloadReferralCookieData", "");
Line Deleted : user_pref

("CT2786678.EMailNotifierPollDate", "Sun Jan 15

2012 11:31:17 GMT+0400 (Arabian Standard

Time)");
Line Deleted : user_pref

("CT2786678.FeedLastCount5690698542593514850",

200);
Line Deleted : user_pref

("CT2786678.FeedPollDate2429156812186649977",

"Sun Jan 15 2012 11:31:18 GMT+0400 (Arabian

Standard Time)");
Line Deleted : user_pref

("CT2786678.FeedPollDate2429156813040823546",

"Sun Jan 15 2012 11:31:17 GMT+0400 (Arabian

Standard Time)");
Line Deleted : user_pref

("CT2786678.FeedPollDate2429156813130095866",

"Sun Jan 15 2012 11:31:17 GMT+0400 (Arabian

Standard Time)");
Line Deleted : user_pref

("CT2786678.FeedPollDate2429156813224203613",

"Sun Jan 15 2012 11:31:17 GMT+0400 (Arabian

Standard Time)");
Line Deleted : user_pref

("CT2786678.FeedPollDate2429156813230837251",

"Sun Jan 15 2012 11:31:17 GMT+0400 (Arabian

Standard Time)");
Line Deleted : user_pref

("CT2786678.FeedPollDate2429156813454291735",

"Sun Jan 15 2012 11:31:17 GMT+0400 (Arabian

Standard Time)");
Line Deleted : user_pref

("CT2786678.FeedPollDate2429156813729834876",

"Sun Jan 15 2012 11:31:17 GMT+0400 (Arabian

Standard Time)");
Line Deleted : user_pref

("CT2786678.FeedPollDate2429156813860870021",

"Sun Jan 15 2012 11:31:18 GMT+0400 (Arabian

Standard Time)");
Line Deleted : user_pref

("CT2786678.FeedPollDate2429156814264681793",

"Sun Jan 15 2012 11:31:18 GMT+0400 (Arabian

Standard Time)");
Line Deleted : user_pref

("CT2786678.FeedPollDate2429156814863075366",

"Sun Jan 15 2012 11:31:17 GMT+0400 (Arabian

Standard Time)");
Line Deleted : user_pref

("CT2786678.FeedPollDate2429156815257761081",

"Sun Jan 15 2012 11:31:17 GMT+0400 (Arabian

Standard Time)");
Line Deleted : user_pref

("CT2786678.FeedTTL2429156813040823546", 15);
Line Deleted : user_pref

("CT2786678.FeedTTL2429156813130095866", 10);
Line Deleted : user_pref

("CT2786678.FeedTTL2429156813454291735", 5);
Line Deleted : user_pref

("CT2786678.FeedTTL2429156814264681793", 5);
Line Deleted : user_pref

("CT2786678.FirstServerDate", "27-11-2011");
Line Deleted : user_pref("CT2786678.FirstTime",

true);
Line Deleted : user_pref

("CT2786678.FirstTimeFF3", true);
Line Deleted : user_pref

("CT2786678.FixPageNotFoundErrors", false);
Line Deleted : user_pref

("CT2786678.GroupingServerCheckInterval",

1440);
Line Deleted : user_pref

("CT2786678.GroupingServiceUrl",

"hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2786678.HPInstall",

false);
Line Deleted : user_pref

("CT2786678.HasUserGlobalKeys", true);
Line Deleted : user_pref

("CT2786678.HomePageProtectorEnabled", false);
Line Deleted : user_pref

("CT2786678.HomepageBeforeUnload",

"about:home");
Line Deleted : user_pref

("CT2786678.Initialize", true);
Line Deleted : user_pref

("CT2786678.InitializeCommonPrefs", true);
Line Deleted : user_pref

("CT2786678.InstallationAndCookieDataSentCount"

, 3);
Line Deleted : user_pref

("CT2786678.InstallationType",

"UnknownIntegration");
Line Deleted : user_pref

("CT2786678.InstalledDate", "Sun Nov 27 2011

18:28:30 GMT+0400 (Arabian Standard Time)");
Line Deleted : user_pref

("CT2786678.IsGrouping", false);
Line Deleted : user_pref

("CT2786678.IsInitSetupIni", true);
Line Deleted : user_pref

("CT2786678.IsMulticommunity", false);
Line Deleted : user_pref

("CT2786678.IsOpenThankYouPage", true);
Line Deleted : user_pref

("CT2786678.IsOpenUninstallPage", false);
Line Deleted : user_pref

("CT2786678.LanguagePackLastCheckTime", "Sun

Jan 15 2012 11:31:21 GMT+0400 (Arabian Standard

Time)");
Line Deleted : user_pref

("CT2786678.LanguagePackReloadIntervalMM",

1440);
Line Deleted : user_pref

("CT2786678.LanguagePackServiceUrl",

"hxxp://translation.users.conduit.com/Translati

on.ashx");
Line Deleted : user_pref

("CT2786678.LastLogin_3.8.0.8", "Sun Nov 27

2011 18:28:43 GMT+0400 (Arabian Standard

Time)");
Line Deleted : user_pref

("CT2786678.LastLogin_3.9.0.3", "Sun Jan 15

2012 11:31:51 GMT+0400 (Arabian Standard

Time)");
Line Deleted : user_pref

("CT2786678.LatestVersion", "3.9.0.3");
Line Deleted : user_pref("CT2786678.Locale",

"en");
Line Deleted : user_pref

("CT2786678.MCDetectTooltipHeight", "83");
Line Deleted : user_pref

("CT2786678.MCDetectTooltipUrl",

"hxxp://@EB_INSTALL_LINK@/rank/tooltip/?

version=1");
Line Deleted : user_pref

("CT2786678.MCDetectTooltipWidth", "295");
Line Deleted : user_pref

("CT2786678.MyStuffEnabledAtInstallation",

true);
Line Deleted : user_pref

("CT2786678.OriginalFirstVersion", "3.8.0.8");
Line Deleted : user_pref

("CT2786678.SearchCaption", " ");
Line Deleted : user_pref

("CT2786678.SearchEngineBeforeUnload", "Search

the web (Babylon)");
Line Deleted : user_pref

("CT2786678.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref

("CT2786678.SearchFromAddressBarUrl",

"hxxp://search.conduit.com/ResultsExt.aspx?

ctid=CT2786678&q=");
Line Deleted : user_pref

("CT2786678.SearchInNewTabEnabled", true);
Line Deleted : user_pref

("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref

("CT2786678.SearchInNewTabLastCheckTime", "Sun

Jan 15 2012 11:31:26 GMT+0400 (Arabian Standard

Time)");
Line Deleted : user_pref

("CT2786678.SearchInNewTabServiceUrl",

"hxxp://newtab.conduit-hosting.com/newtab/?

ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref

("CT2786678.SearchInNewTabUsageUrl",

"hxxp://usage.hosting.toolbar.conduit-

services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref

("CT2786678.SearchProtectorEnabled", false);
Line Deleted : user_pref

("CT2786678.SearchProtectorToolbarDisabled",

false);
Line Deleted : user_pref

("CT2786678.SendProtectorDataViaLogin", true);
Line Deleted : user_pref

("CT2786678.ServiceMapLastCheckTime", "Sun Jan

15 2012 11:31:18 GMT+0400 (Arabian Standard

Time)");
Line Deleted : user_pref

("CT2786678.SettingsLastCheckTime", "Sun Jan 15

2012 11:31:16 GMT+0400 (Arabian Standard

Time)");
Line Deleted : user_pref

("CT2786678.SettingsLastUpdate", "1325059723");
Line Deleted : user_pref

("CT2786678.TBHomePageUrl",

"hxxp://search.conduit.com/?

ctid=CT2786678&SearchSource=13");
Line Deleted : user_pref

("CT2786678.ThirdPartyComponentsInterval",

504);
Line Deleted : user_pref

("CT2786678.ThirdPartyComponentsLastCheck",

"Sun Jan 15 2012 11:31:16 GMT+0400 (Arabian

Standard Time)");
Line Deleted : user_pref

("CT2786678.ThirdPartyComponentsLastUpdate",

"1312887586");
Line Deleted : user_pref

("CT2786678.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref

("CT2786678.TrusteLinkUrl",

"hxxp://trust.conduit.com/CT2786678");
Line Deleted : user_pref

("CT2786678.TrustedApiDomains",

"conduit.com,conduit-hosting.com,conduit-

services.com,client.conduit-

storage.com,OurToolbar.com,CommunityToolbars.co

m,ForumToolbar.com,MyBlogToolbar.com,MyCity

[...]
Line Deleted : user_pref("CT2786678.Uninstall",

true);
Line Deleted : user_pref("CT2786678.UserID",

"UN47024743823604343");
Line Deleted : user_pref

("CT2786678.WeatherNetwork", "");
Line Deleted : user_pref

("CT2786678.WeatherPollDate", "Sun Jan 15 2012

11:31:17 GMT+0400 (Arabian Standard Time)");
Line Deleted : user_pref

("CT2786678.WeatherUnit", "C");
Line Deleted : user_pref

("CT2786678.alertChannelId", "1178763");
Line Deleted : user_pref

("CT2786678.backendstorage.cbfirsttime",

"53756E204E6F7620323720323031312031383A32393A31

3920474D542B3034303020284172616269616E205374616

E646172642054696D6529");
Line Deleted : user_pref

("CT2786678.backendstorage.pairingkey",

"3735413938463144304243343438333844453446423045

3934443430413642354344303944353841");
Line Deleted : user_pref

("CT2786678.backendstorage.scriptsource",

"687474703A2F2F3132372E302E302E313A31303030302F

6775692F");
Line Deleted : user_pref

("CT2786678.backendstorage.uttorrents",

"7B226275696C64223A32363437332C226C6162656C223A

5B5D2C22746F7272656E7473223A5B5B223342374530454

53844373339364241443231303738363944423235304632

3530443831[...]
Line Deleted : user_pref

("CT2786678.generalConfigFromLogin",

"{\"ApiMaxAlerts\":\"12

\",\"SocialDomains\":\"social.conduit.com;apps.

conduit.com;services.apps.conduit.com\",\"AppsD

etectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref

("CT2786678.globalFirstTimeInfoLastCheckTime",

"Sun Jan 15 2012 11:31:21 GMT+0400 (Arabian

Standard Time)");
Line Deleted : user_pref

("CT2786678.homepageProtectorEnableByLogin",

true);
Line Deleted : user_pref("CT2786678.initDone",

true);
Line Deleted : user_pref

("CT2786678.isAppTrackingManagerOn", true);
Line Deleted : user_pref

("CT2786678.myStuffEnabled", true);
Line Deleted : user_pref

("CT2786678.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref

("CT2786678.myStuffSearchUrl",

"hxxp://Apps.conduit.com/search?

q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOO

LBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref

("CT2786678.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref

("CT2786678.myStuffServiceUrl",

"hxxp://mystuff.conduit-

services.com/MyStuffService.ashx?

ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY

_STUFF_LUT");
Line Deleted : user_pref

("CT2786678.oldAppsList",

"129295695672325902,129295695672325903,1000234,

129295698017012804,1000034,129526967958500204,1

29309489763975460,5690698542593514850,129309485

163350924,12931541142425[...]
Line Deleted : user_pref

("CT2786678.revertSettingsEnabled", true);
Line Deleted : user_pref

("CT2786678.searchProtectorDialogDelayInSec",

10);
Line Deleted : user_pref

("CT2786678.searchProtectorEnableByLogin",

true);
Line Deleted : user_pref

("CT2786678.testingCtid", "");
Line Deleted : user_pref

("CT2786678.toolbarAppMetaDataLastCheckTime",

"Sun Jan 15 2012 11:31:23 GMT+0400 (Arabian

Standard Time)");
Line Deleted : user_pref

("CT2786678.toolbarContextMenuLastCheckTime",

"Sun Jan 15 2012 11:31:25 GMT+0400 (Arabian

Standard Time)");
Line Deleted : user_pref

("CommunityToolbar.ETag.hxxp://alerts.conduit-

services.com/root/1178763/1174448/PH", "\"0

\"");
Line Deleted : user_pref

("CommunityToolbar.ETag.hxxp://appsmetadata.too

lbar.conduit-services.com/?ctid=CT2786678",

"\"1313448428\"");
Line Deleted : user_pref

("CommunityToolbar.ETag.hxxp://contextmenu.tool

bar.conduit-services.com/?

name=GottenApps&locale=en",

"wVmmvqqOMqrv5xct1cJIHg==");
Line Deleted : user_pref

("CommunityToolbar.ETag.hxxp://contextmenu.tool

bar.conduit-services.com/?

name=OtherApps&locale=en",

"0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref

("CommunityToolbar.ETag.hxxp://contextmenu.tool

bar.conduit-services.com/?

name=SharedApps&locale=en",

"Dclc8oo4TTv7+mAkSlUSWg==");
Line Deleted : user_pref

("CommunityToolbar.ETag.hxxp://contextmenu.tool

bar.conduit-services.com/?

name=Toolbar&locale=en",

"K4Vqu91uAzWURlxJRdXJOg==");
Line Deleted : user_pref

("CommunityToolbar.ETag.hxxp://dynamicdialogs.a

lert.conduit-services.com/alert/dlg.pkg",

"\"07879643d3acc1:1254\"");
Line Deleted : user_pref

("CommunityToolbar.ETag.hxxp://dynamicdialogs.t

oolbar.conduit-services.com/DLG.pkg?

ver=3.8.0.8", "\"6a637346d78ccc1:0\"");
Line Deleted : user_pref

("CommunityToolbar.ETag.hxxp://dynamicdialogs.t

oolbar.conduit-services.com/DLG.pkg?

ver=3.9.0.3", "\"6a637346d78ccc1:0\"");
Line Deleted : user_pref

("CommunityToolbar.ETag.hxxp://servicemap.condu

it-services.com/Toolbar/?ownerId=CT2786678",

"\"567c96be3ef640e157660940cadc2edb\"");
Line Deleted : user_pref

("CommunityToolbar.ETag.hxxp://settings.toolbar

.conduit-services.com/?

ctid=CT2786678&octid=CT2786678", "\"1325059724

\"");
Line Deleted : user_pref

("CommunityToolbar.ETag.hxxp://translation.tool

bar.conduit-services.com/?locale=en",

"\"dbff24cb6381b84c110a44581d65040e\"");
Line Deleted : user_pref

("CommunityToolbar.LatestLibsPath",

"file:///C:\\Users\\user\\AppData\\Roaming\\Moz

illa\\Firefox\\Profiles\\8m0iqaze.default\\cond

uitCommon\\modules\\3.8.0.8");
Line Deleted : user_pref

("CommunityToolbar.LatestToolbarVersionInstalle

d", "3.8.0.8");
Line Deleted : user_pref

("CommunityToolbar.SearchFromAddressBarSavedUrl

", "hxxp://ph.search.yahoo.com/search?

fr=mcafee&p=");
Line Deleted : user_pref

("CommunityToolbar.ToolbarsList", "CT2786678");
Line Deleted : user_pref

("CommunityToolbar.ToolbarsList2",

"CT2786678");
Line Deleted : user_pref

("CommunityToolbar.ToolbarsList4",

"CT2786678");
Line Deleted : user_pref

("CommunityToolbar.facebook.settingsLastCheckTi

me", "Sun Jan 15 2012 11:31:17 GMT+0400

(Arabian Standard Time)");
Line Deleted : user_pref

("CommunityToolbar.globalUserId", "341c599e-

08e6-484b-b552-24b79bc0a674");
Line Deleted : user_pref

("CommunityToolbar.isAlertUrlAddedToFeedItemTab

le", true);
Line Deleted : user_pref

("CommunityToolbar.isClickActionAddedToFeedItem

Table", true);
Line Deleted : user_pref

("CommunityToolbar.notifications.alertDialogsGe

tterLastCheckTime", "Sun Nov 27 2011 18:28:31

GMT+0400 (Arabian Standard Time)");
Line Deleted : user_pref

("CommunityToolbar.notifications.alertInfoInter

val", 60);
Line Deleted : user_pref

("CommunityToolbar.notifications.alertInfoLastC

heckTime", "Sun Nov 27 2011 18:28:39 GMT+0400

(Arabian Standard Time)");
Line Deleted : user_pref

("CommunityToolbar.notifications.clientsServerU

rl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref

("CommunityToolbar.notifications.locale",

"en");
Line Deleted : user_pref

("CommunityToolbar.notifications.loginIntervalM

in", 1440);
Line Deleted : user_pref

("CommunityToolbar.notifications.loginLastCheck

Time", "Sun Nov 27 2011 18:20:36 GMT+0400

(Arabian Standard Time)");
Line Deleted : user_pref

("CommunityToolbar.notifications.loginLastUpdat

eTime", "1313487611");
Line Deleted : user_pref

("CommunityToolbar.notifications.messageShowTim

eSec", 20);
Line Deleted : user_pref

("CommunityToolbar.notifications.servicesServer

Url", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref

("CommunityToolbar.notifications.showTrayIcon",

false);
Line Deleted : user_pref

("CommunityToolbar.notifications.userCloseInter

valMin", 300);
Line Deleted : user_pref

("CommunityToolbar.notifications.userId",

"b6dd86c7-6469-41f9-a6dc-51cf3a6e8d31");
Line Deleted : user_pref

("CommunityToolbar.originalHomepage",

"chrome://branding/locale/browserconfig.propert

ies");
Line Deleted : user_pref

("CommunityToolbar.originalSearchEngine",

"Secure Search");
Line Deleted : user_pref

("browser.babylon.HPOnNewTab",

"search.babylon.com");
Line Deleted : user_pref("browser.newtab.url",

"hxxp://search.nation.com/?

orig=HP&affid=14000&cztbid=38947349");
Line Deleted : user_pref

("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref

("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref

("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref

("extensions.BabylonToolbar.babTrack",

"affID=100886");
Line Deleted : user_pref

("extensions.BabylonToolbar.bbDpng", 24);
Line Deleted : user_pref

("extensions.BabylonToolbar.dfltSrch", false);
Line Deleted : user_pref

("extensions.BabylonToolbar.hmpg", false);
Line Deleted : user_pref

("extensions.BabylonToolbar.id",

"84129dc0000000000000000000000000");
Line Deleted : user_pref

("extensions.BabylonToolbar.instlDay",

"15332");
Line Deleted : user_pref

("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref

("extensions.BabylonToolbar.lastDP", 24);
Line Deleted : user_pref

("extensions.BabylonToolbar.lastVrsnTs",

"1.5.3.1722:54:18");
Line Deleted : user_pref

("extensions.BabylonToolbar.mntrFFxVrsn",

"8.0");
Line Deleted : user_pref

("extensions.BabylonToolbar.newTab", true);
Line Deleted : user_pref

("extensions.BabylonToolbar.newTabUrl",

"hxxp://search.babylon.com/?babsrc=NT_bb");
Line Deleted : user_pref

("extensions.BabylonToolbar.noFFXTlbr", false);
Line Deleted : user_pref

("extensions.BabylonToolbar.prdct",

"BabylonToolbar");
Line Deleted : user_pref

("extensions.BabylonToolbar.propectorlck",

63314739);
Line Deleted : user_pref

("extensions.BabylonToolbar.prtkDS", 1);
Line Deleted : user_pref

("extensions.BabylonToolbar.prtkHmpg", 1);
Line Deleted : user_pref

("extensions.BabylonToolbar.prtnrId",

"babylon");
Line Deleted : user_pref

("extensions.BabylonToolbar.ptch_0717", true);
Line Deleted : user_pref

("extensions.BabylonToolbar.smplGrp", "none");
Line Deleted : user_pref

("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref

("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref

("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Line Deleted : user_pref

("extensions.BabylonToolbar.vrsnTs",

"1.5.3.1722:54:18");
Line Deleted : user_pref

("extensions.BabylonToolbar.vrsni",

"1.5.3.17");
Line Deleted : user_pref

("extensions.BabylonToolbar_i.babTrack",

"affID=100886");
Line Deleted : user_pref

("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref

("extensions.BabylonToolbar_i.newTabUrl",

"hxxp://search.babylon.com/?

AF=100886&babsrc=NT_ss&mntrId=84129dc0000000000

000000000000000");
Line Deleted : user_pref

("extensions.crossrider.bic",

"133e56592ff02dab9ae473fe7de0a1bd");
Line Deleted : user_pref

("extensions.crossriderapp435.bic",

"133e56592ff02dab9ae473fe7de0a1bd");
Line Deleted : user_pref

("extensions.crossriderapp435.firstrun",

false);
Line Deleted : user_pref

("extensions.crossriderapp435.installationdate"

, 1322403599);
Line Deleted : user_pref

("extensions.crossriderapp435.lastcheck",

22040060);
Line Deleted : user_pref

("extensions.crossriderapp435.lastcheckitem",

22040108);
Line Deleted : user_pref

("extensions.crossriderapp435.misc.lastBgWorker

Timer", "1322406505613");
Line Deleted : user_pref

("extensions.crossriderapp435.misc.lastDomWorke

rTimer", "1322406505509");
Line Deleted : user_pref

("extensions.facemoods._xpiupdate", true);
Line Deleted : user_pref

("extensions.facemoods.aflt", "_#wbst");
Line Deleted : user_pref

("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");
Line Deleted : user_pref

("extensions.facemoods.first_time", false);
Line Deleted : user_pref

("extensions.facemoods.forceOptOutPrefs",

true);
Line Deleted : user_pref

("extensions.facemoods.id",

"_#0337f1c8b6bf463d89b66be85a391aa9");
Line Deleted : user_pref

("extensions.facemoods.instlDay", "_#15305");
Line Deleted : user_pref

("extensions.facemoods.prtnrId",

"_#facemoods.com");
Line Deleted : user_pref

("extensions.facemoods.sid",

"_#0337f1c8b6bf463d89b66be85a391aa9");
Line Deleted : user_pref

("extensions.facemoods.update", "_#v1.4.0");
Line Deleted : user_pref

("extensions.facemoods.vrsn", "_#1.4.17.5");

-\\ Google Chrome v

[ File :

C:\Users\user\AppData\Local\Google\Chrome\User

Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [22198 octets] -

[09/01/2014 19:50:55]
AdwCleaner[R1].txt - [22259 octets] -

[11/01/2014 16:30:53]
AdwCleaner[S0].txt - [22637 octets] -

[11/01/2014 16:35:13]

########## EOF - C:\AdwCleaner\AdwCleaner

[S0].txt - [22698 octets] ##########

----------------------------------------------------------------------------------o O o-----------------------------------------------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by user on 11/01/2014 at 17:06:24.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-722566208-2681290114-2279458060-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6FBF660E-A78D-4dc8-B9DA-302A931FFE66}

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\8m0iqaze.default\minidumps [233 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/01/2014 at 17:16:08.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----------------------------------------------------------------------------------o O o-----------------------------------------------------------------------------

OTL logfile created on: 11/01/2014 18:29:41 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.33% Memory free
4.21 Gb Paging File | 2.83 Gb Available in Paging File | 67.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 23.09 Gb Free Space | 15.49% Space Free | Partition Type: NTFS
Drive D: | 18.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\D-drive-96751\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Users\user\Desktop\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
PRC - C:\Users\user\Desktop\Orbitdownloader\Grab.exe (orbitdownloader.com)
PRC - C:\Users\user\Desktop\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)
PRC - C:\Program Files\Smart Bro\CMUpdater.exe ()
PRC - C:\Program Files\Smart Bro\UIMain.exe ()
PRC - C:\Program Files\Smart Bro\UIExec.exe ()
PRC - C:\Program Files\Smart Bro\AssistantServices.exe ()
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
MOD - C:\Program Files\Notepad++\NppShell_05.dll ()
MOD - C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ffdshow.ax ()
MOD - C:\Users\user\Desktop\Orbitdownloader\wtlctrl.dll ()
MOD - C:\Program Files\Smart Bro\CMUpdater.exe ()
MOD - C:\Program Files\Smart Bro\UIMain.exe ()
MOD - C:\Program Files\Smart Bro\UIExec.exe ()
MOD - C:\Program Files\Smart Bro\UpdateAgent.dll ()
MOD - C:\Program Files\Smart Bro\UISkin.dll ()
MOD - C:\Program Files\Smart Bro\UICommonDlg.dll ()
MOD - C:\Program Files\Smart Bro\BIXml.dll ()
MOD - C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\ac3filter.ax ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()

========== Services (SafeList) ==========

SRV - (FreeAgentGoNext Service) -- D:\Sync\FreeAgentService.exe File not found
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McAPExe) -- C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
SRV - (mfecore) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (HomeNetSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\D-drive-96751\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\D-drive-96751\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (UI Assistant Service) -- C:\Program Files\Smart Bro\AssistantServices.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (hwusbfake) -- system32\DRIVERS\ewusbfake.sys File not found
DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program Files\CyberLink\PowerDVD8\000.fcl File not found
DRV - (mfencrk) -- C:\Windows\System32\drivers\mfencrk.sys (McAfee, Inc.)
DRV - (mfencbdc) -- C:\Windows\System32\drivers\mfencbdc.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (HipShieldK) -- C:\Windows\System32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ampa) -- C:\Windows\System32\ampa.sys ()
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\ZTEusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (MBB Incorporated)
DRV - (tapvpn) -- C:\Windows\System32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{22663A6E-F025-42F6-B440-5476F25B04FA}: "URL" = http://ph.search.yah...p={SearchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "NationSearch"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\user\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@leeuu.com/npgboxruner;version=: C:\Users\user\AppData\Roaming\gbox\npgboxruner.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/09/23 06:55:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2014/01/11 16:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/01 08:27:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/08/10 23:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2009/08/08 13:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/08/10 23:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2013/12/19 12:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\8m0iqaze.default\extensions
[2013/06/22 17:34:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/23 19:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/21 17:31:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/11 16:38:50 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/10/30 21:00:25 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\user\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\itunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.2_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/07/27 07:25:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\SMART BRO\UIExec.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADDC55A4-81C7-4A27-9E54-D027BE216942}: NameServer = 121.1.3.172 121.1.3.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD203771-8F27-4D80-9B1F-EAC8D3B4924C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img9.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img9.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/05/13 10:48:31 | 000,000,647 | R--- | M] () - D:\AutoRun.dat -- [ CDFS ]
O32 - AutoRun File - [2011/04/21 10:20:50 | 000,334,672 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/03/16 14:23:12 | 000,009,662 | R--- | M] () - D:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/04/21 10:08:05 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/11 17:06:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/11 16:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/01/09 19:50:51 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/08 03:59:02 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\USB
[2014/01/07 02:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/01/07 02:49:47 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/01/07 02:49:42 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\mbar
[2013/12/30 07:06:33 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\img
[2013/12/30 01:22:33 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\God wants You to Know on Facebook 123013_files
[2013/12/29 13:24:37 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbvoice.sys
[2013/12/29 13:24:37 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys
[2013/12/29 13:24:37 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys
[2013/12/29 13:24:37 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2013/12/29 13:24:37 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\Windows\System32\drivers\massfilter.sys
[2013/12/29 13:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMART BRO
[2013/12/29 09:21:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/12/29 09:21:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/12/29 09:21:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Notepad++
[2013/12/29 09:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2013/12/29 04:16:01 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\user\Desktop\HiJackThis(1).exe
[2013/12/29 04:15:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/12/29 04:00:18 | 000,147,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\HipShieldK.sys
[2013/12/25 20:04:27 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\TREEHOUSE
[2013/12/19 03:40:04 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\FormatFactory
[2013/12/19 03:33:16 | 000,000,000 | ---D | C] -- C:\FFOutput
[2013/12/19 03:32:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2013/12/19 03:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime
[2013/12/14 14:15:32 | 000,104,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

========== Files - Modified Within 30 Days ==========

[2014/01/11 18:35:38 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ADB7C4EF-9010-443B-B014-92A8A5210DCF}.job
[2014/01/11 16:39:13 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/11 16:39:12 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/11 16:36:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/01/11 16:00:09 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-722566208-2681290114-2279458060-1000UA.job
[2014/01/11 16:00:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/11 07:00:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-722566208-2681290114-2279458060-1000Core.job
[2014/01/09 20:03:00 | 000,022,079 | ---- | M] () -- C:\Users\user\Desktop\FSS.jpg
[2014/01/08 03:49:25 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/08 03:49:25 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/07 02:55:20 | 000,104,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/01/07 02:49:47 | 000,074,456 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/01/06 00:38:16 | 000,024,695 | ---- | M] () -- C:\Users\user\Desktop\charlie brown.jpg
[2014/01/06 00:18:56 | 000,061,255 | ---- | M] () -- C:\Users\user\Desktop\Be the good in the world.jpg
[2014/01/04 03:49:21 | 000,108,032 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/04 00:16:35 | 000,002,313 | ---- | M] () -- C:\Users\user\Desktop\index.html
[2014/01/03 07:45:41 | 000,032,603 | ---- | M] () -- C:\Users\user\Desktop\1533796_10152091744658279_1862212119_n.jpg
[2013/12/30 01:22:53 | 000,333,772 | ---- | M] () -- C:\Users\user\Desktop\God wants You to Know on Facebook 123013.htm
[2013/12/29 16:49:27 | 000,371,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/29 13:24:27 | 000,001,477 | ---- | M] () -- C:\Users\Public\Desktop\SMART BRO.lnk
[2013/12/29 09:21:36 | 000,000,820 | ---- | M] () -- C:\Users\user\Desktop\Notepad++.lnk
[2013/12/29 04:16:59 | 000,625,664 | ---- | M] () -- C:\Users\user\Desktop\dds.scr
[2013/12/29 04:16:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\user\Desktop\HiJackThis(1).exe
[2013/12/29 04:15:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/12/19 03:32:21 | 000,000,951 | ---- | M] () -- C:\Users\user\Desktop\Format Factory.lnk
[2013/12/14 13:15:20 | 000,064,858 | ---- | M] () -- C:\Users\user\Desktop\matrix 1213.jpg

========== Files Created - No Company Name ==========

[2014/01/09 20:03:00 | 000,022,079 | ---- | C] () -- C:\Users\user\Desktop\FSS.jpg
[2014/01/06 00:38:15 | 000,024,695 | ---- | C] () -- C:\Users\user\Desktop\charlie brown.jpg
[2014/01/06 00:18:56 | 000,061,255 | ---- | C] () -- C:\Users\user\Desktop\Be the good in the world.jpg
[2014/01/03 07:45:41 | 000,032,603 | ---- | C] () -- C:\Users\user\Desktop\1533796_10152091744658279_1862212119_n.jpg
[2013/12/30 06:47:12 | 000,002,313 | ---- | C] () -- C:\Users\user\Desktop\index.html
[2013/12/30 01:22:53 | 000,333,772 | ---- | C] () -- C:\Users\user\Desktop\God wants You to Know on Facebook 123013.htm
[2013/12/29 13:24:17 | 000,001,477 | ---- | C] () -- C:\Users\Public\Desktop\SMART BRO.lnk
[2013/12/29 09:21:36 | 000,000,820 | ---- | C] () -- C:\Users\user\Desktop\Notepad++.lnk
[2013/12/29 04:16:49 | 000,625,664 | ---- | C] () -- C:\Users\user\Desktop\dds.scr
[2013/12/29 03:59:22 | 000,002,641 | ---- | C] () -- C:\Windows\System32\drivers\mfencrk.inf
[2013/12/29 03:59:19 | 000,002,951 | ---- | C] () -- C:\Windows\System32\drivers\mfencbdc.inf
[2013/12/19 03:32:21 | 000,000,951 | ---- | C] () -- C:\Users\user\Desktop\Format Factory.lnk
[2013/12/14 13:15:06 | 000,064,858 | ---- | C] () -- C:\Users\user\Desktop\matrix 1213.jpg
[2013/07/26 15:11:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/26 15:11:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/26 15:11:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/26 15:11:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/26 15:11:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/23 04:03:47 | 001,229,097 | ---- | C] () -- C:\Windows\unins000.exe
[2013/07/23 04:03:47 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2013/07/23 04:03:46 | 000,075,290 | ---- | C] () -- C:\Windows\unins000.dat
[2013/05/12 17:58:21 | 000,000,286 | ---- | C] () -- C:\Windows\ampa.ini
[2013/05/12 14:57:49 | 000,012,728 | ---- | C] () -- C:\Windows\System32\ampa.sys
[2013/05/12 14:57:48 | 001,428,408 | ---- | C] () -- C:\Windows\ampa.exe
[2013/01/27 06:45:21 | 000,000,000 | ---- | C] () -- C:\Windows\popcinfo.dat
[2012/08/12 03:07:57 | 000,061,525 | ---- | C] () -- C:\Users\user\AppData\Roaming\Express.dmp
[2012/08/04 19:13:21 | 000,045,194 | ---- | C] () -- C:\Users\user\AppData\Roaming\room_v3.dat
[2012/01/16 00:31:28 | 000,000,512 | ---- | C] () -- C:\Users\user\MBR.dat
[2011/05/20 04:43:04 | 000,063,915 | ---- | C] () -- C:\Users\user\Camella Projects re Cerritos Heights Computations 2.pdf
[2009/08/14 20:01:17 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2009/07/18 05:30:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/09 17:41:28 | 000,572,595 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2009/04/07 01:35:03 | 000,108,032 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/07 00:12:21 | 000,006,324 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 20:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 14:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 14:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Advertisements

Register to Remove

#11 Jo*

SuperMember

Malware Team
1,208 posts

Posted 12 January 2014 - 01:41 PM

Hi xxxerotech,

Well, it still hangs occassionally due to MCAFEE ANTIVIRUS plugin that I got. Now it says that it has expired and I need to renew it.

Do you mean a McAfee browser plugin for Firefox or something like that?
Do you have a chance for a repair installation of this plugin?

1. Java
1.1 Uninstall old Java versions:

Please go to Start > Control Panel > Programs and Features .
Locate all Java Updates
Uninstall them all.

1.2 Install latest Java 7 update. Click this link and click on the Free JAVA Download.

1.3 Find here instructions how to clear the java cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 Checked

Downloaded Applets
Downloaded Applications
Installed Applications and Applets

Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel.

***

2. Malwarebytes' Anti-Malware
Download the free version of Malwarebytes' Anti-Malware and save it to your desktop.
Double-click mbam-setup****.exe and follow the prompts to install the program.
Note to Vista | Windows 7/8 users, please right-click and select Run as Administrator.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware.
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please copy and paste the log back into your next reply.

Note 1: The log can also be found via the Logs tab when Malwarebytes' Anti-Malware is started.
Note 2: If you receive a notice that some of the items couldn't be removed and they have been added to the delete on reboot list, please reboot.

***

3. ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.

For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
Push the Back button.
Select Uninstall application on close check box and push

***

How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo

#12 Jo*

SuperMember

Malware Team
1,208 posts

Posted 15 January 2014 - 05:27 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo

#13 xxxerotech

Authentic Member

Authentic Member
110 posts

Posted 15 January 2014 - 06:38 AM

Sorry for not replying soon enough. I'll get back to you as soon as I'm done with your last instruction. As for my McAfee antivirus it says it's expired. I also don't think that I have that repair installation that you said. Thanks.

#14 xxxerotech

Authentic Member

Authentic Member
110 posts

Posted 15 January 2014 - 02:26 PM

hi,

i finished installing the latest JAVA and ESET did not detect anything. no report was generated. maybe i'll just do some research regarding my McAfee antivirus since the computer seems to be running ok. maybe i'm just being paranoid about it 'cos the user interface changed and i thought that it was some kind of infection.

here is the log from MALWAREBYTES.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.15.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18943
user :: USER-PC [administrator]

15/01/2014 21:07:49
mbam-log-2014-01-15 (21-07-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218698
Time elapsed: 15 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 Jo*

SuperMember

Malware Team
1,208 posts

Posted 15 January 2014 - 03:38 PM

Hi xxxerotech,

maybe i'll just do some research regarding my McAfee antivirus since the computer seems to be running ok.

Good idea! Go ahead.

1. Uninstall old versions:
Please go Start > Control Panel > Programs and Features .

Locate the following programs:

Adobe Reader 9 or 10

Uninstall it.

2. Update these programs:

Update Internet Explorer to v11

Vista | Windows 7/8 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.

3. Install these programs:

Install latest Adobe Reader:
Go to http://get.adobe.com.../otherversions/
Use the drop down menu's to select your operating system
Select your language > Select The current version of Adobe Reader for your language
Remove the check mark from the box "Install Chrome as standard browser and Google Toolbar for Internet explorer"
Click the Download button, and follow the onscreen directions to complete the installation.

4. Restart your pc:

How the computer is running now?
Any remaining issues?

Graduate of the WTT Classroom
Cheers,
Jo

Body Background

skin color theme