Jump to content


Photo

Cannot open IE 8 - trial version of AgileDotNet


  • This topic is locked This topic is locked
30 replies to this topic

#1 graciecatt

graciecatt

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 20 May 2013 - 07:37 AM

I cannot open IE 8 on my Windows XP computer.  I get a message that says The secured image was created using a trial version of AgileDotNet and can not run on this machine.
 
I couldn't find much about this by googling.  However one thing I found pointed to something called FoodBuzz which I did not knowingly download, but which is in my Program Files and also listed in programs in Control Panel.
 
There is an uninstaller in the FoodBuzz folder but it doesn't work - I just get the same AgileDotNet message.  I tried to just delete the folder in Windows Explorer but I can't delete it because the computer says the files are in use.
 
Please help!  I use Chrome but also use IE for those websites that don't function properly in Chrome.  
 
Thank you!
 
 
 
 
Edit: Please read the Instructions and post the requested logs (MBAM, DDS, Security Check). We need the information in order to help you.


Edited by cnm, 20 May 2013 - 10:32 AM.


#2 aclneverlimits

aclneverlimits

    Member

  • New Member
  • Pip
  • 1 posts

Posted 20 May 2013 - 06:39 PM

Yes, this has also happened to me too. But I am on Windows 7. I try to open IE9 and I get the message: The secured image was created using a trial version of AgileDotNet and can not run on this machine. I have seen the "FoodBuzz" thing, and when I try to uninstall, I get the same: The secured image was created using a trial version of AgileDotNet and can not run on this machine.

 

 

If someone could come up with the fix to this problem, I would greatly appreciate!!!

 

aclneverlimits

 

Rondo will return from his ACL injury...

Better than Rose...



#3 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 20 May 2013 - 06:48 PM

aclneverlimits - only our trained helpers should offer help.  See The various helper groups here.
 
 
graciecatt -
Please read the Instructions and post the requested logs (MBAM, DDS, Security Check). We need the information in order to help you.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#4 graciecatt

graciecatt

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 21 May 2013 - 07:04 AM

Thank you.  I am in the process of installing and running the applications and will post logs asap.



#5 graciecatt

graciecatt

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 21 May 2013 - 09:02 AM

Here are my logs:

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.05.21.03

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

McLeanL :: OF705CM1263LT [administrator]

 

Protection: Enabled

 

5/21/2013 7:46:12 AM

mbam-log-2013-05-21 (07-46-12).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 349617

Time elapsed: 27 minute(s), 35 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

Mbam log

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Documents and Settings\mcleanl\My Documents\Downloads\PDFCreatorSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

 

(end)

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2
Run by McLeanL at 9:53:38 on 2013-05-21
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3317.1701 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\CmgShieldSvc.exe
C:\WINDOWS\system32\EMSService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\System32\CMGShieldUI.exe
C:\WINDOWS\system32\EmsServiceHelper.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Citrix\ICA Client\redirector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FoodBuzz\Update\FoodBuzzUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\mcleanl\Application Data\Dropbox\bin\Dropbox.exe
C:\Documents and Settings\mcleanl\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
C:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Documents and Settings\mcleanl\Local Settings\Application Data\Citrix\ICA Client\Receiver\Receiver.exe
C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: FoodBuzz: {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - 
BHO: CtxIEInterceptorBHO Class: {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - c:\program files\citrix\ica client\IEInterceptor.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20121022142030.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\mcleanl\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "c:\documents and settings\mcleanl\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRun: [FoodBuzzUpdate] c:\program files\foodbuzz\update\FoodBuzzUpdate.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [Client Access Help Update] "c:\program files\ibm\client access\cwbinhlp.exe"
mRun: [Client Access Check Version] "c:\program files\ibm\client access\cwbckver.exe" LOGIN
mRun: [Client Access Express Welcome] "c:\program files\ibm\client access\cwbwlwiz.exe"
mRun: [Client Access PC5250 Sound] "c:\program files\ibm\client access\emulator\pcssnd.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [CmgShieldUI] c:\windows\system32\CMGShieldUI.exe
mRun: [EmsService] EmsServiceHelper.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\redirector.exe" /startup
StartupFolder: c:\docume~1\mcleanl\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\mcleanl\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\mcleanl\startm~1\programs\startup\facebo~1.lnk - c:\documents and settings\mcleanl\local settings\application data\facebook\messenger\2.1.4814.0\FacebookMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350924967171
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350995577827
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
TCP: NameServer = 192.168.50.95 192.168.50.143 192.168.50.20
TCP: Interfaces\{329D6422-D7F2-4E2F-9F50-D669D49F6025} : DHCPNameServer = 12.127.17.71 12.127.17.72
TCP: Interfaces\{C4E39540-22A0-4F2D-B33A-276A3D275C03} : DHCPNameServer = 192.168.50.95 192.168.50.143 192.168.50.20
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: CMGShieldNP - CmgShieldNP.dll
Notify: LMIinit - LMIinit.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
AppInit_DLLs= c:\progra~1\citrix\icacli~1\RSHook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2009-1-13 218112]
R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [2009-1-13 48140]
R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [2009-1-13 204800]
R0 CmgHiber;CmgHiber;c:\windows\system32\drivers\CmgHiber.sys [2010-11-22 101544]
R0 CmgShieldCEF;CmgShieldCEF;c:\windows\system32\drivers\CMGShCEF.sys [2010-11-22 300200]
R0 CMGShieldReg;CMGShieldReg;c:\windows\system32\drivers\CmgShREG.sys [2010-11-22 22632]
R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [2009-1-13 19200]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-11 436728]
R0 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys [2009-1-16 63872]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2012-10-9 17904]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-4-25 66776]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-10-22 88544]
R2 CMGShield;CMGShield;c:\windows\system32\CmgShieldSvc.exe [2010-11-29 2717096]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2011-5-11 826272]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2011-5-11 31648]
R2 EMS;EMS;EMSService.exe --> EMSService.exe [?]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-12-18 375296]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-11-29 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-1-17 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-21 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-21 701512]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-10-22 159320]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-1-12 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-10-22 145936]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2012-10-9 44144]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2012-10-9 113664]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2012-10-9 33896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-21 22856]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-10-9 41216]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-11 171296]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-11 58456]
R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2012-10-9 7391744]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfxp.sys [2012-10-9 60192]
R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjxp.sys [2012-10-9 63976]
S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-10-22 85152]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 xtreboot;xtreboot;\??\c:\dell\ib\xtreboot.sys --> c:\dell\ib\xtreboot.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2013-05-21 12:16:01 54016 ----a-w- c:\windows\system32\drivers\ugbkxmku.sys
2013-05-21 11:44:49 -------- d-----w- c:\documents and settings\mcleanl\application data\Malwarebytes
2013-05-21 11:44:33 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-05-21 11:44:29 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-21 11:44:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-20 14:27:40 -------- d--h--w- c:\windows\ie8
2013-05-20 12:04:54 -------- d-----w- c:\documents and settings\mcleanl\application data\Windows Search
2013-05-14 13:29:21 -------- d-----w- c:\documents and settings\mcleanl\local settings\application data\assembly
2013-05-14 13:29:00 -------- d-----w- c:\program files\FoodBuzz
2013-05-11 10:37:28 209472 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-05-10 07:57:38 49728 ----a-w- c:\windows\system32\AdobePDF.dll
2013-05-10 07:57:34 25160 ----a-w- c:\windows\system32\AdobePDFUI.dll
2013-05-08 13:57:12 266360 ----a-w- c:\windows\system32\TweakUI.exe
2013-05-06 02:39:00 -------- d-----w- C:\MDT
2013-04-30 17:47:56 83264 ----a-w- c:\windows\system32\stkMonitor.dll
2013-04-30 17:47:51 -------- d-----w- c:\program files\Amazon
2013-04-26 14:32:42 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-26 14:32:37 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2013-05-21 13:29:48 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2013-05-21 13:29:46 58288 ----a-w- c:\windows\system32\rpcnet.dll
2013-05-15 13:01:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 13:01:14 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-26 14:32:11 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-26 14:32:11 788896 ----a-w- c:\windows\system32\deployJava1.dll
2004-03-01 20:58:18 561424 ----a-w- c:\program files\common files\dao360.dll
.
============= FINISH:  9:55:04.37 ===============
 

 

 Results of screen317's Security Check version 0.99.63  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Please wait while WMIC compiles updated MOF files.d 
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 McAfee VirusScan Enterprise SHSTAT.EXE  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C::  
````````````````````End of Log`````````````````````` 


#6 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 21 May 2013 - 11:31 AM

We can root out FoodBuzz.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy the contents of OTL.txt and post with your next reply.

Also please download Farbar Service Scanner and run it on the computer with the issue.

  • Check all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log another reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#7 graciecatt

graciecatt

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 21 May 2013 - 12:24 PM

OTL TXT

 

 

OTL logfile created on: 5/21/2013 12:58:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\mcleanl\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.24 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 53.72% Memory free
5.08 Gb Paging File | 3.53 Gb Available in Paging File | 69.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.05 Gb Total Space | 262.50 Gb Free Space | 88.07% Space Free | Partition Type: NTFS
Drive G: | 3629.86 Gb Total Space | 816.55 Gb Free Space | 22.50% Space Free | Partition Type: NTFS
Drive L: | 6093.12 Gb Total Space | 1300.19 Gb Free Space | 21.34% Space Free | Partition Type: NTFS
Drive M: | 1250.16 Gb Total Space | 289.25 Gb Free Space | 23.14% Space Free | Partition Type: NTFS
 
Computer Name: OF705CM1263LT | User Name: McLeanL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\mcleanl\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\FoodBuzz\Update\FoodBuzzUpdate.exe (FoodBuzz)
PRC - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\mcleanl\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\system32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Citrix\ICA Client\Receiver\Receiver.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\system32\EmsServiceHelper.exe (CREDANT Technologies, Inc.)
PRC - C:\WINDOWS\system32\EmsService.exe (CREDANT Technologies, Inc.)
PRC - C:\WINDOWS\system32\CmgShieldSvc.exe (CREDANT Technologies, Inc.)
PRC - C:\WINDOWS\system32\CmgShieldUI.exe (CREDANT Technologies, Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International)
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll ()
MOD - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Documents and Settings\mcleanl\Application Data\Dropbox\bin\libcef.dll ()
MOD - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\libcef.dll ()
MOD - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\CefSharp.dll ()
MOD - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll ()
MOD - C:\Documents and Settings\mcleanl\Application Data\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\WINDOWS\system32\vpnapi.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\McAfee\Common Framework\ccme_base.dll ()
MOD - C:\Program Files\McAfee\Common Framework\cryptocme2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (Rpcnet) -- C:\WINDOWS\system32\rpcnet.exe (Absolute Software Corp.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (EMS) -- C:\WINDOWS\System32\EmsService.exe (CREDANT Technologies, Inc.)
SRV - (CMGShield) -- C:\WINDOWS\system32\CmgShieldSvc.exe (CREDANT Technologies, Inc.)
SRV - (O2FLASH) -- C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (Cwbrxd) -- C:\WINDOWS\cwbrxd.exe (IBM Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (xtreboot) -- C:\dell\ib\xtreboot.sys File not found
DRV - (WDICA) --  File not found
DRV - (vmscsi) -- system32\drivers\vmscsi.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (omci) -- system32\DRIVERS\omci.sys File not found
DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys File not found
DRV - (mfeavfk01) --  File not found
DRV - (mbr) -- C:\DOCUME~1\mcleanl\LOCALS~1\Temp\mbr.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (MEI) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (Acceler) -- C:\WINDOWS\system32\drivers\accelern.sys (ST Microelectronics)
DRV - (e1cexpress) -- C:\WINDOWS\system32\drivers\e1c5132.sys (Intel Corporation)
DRV - (stdcfltn) -- C:\WINDOWS\system32\drivers\stdcfltn.sys (ST Microelectronics)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (O2SDJRDR) -- C:\WINDOWS\system32\drivers\o2sdjxp.sys (O2Micro )
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (NETwNx32) -- C:\WINDOWS\system32\drivers\NETwNx32.sys (Intel Corporation)
DRV - (O2MDFRDR) -- C:\WINDOWS\system32\drivers\o2mdfxp.sys (O2Micro )
DRV - (CmgShieldCEF) -- C:\WINDOWS\system32\drivers\CMGShCEF.sys (CREDANT Technologies, Inc.)
DRV - (CmgHiber) -- C:\WINDOWS\system32\drivers\CmgHiber.sys (CREDANT Technologies, Inc.)
DRV - (CMGShieldReg) -- C:\WINDOWS\system32\drivers\CmgShREG.sys (CREDANT Technologies, Inc.)
DRV - (PBADRV) -- C:\WINDOWS\system32\drivers\PBADRV.sys (Dell Inc)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (Symmpi) -- C:\WINDOWS\system32\drivers\symmpi.sys (LSI Logic)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (aarich) -- C:\WINDOWS\system32\drivers\aarich.sys (Adaptec, Inc.)
DRV - (a320raid) -- C:\WINDOWS\system32\drivers\a320raid.sys (Adaptec, Inc.)
DRV - (aac) -- C:\WINDOWS\system32\drivers\aac.sys (Adaptec, Inc.)
DRV - (fasttx2k) -- C:\WINDOWS\system32\drivers\fasttx2k.sys (Promise Technology, Inc.)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {272BC7B3-43A4-4F76-A338-CF198BDD8CCA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{272BC7B3-43A4-4F76-A338-CF198BDD8CCA}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\mcleanl\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Documents and Settings\mcleanl\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2012/10/24 10:02:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/20 07:39:29 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.ebay.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Chrome Remote Desktop (Enabled) = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\1.9.1271.42_0\remoting_host_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Xmarks Bookmark Sync = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.24_1\
CHR - Extension: Xmarks Bookmark Sync = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.24_1\.bak
CHR - Extension: YouTube = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Send to Kindle for Google Chrome™ = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea\1.0.1.56_0\
CHR - Extension: Google Search = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Earth The Instant Way = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dpifhlbldgbpgcgpcmiakanpghoddbme\0.7_0\
CHR - Extension: JustSnipe Extension = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\foehhligadgccgjhkcclhonpdcjeokjh\1.3_0\
CHR - Extension: Chrome Remote Desktop = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\27.0.1453.65_0\
CHR - Extension: SlingPlayer for Web = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac\1.5.14.755_0\
CHR - Extension: Evernote Web Clipper = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.14_0\
CHR - Extension: Gmail = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (FoodBuzz) - {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files\FoodBuzz\Extension\adxloader.dll File not found
O2 - BHO: (CtxIEInterceptorBHO Class) - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121022142030.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Client Access Check Version] C:\Program Files\IBM\Client Access\cwbckver.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Express Welcome] C:\Program Files\IBM\Client Access\cwbwlwiz.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\IBM\Client Access\cwbinhlp.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access PC5250 Sound] C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe (IBM)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [CmgShieldUI] C:\WINDOWS\system32\CmgShieldUI.exe (CREDANT Technologies, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [EmsService] C:\WINDOWS\System32\EmsServiceHelper.exe (CREDANT Technologies, Inc.)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\mcleanl\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [FoodBuzzUpdate] C:\Program Files\FoodBuzz\Update\FoodBuzzUpdate.exe (FoodBuzz)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\mcleanl\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\mcleanl\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\mcleanl\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1350924967171 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1350995577827 (MUWebControl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.50.95 192.168.50.143 192.168.50.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = joslin.harvard.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{329D6422-D7F2-4E2F-9F50-D669D49F6025}: DhcpNameServer = 12.127.17.71 12.127.17.72
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4E39540-22A0-4F2D-B33A-276A3D275C03}: DhcpNameServer = 192.168.50.95 192.168.50.143 192.168.50.20
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\CMGShieldNP: DllName - (CmgShieldNP.dll) - C:\WINDOWS\System32\CmgShieldNP.dll (CREDANT Technologies, Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/11 14:03:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk M:\
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/21 09:53:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mcleanl\Start Menu\Programs\Administrative Tools
[2013/05/21 07:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcleanl\Application Data\Malwarebytes
[2013/05/21 07:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/21 07:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/05/21 07:44:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/05/21 07:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/20 10:27:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/05/20 08:04:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcleanl\Application Data\Windows Search
[2013/05/16 11:17:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/14 09:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcleanl\Local Settings\Application Data\assembly
[2013/05/14 09:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\FoodBuzz
[2013/05/10 03:57:38 | 000,049,728 | ---- | C] (Adobe Systems Inc) -- C:\WINDOWS\System32\AdobePDF.dll
[2013/05/10 03:57:34 | 000,025,160 | ---- | C] (Adobe Systems Inc.) -- C:\WINDOWS\System32\AdobePDFUI.dll
[2013/05/08 10:32:17 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2013/05/08 09:57:12 | 000,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe
[2013/05/08 09:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
[2013/05/05 22:39:00 | 000,000,000 | ---D | C] -- C:\MDT
[2013/05/05 22:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2013/04/30 13:47:56 | 000,083,264 | ---- | C] (Amazon.com, Inc.) -- C:\WINDOWS\System32\stkMonitor.dll
[2013/04/30 13:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2013/04/26 10:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/26 10:32:42 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/04/26 10:32:41 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/04/26 10:32:37 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/04/26 10:32:37 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/04/26 10:32:37 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2004/03/01 16:58:18 | 000,561,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\dao360.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/21 13:01:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1153311252-1084118266-5522801-25733UA.job
[2013/05/21 13:01:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/21 12:50:36 | 000,065,658 | ---- | M] () -- C:\Documents and Settings\mcleanl\Desktop\Erin DrivingRecord.pdf
[2013/05/21 11:05:01 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1153311252-1084118266-5522801-25733UA.job
[2013/05/21 09:32:13 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2013/05/21 09:31:54 | 000,387,091 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/05/21 09:30:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/21 09:29:48 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2013/05/21 09:29:46 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2013/05/21 09:28:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/21 09:20:28 | 000,387,097 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2013/05/21 09:16:26 | 000,000,174 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\3002.xml
[2013/05/21 08:16:23 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Word 2010.lnk
[2013/05/21 08:16:01 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ugbkxmku.sys
[2013/05/21 07:44:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/20 15:01:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1153311252-1084118266-5522801-25733Core.job
[2013/05/20 14:05:00 | 000,000,984 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1153311252-1084118266-5522801-25733Core.job
[2013/05/20 11:21:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/20 10:35:18 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\mcleanl\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/20 10:15:30 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Outlook 2010.lnk
[2013/05/20 07:39:53 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat X Pro.lnk
[2013/05/20 07:28:54 | 000,286,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/17 11:23:00 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/15 11:38:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/15 09:01:14 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/15 09:01:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/10 23:41:50 | 000,001,215 | ---- | M] () -- C:\Documents and Settings\mcleanl\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013/05/10 23:11:19 | 000,526,564 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/10 23:11:19 | 000,096,254 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/10 03:57:38 | 000,049,728 | ---- | M] (Adobe Systems Inc) -- C:\WINDOWS\System32\AdobePDF.dll
[2013/05/10 03:57:34 | 000,025,160 | ---- | M] (Adobe Systems Inc.) -- C:\WINDOWS\System32\AdobePDFUI.dll
[2013/05/08 10:35:18 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\mcleanl\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/05/08 10:35:18 | 000,000,782 | ---- | M] () -

#8 graciecatt

graciecatt

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 21 May 2013 - 12:27 PM

Is that all of it?  It looks like it got truncated somehow.

 

I'm going to repost the OTL in one post and the FSS in another post.


Edited by graciecatt, 21 May 2013 - 12:29 PM.


#9 graciecatt

graciecatt

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 21 May 2013 - 12:28 PM

OTL logfile created on: 5/21/2013 12:58:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\mcleanl\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.24 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 53.72% Memory free
5.08 Gb Paging File | 3.53 Gb Available in Paging File | 69.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.05 Gb Total Space | 262.50 Gb Free Space | 88.07% Space Free | Partition Type: NTFS
Drive G: | 3629.86 Gb Total Space | 816.55 Gb Free Space | 22.50% Space Free | Partition Type: NTFS
Drive L: | 6093.12 Gb Total Space | 1300.19 Gb Free Space | 21.34% Space Free | Partition Type: NTFS
Drive M: | 1250.16 Gb Total Space | 289.25 Gb Free Space | 23.14% Space Free | Partition Type: NTFS
 
Computer Name: OF705CM1263LT | User Name: McLeanL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\mcleanl\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\FoodBuzz\Update\FoodBuzzUpdate.exe (FoodBuzz)
PRC - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\mcleanl\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\system32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Citrix\ICA Client\Receiver\Receiver.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\system32\EmsServiceHelper.exe (CREDANT Technologies, Inc.)
PRC - C:\WINDOWS\system32\EmsService.exe (CREDANT Technologies, Inc.)
PRC - C:\WINDOWS\system32\CmgShieldSvc.exe (CREDANT Technologies, Inc.)
PRC - C:\WINDOWS\system32\CmgShieldUI.exe (CREDANT Technologies, Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International)
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll ()
MOD - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Documents and Settings\mcleanl\Application Data\Dropbox\bin\libcef.dll ()
MOD - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\libcef.dll ()
MOD - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\CefSharp.dll ()
MOD - C:\Documents and Settings\mcleanl\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll ()
MOD - C:\Documents and Settings\mcleanl\Application Data\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\WINDOWS\system32\vpnapi.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\McAfee\Common Framework\ccme_base.dll ()
MOD - C:\Program Files\McAfee\Common Framework\cryptocme2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (Rpcnet) -- C:\WINDOWS\system32\rpcnet.exe (Absolute Software Corp.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (EMS) -- C:\WINDOWS\System32\EmsService.exe (CREDANT Technologies, Inc.)
SRV - (CMGShield) -- C:\WINDOWS\system32\CmgShieldSvc.exe (CREDANT Technologies, Inc.)
SRV - (O2FLASH) -- C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (Cwbrxd) -- C:\WINDOWS\cwbrxd.exe (IBM Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (xtreboot) -- C:\dell\ib\xtreboot.sys File not found
DRV - (WDICA) --  File not found
DRV - (vmscsi) -- system32\drivers\vmscsi.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (omci) -- system32\DRIVERS\omci.sys File not found
DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys File not found
DRV - (mfeavfk01) --  File not found
DRV - (mbr) -- C:\DOCUME~1\mcleanl\LOCALS~1\Temp\mbr.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (MEI) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (Acceler) -- C:\WINDOWS\system32\drivers\accelern.sys (ST Microelectronics)
DRV - (e1cexpress) -- C:\WINDOWS\system32\drivers\e1c5132.sys (Intel Corporation)
DRV - (stdcfltn) -- C:\WINDOWS\system32\drivers\stdcfltn.sys (ST Microelectronics)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (O2SDJRDR) -- C:\WINDOWS\system32\drivers\o2sdjxp.sys (O2Micro )
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (NETwNx32) -- C:\WINDOWS\system32\drivers\NETwNx32.sys (Intel Corporation)
DRV - (O2MDFRDR) -- C:\WINDOWS\system32\drivers\o2mdfxp.sys (O2Micro )
DRV - (CmgShieldCEF) -- C:\WINDOWS\system32\drivers\CMGShCEF.sys (CREDANT Technologies, Inc.)
DRV - (CmgHiber) -- C:\WINDOWS\system32\drivers\CmgHiber.sys (CREDANT Technologies, Inc.)
DRV - (CMGShieldReg) -- C:\WINDOWS\system32\drivers\CmgShREG.sys (CREDANT Technologies, Inc.)
DRV - (PBADRV) -- C:\WINDOWS\system32\drivers\PBADRV.sys (Dell Inc)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (Symmpi) -- C:\WINDOWS\system32\drivers\symmpi.sys (LSI Logic)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (aarich) -- C:\WINDOWS\system32\drivers\aarich.sys (Adaptec, Inc.)
DRV - (a320raid) -- C:\WINDOWS\system32\drivers\a320raid.sys (Adaptec, Inc.)
DRV - (aac) -- C:\WINDOWS\system32\drivers\aac.sys (Adaptec, Inc.)
DRV - (fasttx2k) -- C:\WINDOWS\system32\drivers\fasttx2k.sys (Promise Technology, Inc.)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {272BC7B3-43A4-4F76-A338-CF198BDD8CCA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{272BC7B3-43A4-4F76-A338-CF198BDD8CCA}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\mcleanl\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Documents and Settings\mcleanl\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2012/10/24 10:02:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/20 07:39:29 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.ebay.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Chrome Remote Desktop (Enabled) = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\1.9.1271.42_0\remoting_host_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Xmarks Bookmark Sync = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.24_1\
CHR - Extension: Xmarks Bookmark Sync = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.24_1\.bak
CHR - Extension: YouTube = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Send to Kindle for Google Chrome\u2122 = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea\1.0.1.56_0\
CHR - Extension: Google Search = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Earth The Instant Way = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dpifhlbldgbpgcgpcmiakanpghoddbme\0.7_0\
CHR - Extension: JustSnipe Extension = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\foehhligadgccgjhkcclhonpdcjeokjh\1.3_0\
CHR - Extension: Chrome Remote Desktop = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\27.0.1453.65_0\
CHR - Extension: SlingPlayer for Web = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac\1.5.14.755_0\
CHR - Extension: Evernote Web Clipper = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.14_0\
CHR - Extension: Gmail = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (FoodBuzz) - {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files\FoodBuzz\Extension\adxloader.dll File not found
O2 - BHO: (CtxIEInterceptorBHO Class) - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121022142030.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Client Access Check Version] C:\Program Files\IBM\Client Access\cwbckver.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Express Welcome] C:\Program Files\IBM\Client Access\cwbwlwiz.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\IBM\Client Access\cwbinhlp.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access PC5250 Sound] C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe (IBM)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [CmgShieldUI] C:\WINDOWS\system32\CmgShieldUI.exe (CREDANT Technologies, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [EmsService] C:\WINDOWS\System32\EmsServiceHelper.exe (CREDANT Technologies, Inc.)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\mcleanl\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [FoodBuzzUpdate] C:\Program Files\FoodBuzz\Update\FoodBuzzUpdate.exe (FoodBuzz)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\mcleanl\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\mcleanl\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\mcleanl\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Documents and Settings\mcleanl\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1350924967171 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1350995577827 (MUWebControl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.50.95 192.168.50.143 192.168.50.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = joslin.harvard.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{329D6422-D7F2-4E2F-9F50-D669D49F6025}: DhcpNameServer = 12.127.17.71 12.127.17.72
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4E39540-22A0-4F2D-B33A-276A3D275C03}: DhcpNameServer = 192.168.50.95 192.168.50.143 192.168.50.20
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\CMGShieldNP: DllName - (CmgShieldNP.dll) - C:\WINDOWS\System32\CmgShieldNP.dll (CREDANT Technologies, Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/11 14:03:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk M:\
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/21 09:53:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mcleanl\Start Menu\Programs\Administrative Tools
[2013/05/21 07:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcleanl\Application Data\Malwarebytes
[2013/05/21 07:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/21 07:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/05/21 07:44:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/05/21 07:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/20 10:27:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/05/20 08:04:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcleanl\Application Data\Windows Search
[2013/05/16 11:17:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/14 09:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcleanl\Local Settings\Application Data\assembly
[2013/05/14 09:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\FoodBuzz
[2013/05/10 03:57:38 | 000,049,728 | ---- | C] (Adobe Systems Inc) -- C:\WINDOWS\System32\AdobePDF.dll
[2013/05/10 03:57:34 | 000,025,160 | ---- | C] (Adobe Systems Inc.) -- C:\WINDOWS\System32\AdobePDFUI.dll
[2013/05/08 10:32:17 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2013/05/08 09:57:12 | 000,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe
[2013/05/08 09:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
[2013/05/05 22:39:00 | 000,000,000 | ---D | C] -- C:\MDT
[2013/05/05 22:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2013/04/30 13:47:56 | 000,083,264 | ---- | C] (Amazon.com, Inc.) -- C:\WINDOWS\System32\stkMonitor.dll
[2013/04/30 13:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2013/04/26 10:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/26 10:32:42 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/04/26 10:32:41 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/04/26 10:32:37 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/04/26 10:32:37 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/04/26 10:32:37 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2004/03/01 16:58:18 | 000,561,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\dao360.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/21 13:01:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1153311252-1084118266-5522801-25733UA.job
[2013/05/21 13:01:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/21 12:50:36 | 000,065,658 | ---- | M] () -- C:\Documents and Settings\mcleanl\Desktop\Erin DrivingRecord.pdf
[2013/05/21 11:05:01 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1153311252-1084118266-5522801-25733UA.job
[2013/05/21 09:32:13 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2013/05/21 09:31:54 | 000,387,091 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/05/21 09:30:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/21 09:29:48 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2013/05/21 09:29:46 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2013/05/21 09:28:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/21 09:20:28 | 000,387,097 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2013/05/21 09:16:26 | 000,000,174 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\3002.xml
[2013/05/21 08:16:23 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Word 2010.lnk
[2013/05/21 08:16:01 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ugbkxmku.sys
[2013/05/21 07:44:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/20 15:01:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1153311252-1084118266-5522801-25733Core.job
[2013/05/20 14:05:00 | 000,000,984 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1153311252-1084118266-5522801-25733Core.job
[2013/05/20 11:21:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/20 10:35:18 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\mcleanl\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/20 10:15:30 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Outlook 2010.lnk
[2013/05/20 07:39:53 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat X Pro.lnk
[2013/05/20 07:28:54 | 000,286,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/17 11:23:00 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/15 11:38:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/15 09:01:14 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/15 09:01:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/10 23:41:50 | 000,001,215 | ---- | M] () -- C:\Documents and Settings\mcleanl\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013/05/10 23:11:19 | 000,526,564 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/10 23:11:19 | 000,096,254 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/10 03:57:38 | 000,049,728 | ---- | M] (Adobe Systems Inc) -- C:\WINDOWS\System32\AdobePDF.dll
[2013/05/10 03:57:34 | 000,025,160 | ---- | M] (Adobe Systems Inc.) -- C:\WINDOWS\System32\AdobePDFUI.dll
[2013/05/08 10:35:18 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\mcleanl\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/05/08 10:35:18 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\mcleanl\Desktop\

#10 graciecatt

graciecatt

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 21 May 2013 - 12:29 PM

Farbar Service Scanner Version: 14-04-2013
Ran by McLeanL (administrator) on 21-05-2013 at 13:21:58
Running from "C:\Documents and Settings\mcleanl\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".
 
sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".
 
 
System Restore Disabled Policy: 
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1
 
 
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
 
Extra List:
=======
DNE(9) Gpc(3) IPSec(5) mfetdi2k(8) mfetdik(8) NetBT(6) PSched(7) Tcpip(4) 
0x09000000050000000100000002000000030000000400000008000000060000000700000009000000
IpSec Tag value is correct.
 
**** End of log ****


#11 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 21 May 2013 - 01:28 PM

Bring up OTL (don't run it just yet).

In the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
PRC - C:\Program Files\FoodBuzz\Update\FoodBuzzUpdate.exe (FoodBuzz)

O2 - BHO: (FoodBuzz) - {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files\FoodBuzz\Extension\adxloader.dll 

O4 - HKCU..\Run: [FoodBuzzUpdate] C:\Program Files\FoodBuzz\Update\FoodBuzzUpdate.exe (FoodBuzz)

[2013/05/14 09:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\FoodBuzz

DRV - (xtreboot) -- C:\dell\ib\xtreboot.sys File not found

DRV - (WDICA) --  File not found

DRV - (vmscsi) -- system32\drivers\vmscsi.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (omci) -- system32\DRIVERS\omci.sys File not found
DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys File not found
DRV - (mfeavfk01) --  File not found
DRV - (mbr) -- C:\DOCUME~1\mcleanl\LOCALS~1\Temp\mbr.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found

 

:Reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR"=DWORD:0

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]

""=""%1" %*"

:Commands
[EMPTYTEMP]
[EMPTYFLASH]

[CREATERESTOREPOINT]

Close other windows.
Then click the red 'Run Fix' button (not the Run Scan).

Post the log OTL.TXT in your reply.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#12 graciecatt

graciecatt

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 21 May 2013 - 02:37 PM

Well that didn't work.  I copied and pasted as advised.  Editing to add that I did hit the red Run Fix button also.  Then I got this dialog box on top of the OTL box that said: (I couldn't take a screenshot because the computer was frozen)

 

System Shutdown

This system is shutting down.  Please save all work in progress and log off.  Any unsaved changes will be lost.  This shutdown was initiated by NT AUTHORITY\SYSTEM

 

Time before shutdown:

00:00:01 (it counted down briefly before hanging at :01)

 

There was a message at the bottom of this dialog box that said:

Windows must now restart because the CMGShield service terminated unexpectedly. (it never restarted)

 

So then the computer just hung and was completely frozen.  I waited awhile to see if that was actually the OTL program but it didn't seem like it was. The OTL dialog box said "Killing Processes..." on the bottom but this other dialog box overrode that.  I ended up shutting the computer off by pressing the power button and then pressing the power button again to turn it back on.  It came back on no problem and I did not even get the "windows did not shut down correctly" black screen that lets you log back into Windows normally or in Safe Mode.


Edited by graciecatt, 21 May 2013 - 02:48 PM.


#13 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 21 May 2013 - 03:02 PM

Please boot into Safe Mode so that the CMGShield service won't be running (hit F8 several times while booting to get the boot menu).

Then run that same OTL fix in Safe Mode and post the log.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#14 graciecatt

graciecatt

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 21 May 2013 - 08:15 PM

Thank you for sticking with me!  I'll be back at this tomorrow morning and will post my log after Safe Mode.



#15 graciecatt

graciecatt

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 22 May 2013 - 07:01 AM

OK I'm back.  I rebooted in Safe Mode, copied and pasted fix into OTL, hit Run Fix and got the same CMGShield dialog box.  

 

This time, OTL looked like it started to run (it was definitely doing something) but the timer on the CMGShield shutdown worked this time and I think it was only about 10 seconds before it followed through and actually shut the machine off.

 

So OTL never completed its task and I never got a log.



#16 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 22 May 2013 - 10:26 AM

OK.  When run with the [EMPTYTEMP] and [EMPTYFLASH] commands, OTL kills all running processes that might interfere with it.  

Evidently the CMGShield  process doesn't like being terminated, and rather surprisingly is active in Safe Mode.  I had not encountered this Credant product before and can't find much information about it.  It is encryption software, seems to have a lot of problems and may affect performance.   (And can't easily be uninstalled.)

 

So please run OTL (in normal mode) with this revised text pasted in its window.  This will not touch CMGShield and will ignore the "FIle not found" drivers.

:OTL

PRC - C:\Program Files\FoodBuzz\Update\FoodBuzzUpdate.exe (FoodBuzz)

O2 - BHO: (FoodBuzz) - {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files\FoodBuzz\Extension\adxloader.dll 

O4 - HKCU..\Run: [FoodBuzzUpdate] C:\Program Files\FoodBuzz\Update\FoodBuzzUpdate.exe (FoodBuzz)

[2013/05/14 09:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\FoodBuzz

 

:Reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR"=DWORD:0

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]

""=""%1" %*"

:Commands
[CREATERESTOREPOINT]

 

Close other windows.
Then click the red 'Run Fix' button (not the Run Scan).

Post the log OTL.TXT in your reply.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#17 graciecatt

graciecatt

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 22 May 2013 - 10:40 AM

Thanks.  That took about 2 seconds.  Here is my log.

 

========== OTL ==========
No active process named FoodBuzzUpdate.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C6E034D-B4B6-4D96-94B5-4163A5EB2195}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C6E034D-B4B6-4D96-94B5-4163A5EB2195}\ not found.
File C:\Program Files\FoodBuzz\Extension\adxloader.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\FoodBuzzUpdate not found.
File C:\Program Files\FoodBuzz\Update\FoodBuzzUpdate.exe not found.
Folder C:\Program Files\FoodBuzz\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\\"DisableSR"|DWORD:0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========
Error creating restore point.
 
OTL by OldTimer - Version 3.2.69.0 log created on 05222013_113656


#18 graciecatt

graciecatt

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 22 May 2013 - 10:42 AM

 

We can root out FoodBuzz.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy the contents of OTL.txt and post with your next reply.

I did not change the Standard Registry to All or check LOP and Purity.  Should I have done that?  Should I rerun?



#19 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 22 May 2013 - 10:56 AM

Good, I think - I'm guessing that OTL already took care of FoodBuzz on a previous run.  And we didn't need the LOP and Purity scans.
 
The 'Error creating restore point' could be because the reset of "DisableSR"  hadn't yet taken effect.  Can you manually set a restore point?
  
Please create a Restore point. Give it a description like "Before AdwCleaner". How to create Restore Point.
 
Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#20 graciecatt

graciecatt

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 22 May 2013 - 10:56 AM

I did not change the Standard Registry to All or check LOP and Purity.  Should I have done that?  Should I rerun?

 

FoodBuzz folder is gone from Program Files.   But it is still in Control Panel.  I took a screen shot.

 

ControlPanel.jpg



#21 graciecatt

graciecatt

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 22 May 2013 - 10:59 AM

Also - your link for creating a restore point is for Windows 7 or Vista.  I am still on XP (this is my work computer which is why there are all those encryption programs).  Can you please send the link you would like me to use for creating a Restore Point?  I can google that certainly but I'd prefer to use something you recommend.

 

UGH - sorry I didn't realize I didn't screen shot the right part of the control panel window.  Hang on.


Edited by graciecatt, 22 May 2013 - 11:04 AM.


#22 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 22 May 2013 - 11:06 AM

Sorry.  How to set a restore point in Windows XP.

 

Your screen shot is not showing FoodBuzz.  If it's in Control Panel, what happens when you try to Remove?


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#23 graciecatt

graciecatt

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 22 May 2013 - 11:07 AM

Screenshot of Control Panel with FoodBuzz still there:

 

controlpanel1.jpg



#24 graciecatt

graciecatt

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 22 May 2013 - 11:10 AM

I got a message in Control Panel that said an error occurred while trying to remove FoodBuzz.  It may have already been uninstalled. Would I like to remove it from the A/R Programs list?  I said yes and it went away.  

 

Now I'll do the Restore Point.  Thanks.



#25 graciecatt

graciecatt

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 22 May 2013 - 11:29 AM

System Restore completed successfully and named as advised.

 

Here is the ADWCleaner Log.

 

I also have a question for you - my home computer is running Vista.  I use Ad-Aware to try to keep up with malware.  Should I be using a different program(s) or regimen of programs to run on a regular basis?  It has (thankfully   :)) been a long time since I have needed your services and I want to be sure that I am using the best programs.  I also run an always-updated Norton Internet Security 2013.  Thanks!

 

# AdwCleaner v2.301 - Logfile created 05/22/2013 at 12:15:31
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : McLeanL - OF705CM1263LT
# Boot Mode : Normal
# Running from : C:\Documents and Settings\mcleanl\My Documents\Downloads\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Google Chrome v27.0.1453.93
 
File : C:\Documents and Settings\mcleanl\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [991 octets] - [22/05/2013 12:15:31]
 
########## EOF - C:\AdwCleaner[S1].txt - [1050 octets] ##########


#26 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 22 May 2013 - 11:48 AM

Ad-Aware is OK but not an antivirus, and it does the same things as MBAM.  You don't need it.  

 

You have McAfee VirusScan Enterprise, which should be fairly effective if you keep it updated.  I usually recommend the free version of Avast which has 8 realtime shields, very frequent autoupdates, and useful features like keeping other security programs updated. The free version is all you need and is what I use myself.  If you install it, you should probably disable the realtime McAfee antivirus as the two might interfere with each other.

 

Are you still unable to open IE 8?


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#27 graciecatt

graciecatt

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 22 May 2013 - 12:35 PM

No I'm fine now.  IE 8 runs perfectly.  Thank you.

 

You have been helping me with my work computer, but my Ad-Aware question was for my home computer which is running Vista, Norton (and Ad-Aware when I remember it).

 

Maybe when my Norton subscription runs out for the year, I will switch to Avast.  

 

I was just curious what the anti-malware (as opposed to the anti-virus) regular program regimen should be and if there's something newer/better than Ad-Aware for preventive screening.  Norton only works with viruses and not malware, right?

 

Thank you so much for all your help.  I continue to be amazed and appreciative of skills and responsiveness of this community of helpers.  I am thankful that I don't need to visit this site very often, but when I do, it's so calming to know that there will be solution to whatever idiotic thing I've unwittingly introduced into my system.



#28 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 22 May 2013 - 12:55 PM

Norton should theoretically deal with malware.
 
These are my personal opinions based on the problems I've helped with, not SWI official positions:

MBAM is much better than Ad-Aware.  (And the Pro version is very worthwhile at $24.95)

Norton  often fails to stop anything.


You can schedule the free MBAM to automatically scan daily: How To Schedule Tasks in Windows XP

(The Pro version has a built-in scheduler and autoupdater along with its real time protections).


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#29 viewfrom3

viewfrom3

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 27 May 2013 - 05:19 PM

I am having this very same problem around Foodbuz/Agiledotnet and also run Windows XP. Should I open another topic and post logs from my machine to seek help, or could the topic continue in this thread?

 

Many thanks!



#30 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 27 May 2013 - 05:34 PM

viewfrom3 - yes please open your own topic, do not post in someone else's.

 

Please read the Instructions and post the requested logs (MBAM, DDS, Security Check). We need the information in order to help you.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#31 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 03 June 2013 - 07:22 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button