Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC: Web Browser Pop-ups\PC Speed Max [Closed]


  • This topic is locked This topic is locked

#1
Lisawinter

Lisawinter

    New Member

  • Member
  • Pip
  • 4 posts
Hi All:

I'm new here! I have a laptop which has some issues.
Getting pop-ups on both firefox and chrome- from Onlinewebfind, etc
Also have some mystery programs popping up like PC Speed Maximizer

Any help would be great!!!

Thanks
Lisa

OTL logfile created on: 2014/03/22 4:27:53 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = d:\data\rainmaker\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/MM/dd

1.49 Gb Total Physical Memory | 0.38 Gb Available Physical Memory | 25.20% Memory free
4.13 Gb Paging File | 2.31 Gb Available in Paging File | 56.05% Paging File free
Paging file location(s): C:\pagefile.sys 2850 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 60.45 Gb Total Space | 25.75 Gb Free Space | 42.60% Space Free | Partition Type: NTFS
Drive D: | 32.70 Gb Total Space | 7.33 Gb Free Space | 22.43% Space Free | Partition Type: NTFS

Computer Name: 3YFK943Z | User Name: rainmaker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/22 16:00:03 | 000,197,120 | ---- | M] () -- C:\Program Files\Re-markit-soft\Re-markit157.exe
PRC - [2014/03/22 16:00:03 | 000,093,696 | ---- | M] () -- C:\Program Files\Re-markit-soft\Re-markit_wd.exe
PRC - [2014/03/22 15:59:36 | 000,496,640 | ---- | M] (Cherished Technololgy LIMITED) -- d:\data\All Users\Application Data\WPM\wprotectmanager.exe
PRC - [2014/03/20 22:54:45 | 000,348,440 | ---- | M] () -- C:\Program Files\GrabRez\bin\utilGrabRez.exe
PRC - [2014/03/20 22:51:40 | 000,348,440 | ---- | M] () -- C:\Program Files\GrabRez\updateGrabRez.exe
PRC - [2014/03/17 13:03:59 | 002,930,496 | R--- | M] (Iminent) -- C:\Program Files\Common Files\Umbrella\Umbrella260.exe
PRC - [2014/03/17 02:38:00 | 000,515,584 | ---- | M] (Cherished Technololgy LIMITED) -- d:\data\All Users\Application Data\IePluginService\PluginService.exe
PRC - [2014/03/12 03:28:32 | 000,070,848 | ---- | M] () -- C:\Program Files\Mobogenie\MgAssist.exe
PRC - [2014/03/12 03:28:21 | 000,764,096 | ---- | M] () -- C:\Program Files\Mobogenie\DaemonProcess.exe
PRC - [2014/02/21 17:34:26 | 000,424,560 | ---- | M] (Smart PC Solutions) -- C:\Program Files\PC Speed Maximizer\SPMSmartScan.exe
PRC - [2014/02/14 23:55:56 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/02/12 23:42:03 | 002,722,808 | ---- | M] (Cool Mirage) -- C:\Program Files\1clickmoviedownloader.com\MovieDownloader.exe
PRC - [2014/01/24 16:27:14 | 011,241,824 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSyncManager.exe
PRC - [2013/05/16 10:46:34 | 000,882,520 | ---- | M] (BitTorrent Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2013/03/29 10:52:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\data\rainmaker\Desktop\OTL.exe
PRC - [2012/02/22 20:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/10/03 05:44:41 | 000,345,448 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/12/14 15:06:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
PRC - [2007/12/14 15:06:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2007/12/14 15:06:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2007/12/14 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\Mctray.exe
PRC - [2007/10/16 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007/10/16 20:50:00 | 000,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2007/10/16 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2007/07/25 17:16:42 | 000,073,728 | ---- | M] (DameWare Development) -- C:\WINNT\system32\DWRCST.EXE
PRC - [2007/07/25 17:16:30 | 000,222,720 | ---- | M] (DameWare Development LLC) -- C:\WINNT\system32\DWRCS.EXE
PRC - [2006/11/29 17:47:28 | 000,126,976 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
PRC - [2006/11/29 17:47:28 | 000,086,016 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
PRC - [2006/02/01 16:10:32 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2006/02/01 16:09:46 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/10/06 23:18:26 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2005/09/15 14:57:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/09/06 16:51:08 | 000,053,248 | ---- | M] (Alexandria Software Consulting) -- c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
PRC - [2005/09/06 16:50:50 | 000,045,056 | ---- | M] (Nortel Networks) -- C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE
PRC - [2005/04/27 09:53:08 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/22 16:00:03 | 000,197,120 | ---- | M] () -- C:\Program Files\Re-markit-soft\Re-markit157.exe
MOD - [2014/03/22 16:00:03 | 000,093,696 | ---- | M] () -- C:\Program Files\Re-markit-soft\Re-markit_wd.exe
MOD - [2014/03/20 22:54:45 | 000,348,440 | ---- | M] () -- C:\Program Files\GrabRez\bin\utilGrabRez.exe
MOD - [2014/03/20 22:51:40 | 000,348,440 | ---- | M] () -- C:\Program Files\GrabRez\updateGrabRez.exe
MOD - [2014/03/12 03:28:33 | 000,474,816 | ---- | M] () -- C:\Program Files\Mobogenie\DCR.dll
MOD - [2014/03/12 03:28:33 | 000,065,728 | ---- | M] () -- C:\Program Files\Mobogenie\Device.dll
MOD - [2014/03/12 03:28:32 | 000,070,848 | ---- | M] () -- C:\Program Files\Mobogenie\MgAssist.exe
MOD - [2014/03/12 03:28:21 | 000,764,096 | ---- | M] () -- C:\Program Files\Mobogenie\DaemonProcess.exe
MOD - [2014/02/14 23:55:55 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/10/10 01:41:10 | 000,069,632 | ---- | M] () -- C:\Program Files\SugarSync\librsync.dll
MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/02/22 20:49:38 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/21 03:01:10 | 000,212,992 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7c95f4d3cbeb0dd34d76358bbec3047\System.ServiceProcess.ni.dll
MOD - [2009/11/21 03:01:02 | 000,998,400 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Management\54e83b3b4e4dd558e8ecb2e213407c1f\System.Management.ni.dll
MOD - [2009/11/21 02:59:58 | 001,711,616 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\78e5f513b0f72eefd2520487234e2682\Microsoft.VisualBasic.ni.dll
MOD - [2009/11/21 02:57:04 | 000,970,752 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Configuration\60b25b27fbf5f0f94fd65fcbdc3f3b2b\System.Configuration.ni.dll
MOD - [2009/11/21 02:52:17 | 005,450,240 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Xml\28cee07c1277b35abcb83560cd8c677c\System.Xml.ni.dll
MOD - [2009/11/21 02:52:10 | 012,430,848 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1d1239cae67610d8659752751abc7856\System.Windows.Forms.ni.dll
MOD - [2009/11/21 02:51:55 | 001,587,200 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Drawing\f9c517646d0706b9c61a41af685ff6b7\System.Drawing.ni.dll
MOD - [2009/11/21 02:49:52 | 007,868,416 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System\2e356db128ec7354bd70a3ecc84b1f87\System.ni.dll
MOD - [2009/11/21 02:49:41 | 011,485,184 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\mscorlib\4b10d8196bb368996ec5d24fca777456\mscorlib.ni.dll
MOD - [2009/11/21 02:48:25 | 000,303,104 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2009/10/01 10:50:58 | 008,007,680 | ---- | M] () -- C:\WINNT\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/06/03 15:27:58 | 001,290,752 | ---- | M] () -- C:\WINNT\system32\quartz.dll
MOD - [2007/12/14 15:06:00 | 000,156,992 | ---- | M] () -- C:\Program Files\Network Associates\Common Framework\naisign2.dll
MOD - [2007/12/14 15:06:00 | 000,120,128 | ---- | M] () -- C:\Program Files\Network Associates\Common Framework\naXML2_71.dll
MOD - [2007/01/13 04:01:28 | 000,475,136 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll
MOD - [2007/01/13 04:01:28 | 000,397,312 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll
MOD - [2006/11/30 08:50:00 | 000,149,080 | ---- | M] () -- C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.DLL
MOD - [2006/11/06 14:00:58 | 000,651,264 | ---- | M] () -- C:\Program Files\iPass\iPassConnect\libeay32.dll
MOD - [2006/02/01 16:09:46 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2006/02/01 16:09:42 | 000,024,576 | ---- | M] () -- C:\WINNT\system32\tphklock.dll
MOD - [2006/02/01 16:09:28 | 000,028,672 | ---- | M] () -- C:\WINNT\system32\notifyf2.dll
MOD - [2005/12/07 02:12:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2005/12/07 02:12:00 | 000,036,864 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2005/10/06 23:18:26 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
MOD - [2005/09/06 16:50:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIcon.DLL
MOD - [2004/08/04 00:56:44 | 000,059,904 | ---- | M] () -- C:\WINNT\system32\devenum.dll
MOD - [2004/08/04 00:56:44 | 000,014,336 | ---- | M] () -- C:\WINNT\system32\msdmo.dll
MOD - [2003/02/20 16:42:34 | 001,159,289 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\client\jvm.dll
MOD - [2003/02/20 16:42:34 | 000,102,511 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\java.dll
MOD - [2003/02/20 16:42:34 | 000,057,451 | R--- | M] () -- C:\Program Files\Nortel Networks\TunnelGuard\jre\bin\net.dll
MOD - [2003/02/20 16:42:34 | 000,057,449 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\verify.dll
MOD - [2003/02/20 16:42:34 | 000,053,360 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\zip.dll
MOD - [2003/02/20 16:42:32 | 000,028,787 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\hpi.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINNT\system32\PsaSrv.exe -- (PsaSrv)
SRV - [2014/03/22 16:00:03 | 000,197,120 | ---- | M] () [Auto | Running] -- C:\Program Files\Re-markit-soft\Re-markit157.exe -- (Re-markit)
SRV - [2014/03/22 15:59:36 | 000,496,640 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- d:\data\All Users\Application Data\WPM\wprotectmanager.exe -- (Wpm)
SRV - [2014/03/20 22:54:45 | 000,348,440 | ---- | M] () [Auto | Running] -- C:\Program Files\GrabRez\bin\utilGrabRez.exe -- (Util GrabRez)
SRV - [2014/03/20 22:51:40 | 000,348,440 | ---- | M] () [Auto | Running] -- C:\Program Files\GrabRez\updateGrabRez.exe -- (Update GrabRez)
SRV - [2014/03/17 13:03:59 | 002,930,496 | R--- | M] (Iminent) [Auto | Running] -- C:\Program Files\Common Files\Umbrella\Umbrella260.exe -- (SProtection)
SRV - [2014/03/17 13:03:59 | 000,425,792 | R--- | M] () [Auto | Stopped] -- C:\Program Files\Iminent\WinkHandler.exe -- (WinkHandler)
SRV - [2014/03/17 02:38:00 | 000,515,584 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- d:\data\All Users\Application Data\IePluginService\PluginService.exe -- (IePluginService)
SRV - [2014/03/12 03:28:32 | 000,070,848 | ---- | M] () [Auto | Running] -- C:\Program Files\Mobogenie\MgAssist.exe -- (MgAssistService)
SRV - [2014/02/14 23:55:55 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/14 14:35:05 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/14 15:06:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/10/16 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2007/10/16 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2007/07/25 17:16:30 | 000,222,720 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINNT\system32\DWRCS.EXE -- (DWMRCS)
SRV - [2006/11/30 18:09:32 | 001,310,720 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2006/11/29 17:47:28 | 000,126,976 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2006/11/29 17:47:28 | 000,086,016 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2006/07/25 14:23:30 | 002,635,480 | ---- | M] (Sygate Technologies, Inc.) [Disabled | Stopped] -- c:\Program Files\Sygate\SSA\Smc.exe -- (SmcService)
SRV - [2006/07/25 14:14:52 | 000,323,658 | ---- | M] (Sygate Technologies, Inc.) [On_Demand | Stopped] -- c:\Program Files\Sygate\SSA\Maga\Maga.exe -- (magaService)
SRV - [2006/05/09 17:37:50 | 000,835,584 | ---- | M] (Nortel Networks NA, Inc.) [On_Demand | Stopped] -- C:\Program Files\Nexxia\Extranet_serv.exe -- (ExtranetAccess)
SRV - [2006/02/09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINNT\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2005/10/06 23:18:26 | 000,385,024 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2005/09/06 16:51:08 | 000,053,248 | ---- | M] (Alexandria Software Consulting) [Auto | Running] -- c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe -- (tunnelguardservice)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2009/04/25 19:16:14 | 000,021,419 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\iPassP.sys -- (iPassP)
DRV - [2007/10/16 20:50:00 | 000,171,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/10/16 20:50:00 | 000,072,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/10/16 20:50:00 | 000,064,168 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2007/10/16 20:50:00 | 000,051,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2007/10/16 20:50:00 | 000,033,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/10/16 20:50:00 | 000,031,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2007/08/09 17:33:14 | 000,013,360 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Stopped] -- c:\DRIVERS\T60\BIOS\tpflhlp.sys -- (tpflhlp)
DRV - [2007/03/20 16:58:30 | 000,013,184 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/03/20 08:01:07 | 000,099,328 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\symmpi.sys -- (Symmpi)
DRV - [2007/02/15 08:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\WINNT\system32\drivers\dwvkbd.sys -- (dwvkbd)
DRV - [2007/02/07 08:00:00 | 000,002,944 | ---- | M] (DameWare Development, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\DamewareMini.sys -- (DwMirror)
DRV - [2006/07/25 14:24:26 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg6n.sys -- (wg6n)
DRV - [2006/07/25 14:24:24 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg5n.sys -- (wg5n)
DRV - [2006/07/25 14:24:20 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg4n.sys -- (wg4n)
DRV - [2006/07/25 14:24:16 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg3n.sys -- (wg3n)
DRV - [2006/07/25 13:59:48 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2006/07/25 13:57:10 | 000,061,008 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\Teefer.sys -- (Teefer)
DRV - [2006/05/09 17:47:10 | 000,024,521 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2006/05/09 17:46:42 | 000,155,216 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2006/05/09 17:46:42 | 000,155,216 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2006/02/09 03:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2005/12/07 02:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/12/05 18:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/11/30 02:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/11/30 02:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/04/27 10:27:34 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/04/27 09:15:50 | 000,006,912 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\ANCSQ.sys -- (ANCSQ)
DRV - [2004/12/15 12:04:14 | 000,069,810 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\FLMckUSB.sys -- (FLMCKUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find....Y0J293RLJ293RLX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find....Y0J293RLJ293RLX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.key-find....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.key-find....q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.key-find....q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find....Y0J293RLJ293RLX
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find....Y0J293RLJ293RLX
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.key-find....q={searchTerms}
IE - HKCU\..\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:13828

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "key-find"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "key-find"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.key-find....0J293RLJ293RLX"
FF - prefs.js..extensions.enabledAddons: %7B1DEC6447-C74F-4886-9002-202C27C703F1%7D:1.12.0.0
FF - prefs.js..extensions.enabledAddons: %7B0602868e-3e6e-4d93-81e8-5b2290f620ba%7D:1.0.0
FF - prefs.js..extensions.enabledAddons: ext%40MediaViewV1alpha893.net:1.1
FF - prefs.js..extensions.enabledAddons: ext%40MediaViewV1alpha1095.net:1.1
FF - prefs.js..extensions.enabledAddons: webbooster%40iminent.com:8.10.2.1
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40iminent.com:1.6.0
FF - prefs.js..extensions.enabledAddons: TidyNetwork%40TidyNetwork:5.0
FF - prefs.js..extensions.enabledAddons: quick_start%40gmail.com:3.1.4
FF - prefs.js..extensions.enabledAddons: %7B94cd2cc3-083f-49ba-a218-4cda4b4829fd%7D:1.7.0.0
FF - prefs.js..extensions.enabledAddons: %7B77601b4f-338e-4abf-b114-dd2c0929031b%7D:1.157
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: d:\data\rainmaker\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MediaViewV1\MediaViewV1alpha893\ff [2014/02/28 13:21:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MediaViewV1\MediaViewV1alpha1095\ff [2014/03/15 17:21:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\[email protected] [2014/03/22 15:59:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/14 23:55:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{77601b4f-338e-4abf-b114-dd2c0929031b}: C:\Program Files\Re-markit-soft\157.xpi [2014/03/22 16:00:05 | 000,016,370 | ---- | M] ()

[2011/09/03 12:58:15 | 000,000,000 | ---D | M] (No name found) -- d:\data\rainmaker\Application Data\Mozilla\Extensions
[2014/03/22 15:59:57 | 000,000,000 | ---D | M] (No name found) -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions
[2014/03/22 15:57:29 | 000,000,000 | ---D | M] (Value Apps) -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}
[2014/03/22 15:48:47 | 000,000,000 | ---D | M] (Iminent Toolbar) -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\[email protected]
[2014/03/22 15:59:19 | 000,000,000 | ---D | M] ("Quick Start") -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\[email protected]
[2014/03/22 15:59:57 | 000,000,000 | ---D | M] (TidyNetwork) -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\[email protected]
[2014/03/22 15:56:18 | 002,297,084 | ---- | M] () (No name found) -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\[email protected]
[2014/03/04 06:12:02 | 000,626,968 | ---- | M] () (No name found) -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\[email protected]
[2014/02/12 21:29:10 | 000,008,866 | ---- | M] () (No name found) -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\{0602868e-3e6e-4d93-81e8-5b2290f620ba}.xpi
[2012/09/17 12:06:42 | 000,128,244 | ---- | M] () (No name found) -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\{1DEC6447-C74F-4886-9002-202C27C703F1}.xpi
[2013/06/18 10:59:40 | 000,004,351 | ---- | M] () -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\aol-search.xml
[2014/03/06 06:15:00 | 000,000,861 | ---- | M] () -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\conduit-search.xml
[2014/03/22 15:48:47 | 000,001,368 | ---- | M] () -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\iminent.xml
[2014/02/14 23:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/14 23:55:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/15 17:21:03 | 000,000,000 | ---D | M] (Media View) -- C:\PROGRAM FILES\MEDIAVIEWV1\MEDIAVIEWV1ALPHA1095\FF
[2014/02/28 13:21:03 | 000,000,000 | ---D | M] (Media View) -- C:\PROGRAM FILES\MEDIAVIEWV1\MEDIAVIEWV1ALPHA893\FF
[2014/03/22 16:00:05 | 000,016,370 | ---- | M] () (No name found) -- C:\PROGRAM FILES\RE-MARKIT-SOFT\157.XPI

========== Chrome ==========

CHR - default_search_provider: key-find (Enabled)
CHR - default_search_provider: search_url = http://www.key-find....q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.key-find....Y0J293RLJ293RLX
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINNT\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
CHR - plugin: Google Update (Enabled) = d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = d:\data\rainmaker\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - Extension: Media View = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjkggmndenlgcghfeaiflpbmbomhmaem\1.1_0\
CHR - Extension: Re-markit = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.157.0.0_0\
CHR - Extension: conntiniUetoosyavee = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jdnbooglimgbkldcjceioecgifemmgno\1\
CHR - Extension: Media View = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lbeblclcidlaiilbpcfodbfjkahgamli\1.1_0\
CHR - Extension: Value apps = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\
CHR - Extension: Google Wallet = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Quick Start = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.1.9_0\

O1 HOSTS File: ([2014/01/14 13:34:25 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (iminent Helper Object) - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files\IminentToolbar\1.8.28.3\bh\iminent.dll (Iminent)
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
O2 - BHO: (Media View) - {6a62326e-a555-4ce2-a187-f034ea6a08d8} - C:\Program Files\MediaViewV1\MediaViewV1alpha893\ie\MediaViewV1alpha893.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (Media View) - {91610ec1-ae7a-43c7-a7a3-32853b2b4f69} - C:\Program Files\MediaViewV1\MediaViewV1alpha1095\ie\MediaViewV1alpha1095.dll ()
O2 - BHO: (ValueApps) - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll (Conduit Ltd.)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Minibar.InternetExplorer.BHOx86.dll (SIEN)
O2 - BHO: (TidyNetwork) - {C0CB31EC-3EFF-359B-C453-F3E943B02C20} - C:\Program Files\TidyNetwork\petn.dll ()
O2 - BHO: (GrabRez) - {e1420d09-acc8-4efd-9965-e7ae3c5b977c} - C:\Program Files\GrabRez\GrabRezBHO.dll (GrabRez)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Iminent Toolbar) - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files\IminentToolbar\1.8.28.3\iminentTlbr.dll (Iminent)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SmcService] c:\Program Files\Sygate\SSA\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon] d:\data\rainmaker\Application Data\ValueApps\CH\TBVerifier.dll (Conduit Ltd.)
O4 - HKCU..\Run: [FLV Player] d:\data\rainmaker\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [PC Speed Maximizer] C:\Program Files\PC Speed Maximizer\SPMLauncher.exe (Smart PC Solutions)
O4 - HKCU..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKLM..\RunOnce: [hugefiles2] File not found
O4 - Startup: d:\data\All Users\Start Menu\Programs\Startup\TunnelGuard Tray Monitor.lnk = C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE (Nortel Networks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 0
O8 - Extra context menu item: Sothink Flash Downloader For IE - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe File not found
O9 - Extra Button: Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKLM\..Trusted Domains: rbc.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: rbc.com ([*.oak.fg] * in Local intranet)
O15 - HKLM\..Trusted Domains: rbc.com ([mis.fg] https in Trusted sites)
O15 - HKLM\..Trusted Domains: rbc.com ([pmtprojectserver.fg] http in Trusted sites)
O15 - HKLM\..Trusted Domains: rbccm.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: rbccm.com ([crm] * in Local intranet)
O15 - HKLM\..Trusted Domains: royalbank.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: rbc.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: royalbank.com ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oak.fg.rbc.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7CDD4B1-2448-4BD0-9C0C-A8E2B9BEF111}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\SupTab\SEARCH~1.DLL) - C:\Program Files\SupTab\SearchProtect32.dll (Skytech Co., Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINNT\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINNT\System32\tphklock.dll ()
O24 - Desktop BackupWallPaper: C:\WINNT\RBCVGA.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/18 12:01:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/22 16:05:06 | 000,000,000 | ---D | C] -- d:\data\rainmaker\My Documents\PC Speed Maximizer
[2014/03/22 16:05:02 | 000,000,000 | ---D | C] -- d:\data\rainmaker\Application Data\PC Speed Maximizer
[2014/03/22 16:01:10 | 000,000,000 | ---D | C] -- d:\data\rainmaker\.android
[2014/03/22 16:01:08 | 000,000,000 | ---D | C] -- d:\data\rainmaker\Local Settings\Application Data\cache
[2014/03/22 16:00:56 | 000,000,000 | ---D | C] -- d:\data\rainmaker\My Documents\Mobogenie
[2014/03/22 16:00:56 | 000,000,000 | ---D | C] -- d:\data\rainmaker\Local Settings\Application Data\Mobogenie
[2014/03/22 16:00:50 | 000,000,000 | ---D | C] -- d:\data\rainmaker\Start Menu\Programs\Mobogenie
[2014/03/22 16:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mobogenie
[2014/03/22 16:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Re-markit-soft
[2014/03/22 15:59:53 | 000,000,000 | ---D | C] -- d:\data\rainmaker\Local Settings\Application Data\TidyNetwork
[2014/03/22 15:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\TidyNetwork
[2014/03/22 15:59:52 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\IePluginService
[2014/03/22 15:59:51 | 000,000,000 | ---D | C] -- d:\data\rainmaker\Application Data\SupTab
[2014/03/22 15:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\SupTab
[2014/03/22 15:59:37 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\WPM
[2014/03/22 15:59:24 | 000,000,000 | ---D | C] -- d:\data\rainmaker\Application Data\key-find
[2014/03/22 15:57:37 | 000,000,000 | ---D | C] -- d:\data\rainmaker\Application Data\ValueApps
[2014/03/22 15:57:29 | 000,000,000 | ---D | C] -- d:\data\rainmaker\Local Settings\Application Data\Conduit
[2014/03/22 15:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2014/03/22 15:49:56 | 000,000,000 | ---D | C] -- d:\data\All Users\Start Menu\Programs\PC Speed Maximizer
[2014/03/22 15:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\PC Speed Maximizer
[2014/03/22 15:49:18 | 000,000,000 | ---D | C] -- d:\data\rainmaker\Start Menu\Programs\FLV Player
[2014/03/22 15:49:16 | 000,000,000 | ---D | C] -- d:\data\rainmaker\Local Settings\Application Data\WebPlayer
[2014/03/22 15:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\IminentToolbar
[2014/03/22 15:48:41 | 000,000,000 | ---D | C] -- d:\data\rainmaker\Application Data\IminentToolbar
[2014/03/22 15:48:38 | 000,000,000 | ---D | C] -- d:\data\rainmaker\Application Data\igdhbblpcellaljokkpfhcjlagemhgjl
[2014/03/22 15:48:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Umbrella
[2014/03/22 15:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\Iminent
[2014/02/28 13:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\MediaViewV1

========== Files - Modified Within 30 Days ==========

[2014/03/22 16:04:00 | 000,000,958 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-3510421623-2965073675-2411060337-1012UA.job
[2014/03/22 16:03:20 | 000,000,648 | ---- | M] () -- C:\WINNT\tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl.job
[2014/03/22 16:01:00 | 000,000,374 | ---- | M] () -- C:\WINNT\tasks\Re-markit_wd.job
[2014/03/22 16:00:50 | 000,000,603 | ---- | M] () -- d:\data\rainmaker\Desktop\Mobogenie.lnk
[2014/03/22 16:00:50 | 000,000,603 | ---- | M] () -- d:\data\rainmaker\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobogenie.lnk
[2014/03/22 16:00:07 | 000,000,376 | ---- | M] () -- C:\WINNT\tasks\Re-markit Update.job
[2014/03/22 15:59:56 | 000,000,514 | ---- | M] () -- C:\WINNT\tasks\TidyNetwork Update.job
[2014/03/22 15:59:03 | 000,000,821 | ---- | M] () -- d:\data\All Users\Desktop\Mozilla Firefox.lnk
[2014/03/22 15:59:02 | 000,000,852 | ---- | M] () -- d:\data\rainmaker\Desktop\Launch Internet Explorer Browser.lnk
[2014/03/22 15:59:02 | 000,000,821 | ---- | M] () -- d:\data\All Users\Desktop\b.lnk
[2014/03/22 15:58:38 | 000,000,821 | ---- | M] () -- d:\data\rainmaker\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/03/22 15:58:37 | 000,000,888 | ---- | M] () -- d:\data\rainmaker\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/22 15:52:00 | 000,002,096 | ---- | M] () -- d:\data\rainmaker\Desktop\FLV Player.lnk
[2014/03/22 15:49:56 | 000,000,669 | ---- | M] () -- d:\data\rainmaker\Desktop\PC Speed Maximizer.lnk
[2014/03/22 15:47:01 | 000,000,826 | ---- | M] () -- C:\WINNT\tasks\Adobe Flash Player Updater.job
[2014/03/22 15:37:10 | 000,002,101 | ---- | M] () -- d:\data\All Users\Desktop\Safari.lnk
[2014/03/22 15:17:31 | 000,003,480 | RHS- | M] () -- d:\data\rainmaker\ntuser.pol
[2014/03/22 12:20:02 | 000,000,376 | ---- | M] () -- C:\WINNT\tasks\AmiUpdXp.job
[2014/03/21 22:04:01 | 000,000,906 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-3510421623-2965073675-2411060337-1012Core.job
[2014/03/21 05:27:53 | 000,001,324 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2014/03/20 17:27:01 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2014/03/22 16:00:50 | 000,000,603 | ---- | C] () -- d:\data\rainmaker\Desktop\Mobogenie.lnk
[2014/03/22 16:00:50 | 000,000,603 | ---- | C] () -- d:\data\rainmaker\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobogenie.lnk
[2014/03/22 16:00:07 | 000,000,376 | ---- | C] () -- C:\WINNT\tasks\Re-markit Update.job
[2014/03/22 16:00:06 | 000,000,374 | ---- | C] () -- C:\WINNT\tasks\Re-markit_wd.job
[2014/03/22 15:59:56 | 000,000,514 | ---- | C] () -- C:\WINNT\tasks\TidyNetwork Update.job
[2014/03/22 15:49:56 | 000,000,669 | ---- | C] () -- d:\data\rainmaker\Desktop\PC Speed Maximizer.lnk
[2014/03/22 15:49:18 | 000,002,096 | ---- | C] () -- d:\data\rainmaker\Desktop\FLV Player.lnk
[2014/03/22 15:48:38 | 000,000,648 | ---- | C] () -- C:\WINNT\tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl.job
[2014/02/28 13:21:06 | 000,003,480 | RHS- | C] () -- d:\data\rainmaker\ntuser.pol
[2013/05/16 11:17:01 | 000,017,136 | ---- | C] () -- C:\WINNT\System32\sasnative32.exe
[2013/04/02 16:35:20 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
[2013/04/02 16:35:19 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
[2013/04/02 16:35:18 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2013/04/02 16:35:18 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2013/04/02 16:35:18 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2013/03/30 20:35:14 | 000,015,616 | ---- | C] () -- C:\WINNT\System32\drivers\TrueSight.sys
[2012/12/23 21:50:00 | 000,000,189 | ---- | C] () -- d:\data\rainmaker\PKI_INST.BAT
[2012/07/12 20:58:49 | 000,558,133 | ---- | C] () -- C:\WINNT\System32\sqlite3.dll
[2011/09/04 15:50:00 | 000,050,688 | ---- | C] () -- d:\data\rainmaker\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/03 12:52:54 | 000,000,118 | ---- | C] () -- d:\data\rainmaker\Local Settings\Application Data\fusioncache.dat
[2010/01/15 22:16:55 | 000,006,954 | RHS- | C] () -- d:\data\All Users\ntuser.pol
[2008/11/05 12:15:54 | 000,934,608 | ---- | C] () -- d:\data\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== ZeroAccess Check ==========

[2007/03/20 16:47:16 | 000,000,227 | RHS- | M] () -- C:\WINNT\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 01:35:10 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:01:53 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 00:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/07/14 19:57:39 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\Bloomberg
[2014/03/22 15:59:53 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\IePluginService
[2009/04/25 19:16:19 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\iPass
[2010/02/05 16:38:28 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\LiquidTechnologies
[2007/03/20 17:15:11 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\Network Associates
[2013/05/16 11:16:08 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\Price Check by AOL
[2014/03/22 15:59:39 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\WPM
[2010/02/05 16:38:09 | 000,000,000 | -H-D | M] -- d:\data\All Users\Application Data\{1E2473C2-7307-4952-8F94-5AFE8309DF4D}
[2009/06/17 14:12:31 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/12/26 15:37:03 | 000,000,000 | ---D | M] -- d:\data\rainmaker\Application Data\Axro
[2014/03/22 16:37:12 | 000,000,000 | ---D | M] -- d:\data\rainmaker\Application Data\BitTorrent
[2012/05/05 12:56:38 | 000,000,000 | ---D | M] -- d:\data\rainmaker\Application Data\Dropbox
[2014/03/22 16:03:05 | 000,000,000 | ---D | M] -- d:\data\rainmaker\Application Data\igdhbblpcellaljokkpfhcjlagemhgjl
[2014/03/22 15:58:10 | 000,000,000 | ---D | M] -- d:\data\rainmaker\Application Data\IminentToolbar
[2014/03/22 15:59:25 | 000,000,000 | ---D | M] -- d:\data\rainmaker\Application Data\key-find
[2014/03/22 16:05:02 | 000,000,000 | ---D | M] -- d:\data\rainmaker\Application Data\PC Speed Maximizer
[2014/03/22 15:59:51 | 000,000,000 | ---D | M] -- d:\data\rainmaker\Application Data\SupTab
[2014/02/12 23:45:21 | 000,000,000 | ---D | M] -- d:\data\rainmaker\Application Data\SwvUpdater
[2014/03/22 15:57:37 | 000,000,000 | ---D | M] -- d:\data\rainmaker\Application Data\ValueApps
[2011/11/22 10:48:41 | 000,000,000 | ---D | M] -- d:\data\rainmaker\Application Data\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you

  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!



Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:


Let's get a look at your system with a different scanning tool, please follow the instructions below.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Farbar Recovery Scan Tool


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    Posted Image
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Step 2: Scan with aswMBR


  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.

Posted Image

  • Click the Scan button to begin the scan.

Posted Image

  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit


Things I need to see in your next post:

FRST Log

Addition.txt

aswMBR Log

  • 0

#3
Lisawinter

Lisawinter

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you so much for you help. Here is the logs that you requested.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by rainmaker (administrator) on 3YFK943Z on 23-03-2014 13:57:01
Running from D:\data\rainmaker\My Documents\Downloads
Microsoft Windows XP Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\WINNT\System32\smss.exe
(Microsoft Corporation) C:\WINNT\system32\csrss.exe
(Microsoft Corporation) C:\WINNT\system32\winlogon.exe
(Microsoft Corporation) C:\WINNT\system32\services.exe
(Microsoft Corporation) C:\WINNT\system32\lsass.exe
() C:\WINNT\system32\ibmpmsvc.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\System32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\spoolsv.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(DameWare Development LLC) C:\WINNT\system32\DWRCS.EXE
() C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
(DameWare Development) C:\WINNT\system32\DWRCST.exe
(Microsoft Corporation) C:\WINNT\Explorer.EXE
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Lenovo.) C:\WINNT\System32\TPHDEXLG.EXE
(Alexandria Software Consulting) c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(IBM Corp.) C:\IBMTOOLS\UTILS\ibmprc.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\McTray.exe
(Intel Corporation) C:\WINNT\system32\igfxtray.exe
(Intel Corporation) C:\WINNT\system32\hkcmd.exe
(Intel Corporation) C:\WINNT\system32\igfxpers.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\WINNT\system32\rundll32.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo, Ltd. and IBM Corporation.) C:\WINNT\system32\TpShocks.exe
() C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
() C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BitTorrent Inc.) C:\Program Files\BitTorrent\BitTorrent.exe
(Microsoft Corporation) C:\WINNT\System32\alg.exe
(Microsoft Corporation) C:\WINNT\system32\ctfmon.exe
(Nortel Networks) C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINNT\system32\wuauclt.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\System32\svchost.exe
(Cool Mirage) C:\Program Files\1clickmoviedownloader.com\MovieDownloader.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
(SugarSync, Inc.) C:\Program Files\SugarSync\SugarSyncManager.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
() C:\Program Files\GrabRez\updateGrabRez.exe
() C:\Program Files\GrabRez\bin\utilGrabRez.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(Iminent) C:\Program Files\Common Files\Umbrella\Umbrella260.exe
(Smart PC Solutions) C:\Program Files\PC Speed Maximizer\SPMSmartScan.exe
(Microsoft Corporation) C:\WINNT\system32\rundll32.exe
(Cherished Technololgy LIMITED) d:\data\All Users\Application Data\WPM\wprotectmanager.exe
(Cherished Technololgy LIMITED) d:\data\All Users\Application Data\IePluginService\PluginService.exe
() C:\Program Files\Mobogenie\MgAssist.exe
() C:\Program Files\Mobogenie\DaemonProcess.exe
() C:\Program Files\Re-markit-soft\Re-markit_wd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\Re-markit-soft\Re-markit157.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IBMPRC] - C:\IBMTOOLS\UTILS\ibmprc.exe [90112 2005-04-27] (IBM Corp.)
HKLM\...\Run: [McAfeeUpdaterUI] - C:\Program Files\Network Associates\Common Framework\UdaterUI.exe [136512 2007-12-14] (McAfee, Inc.)
HKLM\...\Run: [igfxtray] - C:\WINNT\system32\igfxtray.exe [94208 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] - C:\WINNT\system32\hkcmd.exe [77824 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] - C:\WINNT\system32\igfxpers.exe [118784 2006-09-15] (Intel Corporation)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-12-15] (Analog Devices, Inc.)
HKLM\...\Run: [PWRMGRTR] - C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL [151552 2005-12-07] (Lenovo Group Limited)
HKLM\...\Run: [BLOG] - C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL [208896 2005-12-07] ()
HKLM\...\Run: [SynTPLpr] - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [110592 2005-09-15] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [512000 2005-09-15] (Synaptics, Inc.)
HKLM\...\Run: [TpShocks] - C:\WINNT\system32\TpShocks.exe [106496 2005-11-07] (Lenovo, Ltd. and IBM Corporation.)
HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [94208 2006-02-01] ()
HKLM\...\Run: [SmcService] - C:\Program Files\Sygate\SSA\Smc.exe [2635480 2006-07-25] (Sygate Technologies, Inc.)
HKLM\...\Run: [ShStatEXE] - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [111952 2007-10-16] (McAfee, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [413696 2009-05-26] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [292136 2009-06-05] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe [764096 2014-03-12] ()
HKLM\...\Runonce: [hugefiles2] - [X]
HKLM\...\Winlogon: [Userinit] C:\WINNT\system32\userinit.exe,
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [UIHost] logonui.exe [x ] ()
Winlogon\Notify\crypt32chain: C:\WINNT\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINNT\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINNT\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINNT\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINNT\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINNT\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\tpfnf2: C:\WINNT\system32\notifyf2.dll ()
Winlogon\Notify\tphotkey: C:\WINNT\system32\tphklock.dll ()
Winlogon\Notify\wlballoon: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434528 2006-10-26] (Microsoft Corporation)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [BitTorrent] - C:\Program Files\BitTorrent\BitTorrent.exe [882520 2013-05-16] (BitTorrent Inc.)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6591800 2012-02-22] (Yahoo! Inc.)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [SugarSync] - C:\Program Files\SugarSync\SugarSyncManager.exe [11241824 2014-01-24] (SugarSync, Inc.)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [ctfmon.exe] - C:\WINNT\system32\ctfmon.exe [15360 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [Google Update] - d:\data\rainmaker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-07-03] (Google Inc.)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [FLV Player] - d:\data\rainmaker\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe [202752 2012-10-26] ()
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon] - "C:\WINNT\system32\Rundll32.exe" "d:\data\rainmaker\Application Data\ValueApps\CH\TBVerifier.dll",RunConduitFloatingPlugin lcnnhcneegeeojhgpfijnlnocjdmlaon
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [PC Speed Maximizer] - C:\Program Files\PC Speed Maximizer\SPMLauncher.exe [134768 2014-02-21] (Smart PC Solutions)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\RunOnce: [FlashPlayerUpdate] - C:\WINNT\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [257440 2009-07-17] (Adobe Systems, Inc.)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Policies\Explorer: [NoNetworkConnections] 1
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Policies\Explorer: [Intellimenus] 1
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Policies\Explorer: [NoNetHood] 1
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Policies\Explorer: [NoAutoUpdate] 0
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\Program Files\SupTab\SearchProtect32.dll [85504 2014-03-04] (Skytech Co., Ltd.)
Startup: D:\data\All Users\Start Menu\Programs\Startup\TunnelGuard Tray Monitor.lnk
ShortcutTarget: TunnelGuard Tray Monitor.lnk -> C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE (Nortel Networks)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find....Y0J293RLJ293RLX
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find....Y0J293RLJ293RLX
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find....Y0J293RLJ293RLX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find....q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find....q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find....Y0J293RLJ293RLX
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find....Y0J293RLJ293RLX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find....q={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find....q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find....q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find....q={searchTerms}
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://search.condui...rchTerms}&SSPV=
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: iminent Helper Object - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files\IminentToolbar\1.8.28.3\bh\iminent.dll (Iminent)
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Media View - {6a62326e-a555-4ce2-a187-f034ea6a08d8} - C:\Program Files\MediaViewV1\MediaViewV1alpha893\ie\MediaViewV1alpha893.dll ()
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: Media View - {91610ec1-ae7a-43c7-a7a3-32853b2b4f69} - C:\Program Files\MediaViewV1\MediaViewV1alpha1095\ie\MediaViewV1alpha1095.dll ()
BHO: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll (Conduit Ltd.)
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Minibar.InternetExplorer.BHOx86.dll (SIEN)
BHO: TidyNetwork - {C0CB31EC-3EFF-359B-C453-F3E943B02C20} - C:\Program Files\TidyNetwork\petn.dll ()
BHO: GrabRez - {e1420d09-acc8-4efd-9965-e7ae3c5b977c} - C:\Program Files\GrabRez\GrabRezbho.dll (GrabRez)
BHO: Media Watch - {f90da889-3d73-46dd-b885-28d014abf887} - C:\Program Files\MediaWatchV1\MediaWatchV1home478\ie\MediaWatchV1home478.dll ()
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
Toolbar: HKLM - Iminent Toolbar - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files\IminentToolbar\1.8.28.3\iminentTlbr.dll (Iminent)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\system32\shell32.dll [8460288 2007-10-25] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default
FF user.js: detected! => d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\user.js
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: key-find
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: key-find
FF Homepage: hxxp://www.key-find.com/?type=hp&ts=1395518393&from=amt&uid=HTS721010G9SA00_MPDZN7Y0J293RLJ293RLX
FF Plugin: @adobe.com/FlashPlayer - C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - d:\data\rainmaker\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\aol-search.xml
FF SearchPlugin: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\conduit-search.xml
FF SearchPlugin: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\iminent.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\key-find.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\StartWeb.xml
FF Extension: Iminent Toolbar - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\[email protected] [2014-03-22]
FF Extension: Quick Start - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\[email protected] [2014-03-22]
FF Extension: TidyNetwork - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\[email protected] [2014-03-22]
FF Extension: Value Apps - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} [2014-03-22]
FF Extension: Firebug - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\[email protected] [2012-12-15]
FF Extension: Iminent - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\[email protected] [2014-03-22]
FF Extension: GrabRez - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\{0602868e-3e6e-4d93-81e8-5b2290f620ba}.xpi [2014-02-12]
FF Extension: Price Check by AOL - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\{1DEC6447-C74F-4886-9002-202C27C703F1}.xpi [2012-09-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\MediaViewV1\MediaViewV1alpha893\ff
FF Extension: Media View - C:\Program Files\MediaViewV1\MediaViewV1alpha893\ff [2014-02-28]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\MediaViewV1\MediaViewV1alpha1095\ff
FF Extension: Media View - C:\Program Files\MediaViewV1\MediaViewV1alpha1095\ff [2014-03-15]
FF HKLM\...\Firefox\Extensions: [[email protected]] - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\[email protected]
FF Extension: Quick Start - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\[email protected] [2014-03-22]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\MediaWatchV1\MediaWatchV1home478\ff
FF Extension: Media Watch - C:\Program Files\MediaWatchV1\MediaWatchV1home478\ff [2014-03-22]
FF HKCU\...\Firefox\Extensions: [{77601b4f-338e-4abf-b114-dd2c0929031b}] - C:\Program Files\Re-markit-soft\157.xpi
FF Extension: Re-markit - C:\Program Files\Re-markit-soft\157.xpi [2014-03-22]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://www.key-find....Y0J293RLJ293RLX

Chrome:
=======
CHR HomePage: hxxp://www.key-find.com/?type=hp&ts=1395518393&from=amt&uid=HTS721010G9SA00_MPDZN7Y0J293RLJ293RLX
CHR DefaultSearchKeyword: key-find
CHR DefaultSearchProvider: key-find
CHR DefaultSearchURL: http://www.key-find....q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Media View) - D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjkggmndenlgcghfeaiflpbmbomhmaem [2014-03-15]
CHR Extension: (Re-markit) - D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel [2014-03-22]
CHR Extension: (conntiniUetoosyavee) - D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jdnbooglimgbkldcjceioecgifemmgno [2013-05-16]
CHR Extension: (Media View) - D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lbeblclcidlaiilbpcfodbfjkahgamli [2014-03-15]
CHR Extension: (Value apps) - D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon [2014-03-22]
CHR Extension: (Google Wallet) - D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-14]
CHR Extension: (Media Watch) - D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojjacahpggheelkpkjdkiiadpbfippic [2014-03-22]
CHR Extension: (Quick Start) - D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-03-22]
CHR HKLM\...\Chrome\Extension: [bjkggmndenlgcghfeaiflpbmbomhmaem] - C:\Program Files\MediaViewV1\MediaViewV1alpha1095\ch\MediaViewV1alpha1095.crx [2014-02-26]
CHR HKLM\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - "C:\Program Files\Iminent\Iminent.crx" [2014-02-26]
CHR HKLM\...\Chrome\Extension: [lbeblclcidlaiilbpcfodbfjkahgamli] - C:\Program Files\MediaViewV1\MediaViewV1alpha893\ch\MediaViewV1alpha893.crx [2014-02-26]
CHR HKLM\...\Chrome\Extension: [ojjacahpggheelkpkjdkiiadpbfippic] - C:\Program Files\MediaWatchV1\MediaWatchV1home478\ch\MediaWatchV1home478.crx [2014-03-20]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-03-22]
CHR StartMenuInternet: Google Chrome - D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S3 AdobeFlashPlayerUpdateSvc; C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-04-14] (Adobe Systems Incorporated)
S4 Alerter; C:\WINNT\system32\alrsvc.dll [17408 2004-08-04] (Microsoft Corporation)
R3 ALG; C:\WINNT\System32\alg.exe [44544 2004-08-04] (Microsoft Corporation)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.)
S3 AppMgmt; C:\WINNT\System32\appmgmts.dll [167936 2004-08-04] (Microsoft Corporation)
S3 aspnet_state; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
R2 AudioSrv; C:\WINNT\System32\audiosrv.dll [42496 2004-08-04] (Microsoft Corporation)
R3 BITS; C:\WINNT\system32\qmgr.dll [382464 2004-08-04] (Microsoft Corporation)
S2 Browser; C:\WINNT\System32\browser.dll [77312 2004-08-04] (Microsoft Corporation)
S2 CcmExec; C:\WINNT\system32\CCM\CcmExec.exe [578784 2006-02-09] (Microsoft Corporation)
S3 CiSvc; C:\WINNT\system32\cisvc.exe [5632 2004-08-04] (Microsoft Corporation)
S3 ClipSrv; C:\WINNT\system32\clipsrv.exe [33280 2004-08-04] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S3 COMSysApp; C:\WINNT\system32\dllhost.exe [5120 2004-08-04] (Microsoft Corporation)
R2 CryptSvc; C:\WINNT\System32\cryptsvc.dll [60416 2004-08-04] (Microsoft Corporation)
R2 DcomLaunch; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINNT\System32\dhcpcsvc.dll [111616 2006-05-19] (Microsoft Corporation)
S3 dmadmin; C:\WINNT\System32\dmadmin.exe [224768 2004-08-04] (Microsoft Corp., Veritas Software)
S3 dmserver; C:\WINNT\System32\dmserver.dll [23552 2004-08-04] (Microsoft Corp.)
R2 Dnscache; C:\WINNT\System32\dnsrslvr.dll [45568 2008-02-20] (Microsoft Corporation)
R2 DWMRCS; C:\WINNT\system32\DWRCS.EXE [222720 2007-07-25] (DameWare Development LLC)
R2 ERSvc; C:\WINNT\System32\ersvc.dll [23040 2004-08-04] (Microsoft Corporation)
R2 Eventlog; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINNT\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
S3 ExtranetAccess; C:\Program Files\Nexxia\Extranet_serv.exe [835584 2006-05-09] (Nortel Networks NA, Inc.)
S3 FastUserSwitchingCompatibility; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
R2 helpsvc; C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll [38912 2004-08-04] (Microsoft Corporation)
R2 HidServ; C:\WINNT\System32\hidserv.dll [21504 2004-08-04] (Microsoft Corporation)
R3 HTTPFilter; C:\WINNT\System32\w3ssl.dll [15872 2004-08-04] (Microsoft Corporation)
R2 IBM Rapid Restore Ultra Service; C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [385024 2005-10-06] ()
R2 IBMPMSVC; C:\WINNT\system32\ibmpmsvc.exe [73782 2005-11-11] ()
S3 idsvc; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
R2 IePluginService; d:\data\All Users\Application Data\IePluginService\PluginService.exe [515584 2014-03-17] (Cherished Technololgy LIMITED)
S3 ImapiService; C:\WINNT\system32\imapi.exe [150016 2004-08-04] (Microsoft Corporation)
S3 iPassConnectEngine; C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe [1310720 2006-11-30] (iPass, Inc.)
R3 iPassPeriodicUpdateApp; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe [126976 2006-11-29] (iPass, Inc.)
R2 iPassPeriodicUpdateService; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe [86016 2006-11-29] (iPass, Inc.)
S4 Irmon; C:\WINNT\System32\irmon.dll [27136 2004-08-03] (Microsoft Corporation)
R2 lanmanserver; C:\WINNT\System32\srvsvc.dll [96768 2004-12-07] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINNT\System32\wkssvc.dll [134144 2009-06-10] (Microsoft Corporation)
R2 LmHosts; C:\WINNT\System32\lmhsvc.dll [13824 2004-08-04] (Microsoft Corporation)
S3 magaService; c:\Program Files\Sygate\SSA\maga\maga.exe [323658 2006-07-25] (Sygate Technologies, Inc.)
R2 McAfeeFramework; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [103744 2007-12-14] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144704 2007-10-16] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54608 2007-10-16] (McAfee, Inc.)
S4 Messenger; C:\WINNT\System32\msgsvc.dll [33792 2004-08-04] (Microsoft Corporation)
R2 MgAssistService; C:\Program Files\Mobogenie\MgAssist.exe [70848 2014-03-12] ()
S3 mnmsrvc; C:\WINNT\system32\mnmsrvc.exe [32768 2004-08-04] (Microsoft Corporation)
S3 MSDTC; C:\WINNT\system32\msdtc.exe [6144 2004-08-04] (Microsoft Corporation)
S2 MSIServer; C:\WINNT\System32\msiexec.exe [78848 2005-05-03] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
S4 NetDDE; C:\WINNT\system32\netdde.exe [111104 2004-08-04] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINNT\system32\netdde.exe [111104 2004-08-04] (Microsoft Corporation)
R2 Netlogon; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
R3 Netman; C:\WINNT\System32\netman.dll [197632 2005-08-22] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [132096 2008-07-29] (Microsoft Corporation)
R3 Nla; C:\WINNT\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 NtmsSvc; C:\WINNT\system32\ntmssvc.dll [435200 2004-08-04] (Microsoft Corporation)
R2 PlugPlay; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
S4 PolicyAgent; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 RasAuto; C:\WINNT\System32\rasauto.dll [89088 2004-08-04] (Microsoft Corporation)
R3 RasMan; C:\WINNT\System32\rasmans.dll [181248 2006-06-22] (Microsoft Corporation)
S3 RDSessMgr; C:\WINNT\system32\sessmgr.exe [140800 2004-08-04] (Microsoft Corporation)
R2 Re-markit; C:\Program Files\Re-markit-soft\Re-markit157.exe [197120 2014-03-22] ()
S4 RemoteAccess; C:\WINNT\System32\mprdim.dll [49152 2002-08-29] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINNT\system32\regsvc.dll [59904 2004-08-04] (Microsoft Corporation)
S3 RpcLocator; C:\WINNT\system32\locator.exe [75264 2004-08-04] (Microsoft Corporation)
R2 RpcSs; C:\WINNT\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINNT\system32\rsvp.exe [132608 2002-08-29] (Microsoft Corporation)
R2 SamSs; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 SCardSvr; C:\WINNT\System32\SCardSvr.exe [95744 2004-08-04] (Microsoft Corporation)
R2 Schedule; C:\WINNT\system32\schedsvc.dll [190976 2004-08-04] (Microsoft Corporation)
R2 seclogon; C:\WINNT\System32\seclogon.dll [18944 2004-08-04] (Microsoft Corporation)
R2 SENS; C:\WINNT\system32\sens.dll [38912 2004-08-04] (Microsoft Corporation)
R2 SharedAccess; C:\WINNT\System32\ipnathlp.dll [331264 2004-08-04] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
S4 SmcService; c:\Program Files\Sygate\SSA\smc.exe [2635480 2006-07-25] (Sygate Technologies, Inc.)
R2 Spooler; C:\WINNT\system32\spoolsv.exe [57856 2005-06-10] (Microsoft Corporation)
R2 SProtection; C:\Program Files\Common Files\Umbrella\Umbrella260.exe [2930496 2014-03-17] (Iminent)
R2 srservice; C:\WINNT\system32\srsvc.dll [170496 2004-08-04] (Microsoft Corporation)
R3 SSDPSRV; C:\WINNT\System32\ssdpsrv.dll [71680 2004-08-04] (Microsoft Corporation)
R2 stisvc; C:\WINNT\system32\wiaservc.dll [333824 2006-12-19] (Microsoft Corporation)
S3 SwPrv; C:\WINNT\system32\dllhost.exe [5120 2004-08-04] (Microsoft Corporation)
S3 SysmonLog; C:\WINNT\system32\smlogsvc.exe [89600 2004-08-04] (Microsoft Corporation)
R3 TapiSrv; C:\WINNT\System32\tapisrv.dll [249344 2005-07-08] (Microsoft Corporation)
R3 TermService; C:\WINNT\System32\termsrv.dll [295424 2004-08-04] (Microsoft Corporation)
R2 Themes; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
S3 TlntSvr; C:\WINNT\system32\tlntsvr.exe [73216 2004-08-04] (Microsoft Corporation)
R2 TPHDEXLGSVC; C:\WINNT\System32\TPHDEXLG.EXE [77824 2005-06-20] (Lenovo.)
R2 TrkWks; C:\WINNT\system32\trkwks.dll [90624 2004-08-04] (Microsoft Corporation)
R2 tunnelguardservice; c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe [53248 2005-09-06] (Alexandria Software Consulting)
R2 Update GrabRez; C:\Program Files\GrabRez\updateGrabRez.exe [348440 2014-03-20] ()
S3 upnphost; C:\WINNT\System32\upnphost.dll [185344 2007-02-05] (Microsoft Corporation)
S3 UPS; C:\WINNT\System32\ups.exe [18432 2004-08-04] (Microsoft Corporation)
R2 Util GrabRez; C:\Program Files\GrabRez\bin\utilGrabRez.exe [348440 2014-03-20] ()
S3 VSS; C:\WINNT\System32\vssvc.exe [289792 2004-08-04] (Microsoft Corporation)
R2 W32Time; C:\WINNT\system32\w32time.dll [174592 2004-08-04] (Microsoft Corporation)
R2 WebClient; C:\WINNT\System32\webclnt.dll [68096 2006-01-03] (Microsoft Corporation)
S2 WinkHandler; C:\Program Files\Iminent\WinkHandler.exe [425792 2014-03-17] ()
R2 winmgmt; C:\WINNT\system32\wbem\WMIsvc.dll [144896 2004-08-04] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINNT\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
S3 Wmi; C:\WINNT\System32\advapi32.dll [617984 2009-02-09] (Microsoft Corporation)
S3 WmiApSrv; C:\WINNT\system32\wbem\wmiapsrv.exe [126464 2004-08-04] (Microsoft Corporation)
R2 Wpm; d:\data\All Users\Application Data\WPM\wprotectmanager.exe [496640 2014-03-22] (Cherished Technololgy LIMITED)
S2 wscsvc; C:\WINNT\system32\wscsvc.dll [81408 2004-08-04] (Microsoft Corporation)
R2 wuauserv; C:\WINNT\system32\wuauserv.dll [6656 2004-08-04] (Microsoft Corporation)
S3 WudfSvc; C:\WINNT\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
R2 WZCSVC; C:\WINNT\System32\wzcsvc.dll [474624 2005-04-20] (Microsoft Corporation)
S3 xmlprov; C:\WINNT\System32\xmlprov.dll [129536 2004-08-04] (Microsoft Corporation)
S3 PsaSrv; C:\WINNT\system32\PsaSrv.exe [X]

==================== Drivers (Whitelisted) ====================

R0 ACPI; C:\WINNT\System32\DRIVERS\ACPI.sys [187776 2004-08-04] (Microsoft Corporation)
R0 ACPIEC; C:\WINNT\System32\DRIVERS\ACPIEC.sys [11648 2002-08-29] (Microsoft Corporation)
R3 ADIHdAudAddService; C:\WINNT\System32\drivers\ADIHdAud.sys [173056 2005-12-15] (Analog Devices, Inc.)
R3 AEAudioService; C:\WINNT\System32\drivers\AEAudio.sys [152960 2005-12-15] (Andrea Electronics Corporation)
S3 aec; C:\WINNT\System32\drivers\aec.sys [142464 2004-08-03] (Microsoft Corporation)
R1 AFD; C:\WINNT\System32\drivers\afd.sys [138368 2008-08-14] (Microsoft Corporation)
R0 ANCSQ; C:\WINNT\System32\drivers\ANCSQ.sys [6912 2005-04-27] (IBM Corp.)
S3 AsyncMac; C:\WINNT\System32\DRIVERS\asyncmac.sys [14336 2004-08-03] (Microsoft Corporation)
R0 atapi; C:\WINNT\System32\DRIVERS\atapi.sys [95360 2004-08-03] (Microsoft Corporation)
S3 Atmarpc; C:\WINNT\System32\DRIVERS\atmarpc.sys [59904 2004-08-03] (Microsoft Corporation)
R3 atmeltpm; C:\WINNT\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.)
R3 audstub; C:\WINNT\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R1 Beep; C:\WINNT\system32\Drivers\Beep.sys [4224 2002-08-29] (Microsoft Corporation)
S4 cbidf2k; C:\WINNT\system32\Drivers\cbidf2k.sys [13952 2002-08-29] (Microsoft Corporation)
S1 Cdaudio; C:\WINNT\system32\Drivers\Cdaudio.sys [18688 2002-08-29] (Microsoft Corporation)
R4 Cdfs; C:\WINNT\system32\Drivers\Cdfs.sys [63744 2004-08-03] (Microsoft Corporation)
R1 Cdrom; C:\WINNT\System32\DRIVERS\cdrom.sys [49536 2004-08-04] (Microsoft Corporation)
R3 CmBatt; C:\WINNT\System32\DRIVERS\CmBatt.sys [14080 2004-08-03] (Microsoft Corporation)
R0 Compbatt; C:\WINNT\System32\DRIVERS\compbatt.sys [9344 2001-08-17] (Microsoft Corporation)
R0 Disk; C:\WINNT\System32\DRIVERS\disk.sys [36352 2004-08-04] (Microsoft Corporation)
S4 dmboot; C:\WINNT\System32\drivers\dmboot.sys [799744 2004-08-03] (Microsoft Corp., Veritas Software)
S4 dmio; C:\WINNT\System32\drivers\dmio.sys [153344 2004-08-03] (Microsoft Corp., Veritas Software)
S4 dmload; C:\WINNT\System32\drivers\dmload.sys [5888 2002-08-29] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINNT\System32\drivers\DMusic.sys [52864 2004-08-03] (Microsoft Corporation)
S3 drmkaud; C:\WINNT\System32\drivers\drmkaud.sys [2944 2004-08-03] (Microsoft Corporation)
R3 DwMirror; C:\WINNT\System32\DRIVERS\DamewareMini.sys [2944 2007-02-07] (DameWare Development, Inc.)
R1 dwvkbd; C:\WINNT\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
S3 e1express; C:\WINNT\System32\DRIVERS\e1e5132.sys [181760 2006-01-22] (Intel Corporation)
R3 Eacfilt; C:\WINNT\System32\DRIVERS\eacfilt.sys [24521 2006-05-09] (Nortel Networks)
R2 EGATHDRV; C:\WINNT\SYSTEM32\EGATHDRV.SYS [5427 2005-04-27] (IBM Corporation)
S4 Fastfat; C:\WINNT\system32\Drivers\Fastfat.sys [143360 2004-08-03] (Microsoft Corporation)
S1 Fdc; C:\WINNT\system32\Drivers\Fdc.sys [27392 2004-08-04] (Microsoft Corporation)
R1 Fips; C:\WINNT\system32\Drivers\Fips.sys [34944 2002-08-29] (Microsoft Corporation)
S3 FLMCKUSB; C:\WINNT\System32\Drivers\FLMckUSB.sys [69810 2004-12-15] (AuthenTec, Inc.)
S1 Flpydisk; C:\WINNT\system32\Drivers\Flpydisk.sys [20480 2004-08-04] (Microsoft Corporation)
R0 FltMgr; C:\WINNT\System32\DRIVERS\fltMgr.sys [124800 2004-08-03] (Microsoft Corporation)
U1 Fs_Rec; C:\WINNT\system32\Drivers\Fs_Rec.sys [7936 2002-08-29] (Microsoft Corporation)
R0 Ftdisk; C:\WINNT\System32\DRIVERS\ftdisk.sys [125056 2002-08-29] (Microsoft Corporation)
R3 GEARAspiWDM; C:\WINNT\System32\DRIVERS\GEARAspiWDM.sys [23400 2009-03-19] (GEAR Software Inc.)
R3 Gpc; C:\WINNT\System32\DRIVERS\msgpc.sys [35072 2004-08-03] (Microsoft Corporation)
R3 HDAudBus; C:\WINNT\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows ® Server 2003 DDK provider)
S3 HidUsb; C:\WINNT\System32\DRIVERS\hidusb.sys [9600 2001-08-17] (Microsoft Corporation)
R3 HSF_DPV; C:\WINNT\System32\DRIVERS\hsx_dpv.sys [936448 2005-12-06] (Conexant Systems, Inc.)
R3 HSXHWAZL; C:\WINNT\System32\DRIVERS\hsxhwazl.sys [192512 2005-12-06] (Conexant Systems, Inc.)
R3 HTTP; C:\WINNT\System32\Drivers\HTTP.sys [263040 2004-08-04] (Microsoft Corporation)
R1 i8042prt; C:\WINNT\System32\DRIVERS\i8042prt.sys [52736 2004-08-04] (Microsoft Corporation)
R3 ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [1173468 2006-09-15] (Intel Corporation)
R0 iaStor; C:\WINNT\System32\drivers\iaStor.sys [874240 2005-10-12] (Intel Corporation)
R2 ibmfilter; C:\WINNT\system32\drivers\ibmfilter.sys [63616 2005-04-27] (IBM)
R3 IBMPMDRV; C:\WINNT\System32\DRIVERS\ibmpmdrv.sys [10112 2005-11-11] (Lenovo.)
R1 Imapi; C:\WINNT\System32\DRIVERS\imapi.sys [41856 2004-08-04] (Microsoft Corporation)
R0 IntelIde; C:\WINNT\System32\DRIVERS\intelide.sys [5504 2004-08-03] (Microsoft Corporation)
R1 intelppm; C:\WINNT\System32\DRIVERS\intelppm.sys [36096 2004-08-04] (Microsoft Corporation)
S3 Ip6Fw; C:\WINNT\System32\DRIVERS\Ip6Fw.sys [29056 2004-08-03] (Microsoft Corporation)
R2 iPassP; C:\WINNT\System32\DRIVERS\iPassP.sys [21419 2009-04-25] (Meetinghouse Data Communications)
S3 IpFilterDriver; C:\WINNT\System32\DRIVERS\ipfltdrv.sys [32896 2002-08-29] (Microsoft Corporation)
S3 IpInIp; C:\WINNT\System32\DRIVERS\ipinip.sys [20992 2004-08-03] (Microsoft Corporation)
R3 IpNat; C:\WINNT\System32\DRIVERS\ipnat.sys [134912 2004-08-03] (Microsoft Corporation)
R1 IPSec; C:\WINNT\System32\DRIVERS\ipsec.sys [74752 2004-08-03] (Microsoft Corporation)
S3 IPSECEXT; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155216 2006-05-09] (Nortel Networks NA, Inc.)
R3 IPSECSHM; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155216 2006-05-09] (Nortel Networks NA, Inc.)
R2 irda; C:\WINNT\System32\DRIVERS\irda.sys [87424 2004-08-03] (Microsoft Corporation)
R3 IRENUM; C:\WINNT\System32\DRIVERS\irenum.sys [11264 2004-08-03] (Microsoft Corporation)
R0 isapnp; C:\WINNT\System32\DRIVERS\isapnp.sys [35840 2002-08-29] (Microsoft Corporation)
R1 Kbdclass; C:\WINNT\System32\DRIVERS\kbdclass.sys [24576 2004-08-04] (Microsoft Corporation)
S1 kbdhid; C:\WINNT\System32\DRIVERS\kbdhid.sys [14848 2004-08-03] (Microsoft Corporation)
R3 kmixer; C:\WINNT\System32\drivers\kmixer.sys [171776 2004-08-03] (Microsoft Corporation)
R0 KSecDD; C:\WINNT\system32\Drivers\KSecDD.sys [92032 2004-08-03] (Microsoft Corporation)
R2 mdmxsdk; C:\WINNT\System32\DRIVERS\mdmxsdk.sys [12544 2005-10-05] (Conexant)
R3 mfeapfk; C:\WINNT\System32\drivers\mfeapfk.sys [64168 2007-10-16] (McAfee, Inc.)
R3 mfeavfk; C:\WINNT\System32\drivers\mfeavfk.sys [72680 2007-10-16] (McAfee, Inc.)
R3 mfebopk; C:\WINNT\System32\drivers\mfebopk.sys [33960 2007-10-16] (McAfee, Inc.)
R3 mfehidk; C:\WINNT\System32\drivers\mfehidk.sys [171272 2007-10-16] (McAfee, Inc.)
R1 mferkdk; C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [31784 2007-10-16] (McAfee, Inc.)
R1 mfetdik; C:\WINNT\System32\drivers\mfetdik.sys [51944 2007-10-16] (McAfee, Inc.)
R1 mnmdd; C:\WINNT\system32\Drivers\mnmdd.sys [4224 2002-08-29] (Microsoft Corporation)
R3 Modem; C:\WINNT\system32\Drivers\Modem.sys [30080 2004-08-04] (Microsoft Corporation)
R1 Mouclass; C:\WINNT\System32\DRIVERS\mouclass.sys [23040 2004-08-04] (Microsoft Corporation)
S3 mouhid; C:\WINNT\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation)
R0 MountMgr; C:\WINNT\system32\Drivers\MountMgr.sys [42240 2004-08-03] (Microsoft Corporation)
R3 MRxDAV; C:\WINNT\System32\DRIVERS\mrxdav.sys [179584 2007-12-18] (Microsoft Corporation)
R1 MRxSmb; C:\WINNT\System32\DRIVERS\mrxsmb.sys [453632 2008-10-24] (Microsoft Corporation)
R1 Msfs; C:\WINNT\system32\Drivers\Msfs.sys [19072 2004-08-03] (Microsoft Corporation)
S3 MSKSSRV; C:\WINNT\System32\drivers\MSKSSRV.sys [7552 2004-08-03] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINNT\System32\drivers\MSPCLOCK.sys [5376 2004-08-03] (Microsoft Corporation)
S3 MSPQM; C:\WINNT\System32\drivers\MSPQM.sys [4992 2004-08-03] (Microsoft Corporation)
R3 mssmbios; C:\WINNT\System32\DRIVERS\mssmbios.sys [15488 2004-08-04] (Microsoft Corporation)
R0 Mup; C:\WINNT\system32\Drivers\Mup.sys [107904 2004-08-03] (Microsoft Corporation)
R0 NDIS; C:\WINNT\system32\Drivers\NDIS.sys [182912 2004-08-03] (Microsoft Corporation)
R3 NdisTapi; C:\WINNT\System32\DRIVERS\ndistapi.sys [9600 2002-08-29] (Microsoft Corporation)
R3 Ndisuio; C:\WINNT\System32\DRIVERS\ndisuio.sys [14592 2005-04-19] (Microsoft Corporation)
R3 NdisWan; C:\WINNT\System32\DRIVERS\ndiswan.sys [91776 2004-08-03] (Microsoft Corporation)
R3 NDProxy; C:\WINNT\system32\Drivers\NDProxy.sys [38016 2002-08-29] (Microsoft Corporation)
R1 NetBIOS; C:\WINNT\System32\DRIVERS\netbios.sys [34560 2004-08-03] (Microsoft Corporation)
R1 NetBT; C:\WINNT\System32\DRIVERS\netbt.sys [162816 2004-08-03] (Microsoft Corporation)
R3 NETw3x32; C:\WINNT\System32\DRIVERS\NETw3x32.sys [1709696 2006-09-27] (Intel® Corporation)
R1 Npfs; C:\WINNT\system32\Drivers\Npfs.sys [30848 2004-08-03] (Microsoft Corporation)
R3 NSCIRDA; C:\WINNT\System32\DRIVERS\nscirda.sys [28672 2004-08-03] (National Semiconductor Corporation)
R4 Ntfs; C:\WINNT\system32\Drivers\Ntfs.sys [574592 2004-08-03] (Microsoft Corporation)
R1 Null; C:\WINNT\system32\Drivers\Null.sys [2944 2002-08-29] (Microsoft Corporation)
S3 NwlnkFlt; C:\WINNT\System32\DRIVERS\nwlnkflt.sys [12416 2002-08-29] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINNT\System32\DRIVERS\nwlnkfwd.sys [32512 2002-08-29] (Microsoft Corporation)
S3 Parport; C:\WINNT\System32\DRIVERS\parport.sys [80128 2004-08-04] (Microsoft Corporation)
R0 PartMgr; C:\WINNT\system32\Drivers\PartMgr.sys [18688 2002-08-29] (Microsoft Corporation)
S4 ParVdm; C:\WINNT\system32\Drivers\ParVdm.sys [6784 2002-08-29] (Microsoft Corporation)
R0 PCI; C:\WINNT\System32\DRIVERS\pci.sys [68224 2004-08-03] (Microsoft Corporation)
R0 PCIIde; C:\WINNT\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation)
R0 Pcmcia; C:\WINNT\System32\DRIVERS\pcmcia.sys [119936 2004-08-04] (Microsoft Corporation)
R3 PptpMiniport; C:\WINNT\System32\DRIVERS\raspptp.sys [48384 2004-08-03] (Microsoft Corporation)
S3 prepdrvr; C:\WINNT\system32\CCM\prepdrv.sys [20704 2006-02-09] (Microsoft Corporation)
S4 psadd; C:\WINNT\system32\Drivers\psadd.sys [13184 2007-03-20] (IBM Corporation)
R3 PSched; C:\WINNT\System32\DRIVERS\psched.sys [69120 2004-08-03] (Microsoft Corporation)
R3 Ptilink; C:\WINNT\System32\DRIVERS\ptilink.sys [17792 2002-08-29] (Parallel Technologies, Inc.)
R0 PxHelp20; C:\WINNT\System32\Drivers\PxHelp20.sys [20576 2007-03-20] (Sonic Solutions)
R1 RasAcd; C:\WINNT\System32\DRIVERS\rasacd.sys [8832 2002-08-29] (Microsoft Corporation)
R3 Rasirda; C:\WINNT\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 Rasl2tp; C:\WINNT\System32\DRIVERS\rasl2tp.sys [51328 2004-08-03] (Microsoft Corporation)
R3 RasPppoe; C:\WINNT\System32\DRIVERS\raspppoe.sys [41472 2004-08-03] (Microsoft Corporation)
R3 Raspti; C:\WINNT\System32\DRIVERS\raspti.sys [16512 2002-08-29] (Microsoft Corporation)
R1 Rdbss; C:\WINNT\System32\DRIVERS\rdbss.sys [174592 2006-05-05] (Microsoft Corporation)
R1 RDPCDD; C:\WINNT\System32\DRIVERS\RDPCDD.sys [4224 2002-08-29] (Microsoft Corporation)
R3 rdpdr; C:\WINNT\System32\DRIVERS\rdpdr.sys [196864 2004-08-03] (Microsoft Corporation)
S3 RDPWD; C:\WINNT\system32\Drivers\RDPWD.sys [139528 2005-06-10] (Microsoft Corporation)
R1 redbook; C:\WINNT\System32\DRIVERS\redbook.sys [57472 2004-08-03] (Microsoft Corporation)
S3 Secdrv; C:\WINNT\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 serenum; C:\WINNT\System32\DRIVERS\serenum.sys [15488 2004-08-04] (Microsoft Corporation)
S3 Serial; C:\WINNT\System32\DRIVERS\serial.sys [64896 2004-08-04] (Microsoft Corporation)
S1 Sfloppy; C:\WINNT\system32\Drivers\Sfloppy.sys [11392 2004-08-04] (Microsoft Corporation)
R1 ShockMgr; C:\WINNT\system32\Drivers\ShockMgr.sys [4736 2005-06-20] (Lenovo.)
R0 Shockprf; C:\WINNT\system32\Drivers\Shockprf.sys [85760 2005-11-30] (Lenovo)
R1 Smapint; C:\WINNT\System32\drivers\Smapint.sys [14848 2005-11-30] (Microsoft Corporation)
S3 splitter; C:\WINNT\System32\drivers\splitter.sys [6400 2004-08-03] (Microsoft Corporation)
R0 sr; C:\WINNT\System32\DRIVERS\sr.sys [73472 2004-08-03] (Microsoft Corporation)
R3 Srv; C:\WINNT\System32\DRIVERS\srv.sys [333184 2008-12-11] (Microsoft Corporation)
R3 swenum; C:\WINNT\System32\DRIVERS\swenum.sys [4352 2004-08-04] (Microsoft Corporation)
S3 swmidi; C:\WINNT\System32\drivers\swmidi.sys [54272 2001-08-17] (Microsoft Corporation)
R0 Symmpi; C:\WINNT\System32\DRIVERS\symmpi.sys [99328 2007-03-20] (LSI Logic)
R3 SynTP; C:\WINNT\System32\DRIVERS\SynTP.sys [177664 2005-09-15] (Synaptics, Inc.)
R3 sysaudio; C:\WINNT\System32\drivers\sysaudio.sys [60800 2004-08-03] (Microsoft Corporation)
R1 Tcpip; C:\WINNT\System32\DRIVERS\tcpip.sys [360320 2008-06-20] (Microsoft Corporation)
S3 TcUsb; C:\WINNT\System32\Drivers\tcusb.sys [24832 2004-11-04] (UPEK Inc.)
S3 TDPIPE; C:\WINNT\system32\Drivers\TDPIPE.sys [12040 2004-08-04] (Microsoft Corporation)
R1 TDSMAPI; C:\WINNT\System32\drivers\TDSMAPI.SYS [9343 2005-11-30] ()
S3 TDTCP; C:\WINNT\system32\Drivers\TDTCP.sys [21896 2004-08-04] (Microsoft Corporation)
R0 Teefer; C:\WINNT\System32\Drivers\Teefer.sys [61008 2006-07-25] (Sygate Technologies, Inc.)
R1 TermDD; C:\WINNT\System32\DRIVERS\termdd.sys [40840 2004-08-04] (Microsoft Corporation)
S3 tpflhlp; c:\drivers\t60\bios\tpflhlp.sys [13360 2007-08-09] (Lenovo Group Limited)
R1 TPHKDRV; C:\WINNT\system32\Drivers\TPHKDRV.sys [17699 2006-02-01] (IBM Corporation)
R1 TPPWRIF; C:\WINNT\System32\drivers\Tppwrif.sys [4442 2005-12-07] ()
S4 Udfs; C:\WINNT\system32\Drivers\Udfs.sys [66176 2004-08-03] (Microsoft Corporation)
R3 Update; C:\WINNT\System32\DRIVERS\update.sys [209408 2004-08-03] (Microsoft Corporation)
S3 USBAAPL; C:\WINNT\System32\Drivers\usbaapl.sys [39424 2009-06-05] (Apple, Inc.)
S3 usbaudio; C:\WINNT\System32\drivers\usbaudio.sys [59264 2004-08-03] (Microsoft Corporation)
S3 usbccgp; C:\WINNT\System32\DRIVERS\usbccgp.sys [31616 2004-08-03] (Microsoft Corporation)
R3 usbehci; C:\WINNT\System32\DRIVERS\usbehci.sys [26624 2004-08-03] (Microsoft Corporation)
R3 usbhub; C:\WINNT\System32\DRIVERS\usbhub.sys [57600 2004-08-03] (Microsoft Corporation)
S3 usbscan; C:\WINNT\System32\DRIVERS\usbscan.sys [15104 2004-08-03] (Microsoft Corporation)
S3 USBSTOR; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [26496 2004-08-03] (Microsoft Corporation)
R3 usbuhci; C:\WINNT\System32\DRIVERS\usbuhci.sys [20480 2004-08-04] (Microsoft Corporation)
R1 VgaSave; C:\WINNT\System32\drivers\vga.sys [20992 2004-08-03] (Microsoft Corporation)
R0 VolSnap; C:\WINNT\system32\Drivers\VolSnap.sys [52352 2004-08-03] (Microsoft Corporation)
S3 w39n51; C:\WINNT\System32\DRIVERS\w39n51.sys [1428096 2005-12-05] (Intel® Corporation)
R3 Wanarp; C:\WINNT\System32\DRIVERS\wanarp.sys [34560 2004-08-03] (Microsoft Corporation)
R3 wdmaud; C:\WINNT\System32\drivers\wdmaud.sys [82944 2004-08-03] (Microsoft Corporation)
R2 wg3n; C:\WINNT\SYSTEM32\Drivers\wg3n.sys [14952 2006-07-25] (Sygate Technologies, Inc.)
R2 wg4n; C:\WINNT\SYSTEM32\Drivers\wg4n.sys [14952 2006-07-25] (Sygate Technologies, Inc.)
R2 wg5n; C:\WINNT\SYSTEM32\Drivers\wg5n.sys [14952 2006-07-25] (Sygate Technologies, Inc.)
R2 wg6n; C:\WINNT\SYSTEM32\Drivers\wg6n.sys [14952 2006-07-25] (Sygate Technologies, Inc.)
R3 winachsf; C:\WINNT\System32\DRIVERS\hsx_cnxt.sys [670208 2005-12-06] (Conexant Systems, Inc.)
R1 wpsdrvnt; C:\WINNT\system32\drivers\wpsdrvnt.sys [21075 2006-07-25] (Sygate Technologies, Inc.)
R1 WS2IFSL; C:\WINNT\System32\drivers\ws2ifsl.sys [12032 2002-08-29] (Microsoft Corporation)
S3 WudfPf; C:\WINNT\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation)
S3 WudfRd; C:\WINNT\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U1 RCHelp;
S4 vsdatant; [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-23 13:56 - 2014-03-23 13:57 - 00000000 ____D () C:\FRST
2014-03-22 17:21 - 2014-03-22 17:21 - 00000000 ____D () C:\Program Files\MediaWatchV1
2014-03-22 16:38 - 2014-03-22 16:38 - 00113070 _____ () D:\data\rainmaker\Desktop\OTL.Txt
2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\My Documents\PC Speed Maximizer
2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\Application Data\PC Speed Maximizer
2014-03-22 16:01 - 2014-03-22 16:01 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\cache
2014-03-22 16:01 - 2014-03-22 16:01 - 00000000 ____D () D:\data\rainmaker\.android
2014-03-22 16:00 - 2014-03-22 16:16 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:01 - 00000374 _____ () C:\WINNT\Tasks\Re-markit_wd.job
2014-03-22 16:00 - 2014-03-22 16:01 - 00000000 ____D () C:\Program Files\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:00 - 00000603 _____ () D:\data\rainmaker\Desktop\Mobogenie.lnk
2014-03-22 16:00 - 2014-03-22 16:00 - 00000376 _____ () C:\WINNT\Tasks\Re-markit Update.job
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\Start Menu\Programs\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\My Documents\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () C:\Program Files\Re-markit-soft
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 _____ () D:\data\rainmaker\daemonprocess.txt
2014-03-22 15:59 - 2014-03-23 12:59 - 00000514 _____ () C:\WINNT\Tasks\TidyNetwork Update.job
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\TidyNetwork
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\SupTab
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\key-find
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\All Users\Application Data\WPM
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\All Users\Application Data\IePluginService
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () C:\Program Files\TidyNetwork
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () C:\Program Files\SupTab
2014-03-22 15:57 - 2014-03-22 15:57 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Conduit
2014-03-22 15:57 - 2014-03-22 15:57 - 00000000 ____D () D:\data\rainmaker\Application Data\ValueApps
2014-03-22 15:57 - 2014-03-22 15:57 - 00000000 ____D () C:\Program Files\Conduit
2014-03-22 15:49 - 2014-03-22 15:52 - 00002096 _____ () D:\data\rainmaker\Desktop\FLV Player.lnk
2014-03-22 15:49 - 2014-03-22 15:52 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\WebPlayer
2014-03-22 15:49 - 2014-03-22 15:49 - 00000669 _____ () D:\data\rainmaker\Desktop\PC Speed Maximizer.lnk
2014-03-22 15:49 - 2014-03-22 15:49 - 00000000 ____D () D:\data\rainmaker\Start Menu\Programs\FLV Player
2014-03-22 15:49 - 2014-03-22 15:49 - 00000000 ____D () D:\data\All Users\Start Menu\Programs\PC Speed Maximizer
2014-03-22 15:49 - 2014-03-22 15:49 - 00000000 ____D () C:\Program Files\PC Speed Maximizer
2014-03-22 15:48 - 2014-03-22 16:03 - 00000648 _____ () C:\WINNT\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl.job
2014-03-22 15:48 - 2014-03-22 16:03 - 00000000 ____D () D:\data\rainmaker\Application Data\igdhbblpcellaljokkpfhcjlagemhgjl
2014-03-22 15:48 - 2014-03-22 15:58 - 00000000 ____D () D:\data\rainmaker\Application Data\IminentToolbar
2014-03-22 15:48 - 2014-03-22 15:48 - 00000000 ____D () C:\Program Files\IminentToolbar
2014-03-22 15:48 - 2014-03-22 15:48 - 00000000 ____D () C:\Program Files\Iminent
2014-03-22 15:48 - 2014-03-22 15:48 - 00000000 ____D () C:\Program Files\Common Files\Umbrella
2014-02-28 13:21 - 2014-03-23 12:15 - 00003480 __RSH () D:\data\rainmaker\ntuser.pol
2014-02-28 13:21 - 2014-03-15 17:21 - 00000000 ____D () C:\Program Files\MediaViewV1

==================== One Month Modified Files and Folders =======

2014-03-23 13:58 - 2011-09-04 14:56 - 00000000 ____D () D:\data\rainmaker\Application Data\BitTorrent
2014-03-23 13:58 - 2011-09-03 12:52 - 00000000 __SHD () D:\data\rainmaker\Cookies
2014-03-23 13:57 - 2014-03-23 13:56 - 00000000 ____D () C:\FRST
2014-03-23 13:57 - 2013-04-02 17:07 - 00000000 ____D () D:\data\rainmaker\Local Settings\temp
2014-03-23 13:57 - 2011-09-04 14:55 - 00000000 ____D () D:\data\rainmaker\My Documents\Downloads
2014-03-23 13:57 - 2011-09-03 12:52 - 00524288 ____H () D:\data\rainmaker\ntuser.dat.LOG
2014-03-23 13:47 - 2012-04-14 14:35 - 00000826 _____ () C:\WINNT\Tasks\Adobe Flash Player Updater.job
2014-03-23 13:41 - 2011-09-03 12:52 - 00000000 ___HD () D:\data\rainmaker\Recent
2014-03-23 13:37 - 2006-10-18 07:56 - 00000000 ____D () D:\data\All Users\Desktop
2014-03-23 13:04 - 2012-07-03 08:22 - 00000958 _____ () C:\WINNT\Tasks\GoogleUpdateTaskUserS-1-5-21-3510421623-2965073675-2411060337-1012UA.job
2014-03-23 12:59 - 2014-03-22 15:59 - 00000514 _____ () C:\WINNT\Tasks\TidyNetwork Update.job
2014-03-23 12:20 - 2014-02-12 23:45 - 00000376 _____ () C:\WINNT\Tasks\AmiUpdXp.job
2014-03-23 12:15 - 2014-02-28 13:21 - 00003480 __RSH () D:\data\rainmaker\ntuser.pol
2014-03-23 12:15 - 2011-09-03 12:52 - 00000000 ____D () D:\data\rainmaker
2014-03-23 07:20 - 2007-03-20 16:43 - 00032628 _____ () C:\WINNT\SchedLgU.Txt
2014-03-22 23:01 - 2007-08-31 14:17 - 02307302 _____ () C:\engine.log
2014-03-22 22:04 - 2012-07-03 08:22 - 00000906 _____ () C:\WINNT\Tasks\GoogleUpdateTaskUserS-1-5-21-3510421623-2965073675-2411060337-1012Core.job
2014-03-22 20:57 - 2011-08-30 08:29 - 00001024 ____H () D:\data\Admin\ntuser.dat.LOG
2014-03-22 20:57 - 2009-09-21 09:36 - 00001024 ____H () D:\data\administrator.3YFK943Z\ntuser.dat.LOG
2014-03-22 20:57 - 2009-06-26 18:24 - 00001024 ____H () D:\data\tpritcha\ntuser.dat.LOG
2014-03-22 20:57 - 2008-12-02 19:44 - 00001024 ____H () D:\data\stozin\ntuser.dat.LOG
2014-03-22 20:57 - 2008-05-08 00:39 - 00001024 ____H () D:\data\sserebre\ntuser.dat.LOG
2014-03-22 20:57 - 2007-09-01 04:07 - 00001024 ____H () D:\data\wksbuild\ntuser.dat.LOG
2014-03-22 20:57 - 2007-08-31 14:20 - 00001024 ____H () D:\data\tmaloof\ntuser.dat.LOG
2014-03-22 20:57 - 2007-03-20 16:44 - 00001024 ____H () D:\data\Administrator\ntuser.dat.LOG
2014-03-22 17:21 - 2014-03-22 17:21 - 00000000 ____D () C:\Program Files\MediaWatchV1
2014-03-22 16:38 - 2014-03-22 16:38 - 00113070 _____ () D:\data\rainmaker\Desktop\OTL.Txt
2014-03-22 16:38 - 2011-09-03 12:52 - 00000000 ____D () D:\data\rainmaker\Desktop
2014-03-22 16:16 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Mobogenie
2014-03-22 16:12 - 2011-09-03 12:52 - 11010048 ____H () D:\data\rainmaker\NTUSER.DAT
2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\My Documents\PC Speed Maximizer
2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\Application Data\PC Speed Maximizer
2014-03-22 16:05 - 2011-09-03 12:52 - 00000000 ___RD () D:\data\rainmaker\My Documents
2014-03-22 16:05 - 2011-09-03 12:52 - 00000000 ___HD () D:\data\rainmaker\Application Data
2014-03-22 16:03 - 2014-03-22 15:48 - 00000648 _____ () C:\WINNT\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl.job
2014-03-22 16:03 - 2014-03-22 15:48 - 00000000 ____D () D:\data\rainmaker\Application Data\igdhbblpcellaljokkpfhcjlagemhgjl
2014-03-22 16:01 - 2014-03-22 16:01 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\cache
2014-03-22 16:01 - 2014-03-22 16:01 - 00000000 ____D () D:\data\rainmaker\.android
2014-03-22 16:01 - 2014-03-22 16:00 - 00000374 _____ () C:\WINNT\Tasks\Re-markit_wd.job
2014-03-22 16:01 - 2014-03-22 16:00 - 00000000 ____D () C:\Program Files\Mobogenie
2014-03-22 16:01 - 2011-09-03 12:52 - 00000000 ___HD () D:\data\rainmaker\Local Settings\Application Data
2014-03-22 16:00 - 2014-03-22 16:00 - 00000603 _____ () D:\data\rainmaker\Desktop\Mobogenie.lnk
2014-03-22 16:00 - 2014-03-22 16:00 - 00000376 _____ () C:\WINNT\Tasks\Re-markit Update.job
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\Start Menu\Programs\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\My Documents\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () C:\Program Files\Re-markit-soft
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 _____ () D:\data\rainmaker\daemonprocess.txt
2014-03-22 16:00 - 2011-09-03 12:52 - 00000000 ___RD () D:\data\rainmaker\Start Menu\Programs
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\TidyNetwork
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\SupTab
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\key-find
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\All Users\Application Data\WPM
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\All Users\Application Data\IePluginService
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () C:\Program Files\TidyNetwork
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () C:\Program Files\SupTab
2014-03-22 15:59 - 2012-12-15 17:44 - 00000821 _____ () D:\data\All Users\Desktop\Mozilla Firefox.lnk
2014-03-22 15:59 - 2011-09-03 12:52 - 00000888 _____ () D:\data\rainmaker\Start Menu\Programs\Internet Explorer.lnk
2014-03-22 15:59 - 2011-09-03 12:52 - 00000852 _____ () D:\data\rainmaker\Desktop\Launch Internet Explorer Browser.lnk
2014-03-22 15:59 - 2009-10-19 09:01 - 00000821 _____ () D:\data\All Users\Desktop\b.lnk
2014-03-22 15:59 - 2006-10-18 07:56 - 00000000 __RHD () D:\data\All Users\Application Data
2014-03-22 15:58 - 2014-03-22 15:48 - 00000000 ____D () D:\data\rainmaker\Application Data\IminentToolbar
2014-03-22 15:58 - 2011-11-27 18:26 - 00000821 _____ () D:\data\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-22 15:57 - 2014-03-22 15:57 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Conduit
2014-03-22 15:57 - 2014-03-22 15:57 - 00000000 ____D () D:\data\rainmaker\Application Data\ValueApps
2014-03-22 15:57 - 2014-03-22 15:57 - 00000000 ____D () C:\Program Files\Conduit
2014-03-22 15:52 - 2014-03-22 15:49 - 00002096 _____ () D:\data\rainmaker\Desktop\FLV Player.lnk
2014-03-22 15:52 - 2014-03-22 15:49 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\WebPlayer
2014-03-22 15:49 - 2014-03-22 15:49 - 00000669 _____ () D:\data\rainmaker\Desktop\PC Speed Maximizer.lnk
2014-03-22 15:49 - 2014-03-22 15:49 - 00000000 ____D () D:\data\rainmaker\Start Menu\Programs\FLV Player
2014-03-22 15:49 - 2014-03-22 15:49 - 00000000 ____D () D:\data\All Users\Start Menu\Programs\PC Speed Maximizer
2014-03-22 15:49 - 2014-03-22 15:49 - 00000000 ____D () C:\Program Files\PC Speed Maximizer
2014-03-22 15:49 - 2006-10-18 07:56 - 00000000 ___RD () D:\data\All Users\Start Menu\Programs
2014-03-22 15:48 - 2014-03-22 15:48 - 00000000 ____D () C:\Program Files\IminentToolbar
2014-03-22 15:48 - 2014-03-22 15:48 - 00000000 ____D () C:\Program Files\Iminent
2014-03-22 15:48 - 2014-03-22 15:48 - 00000000 ____D () C:\Program Files\Common Files\Umbrella
2014-03-22 15:48 - 2011-09-04 14:56 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Temp
2014-03-22 15:37 - 2011-08-30 20:58 - 00002101 _____ () D:\data\All Users\Desktop\Safari.lnk
2014-03-21 05:27 - 2009-10-26 14:15 - 00001324 _____ () C:\WINNT\system32\d3d9caps.dat
2014-03-20 17:27 - 2009-06-17 14:10 - 00000284 _____ () C:\WINNT\Tasks\AppleSoftwareUpdate.job
2014-03-18 03:57 - 2009-04-28 03:00 - 00000000 ____D () C:\Quarantine
2014-03-15 17:21 - 2014-02-28 13:21 - 00000000 ____D () C:\Program Files\MediaViewV1
2014-03-06 06:15 - 2014-02-12 23:44 - 00000000 ____D () C:\Program Files\SearchProtect

Files to move or delete:
====================
D:\data\Admin\PKI_INST.BAT
D:\data\administrator.3YFK943Z\PKI_INST.BAT
D:\data\NetworkService\PKI_INST.BAT
D:\data\rainmaker\PKI_INST.BAT
D:\data\stozin\PKI_INST.BAT
D:\data\tpritcha\PKI_INST.BAT


Some content of TEMP:
====================
D:\data\rainmaker\Local Settings\temp\D1395517211.exe
D:\data\rainmaker\Local Settings\temp\dlLogic.exe
D:\data\rainmaker\Local Settings\temp\EnableExtDll.dll
D:\data\rainmaker\Local Settings\temp\FLVPlayerSetup.exe
D:\data\rainmaker\Local Settings\temp\IMsetup.exe
D:\data\rainmaker\Local Settings\temp\nsb38.exe
D:\data\rainmaker\Local Settings\temp\nse32.exe
D:\data\rainmaker\Local Settings\temp\nsf35.exe
D:\data\rainmaker\Local Settings\temp\nsn2F.exe
D:\data\rainmaker\Local Settings\temp\nso3E.exe
D:\data\rainmaker\Local Settings\temp\nsx3B.exe
D:\data\rainmaker\Local Settings\temp\PCSpeedMaximizer.exe
D:\data\rainmaker\Local Settings\temp\Quarantine.exe
D:\data\rainmaker\Local Settings\temp\set-app.exe
D:\data\rainmaker\Local Settings\temp\setapp.exe
D:\data\rainmaker\Local Settings\temp\setup__5043.exe
D:\data\rainmaker\Local Settings\temp\SPSetup.exe
D:\data\rainmaker\Local Settings\temp\TidyNetwork.exe
D:\data\rainmaker\Local Settings\temp\Updater.exe


==================== Bamital & volsnap Check =================

C:\WINNT\explorer.exe => MD5 is legit
C:\WINNT\system32\winlogon.exe => MD5 is legit
C:\WINNT\system32\svchost.exe => MD5 is legit
C:\WINNT\system32\services.exe
[2006-10-18 11:50] - [2009-02-06 06:22] - 0110592 ____N (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd

C:\WINNT\system32\User32.dll
[2008-12-13 01:23] - [2007-03-08 11:36] - 0577536 ____A (Microsoft Corporation) b409909f6e2e8a7067076ed748abf1e7

C:\WINNT\system32\userinit.exe => MD5 is legit
C:\WINNT\system32\rpcss.dll
[2009-06-13 01:22] - [2009-02-09 06:01] - 0401408 ____A (Microsoft Corporation) 24b5d53b9accc1e2edcf0a878d6659d4

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINNT\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by rainmaker at 2014-03-23 13:58:48
Running from D:\data\rainmaker\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

4C06 - VPN 5.01 (HKLM\...\{C5D854EC-B8C9-4DF6-BE66-EBD66090DE4E}) (Version: 1.0.970 - RBC - 4C06)
6F02 - Windows Update Agent 2.0 x32 (HKLM\...\{69BD5ED9-F72C-4A70-B00D-DA348E710B0D}) (Version: 5.8.0.2694 - RBC - 6F02)
6F02 - Windows Update Agent 3.0 (HKLM\...\{A1E4084A-D61E-487B-83C8-53DBD5A95E60}) (Version: 3.0.1047 - RBC - 6F02)
6F90 - MSI Team Tools (HKLM\...\{AC92E21F-481A-439E-A364-935790374469}) (Version: 1.0.1010 - RBC - 6F90)
6FGL - CorporateBranding - FONTS Only (HKLM\...\{C791C4C2-3227-479D-B586-B226A509EBF2}) (Version: 2.01.00 - RBC COE)
6N85 - MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - RBC - 6N85)
6N89 - Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - RBC - 6N89 (Adobe Systems, Inc.))
6N95 - J2SE Runtime Environment 5.0 Update 11 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150110}) (Version: 1.5.0.110 - RBC - 6N95 (Sun Microsystems, Inc.))
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version: - )
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.228 - Adobe Systems Incorporated)
Adobe Reader 8.1.7 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.7 - RBC - 5D01 (Adobe Systems Incorporated))
AOL Toolbar (HKCU\...\AOL Toolbar) (Version: - )
AOL Toolbar (HKLM\...\AOL Toolbar) (Version: - AOL Inc.)
Apple Mobile Device Support (HKLM\...\{8355F970-601D-442D-A79B-1D7DB4F24CAD}) (Version: 2.5.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
BitTorrent (HKLM\...\BitTorrent) (Version: 7.8.0.29626 - BitTorrent Inc.)
Bloomberg DDE Server (HKLM\...\Bloomberg DDE Server) (Version: - )
Bloomberg Excel Tools (HKLM\...\Bloomberg Excel Tools) (Version: - )
Bloomberg Keyboard v8.5 (HKLM\...\Bloomberg Keyboard v8.5) (Version: v8.5 - Bloomberg L.P.)
Bloomberg PFM Upload Tool for Microsoft Excel (HKLM\...\Bloomberg PFM Upload Tool for Microsoft Excel) (Version: - )
Bloomberg Report Viewer (CR) (HKLM\...\Bloomberg Report Viewer_is1) (Version: 1.0 - Bloomberg L.P.)
Bloomberg SFD Data Dictionary (HKLM\...\Bloomberg SFD Data Dictionary) (Version: - )
Bloomberg, V.09.07.07 (HKLM\...\Bloomberg, V.09.07.07) (Version: - )
Borland Database Engine (HKLM\...\{7719052E-B34A-4805-9B6E-E4BC2FCB0CC0}) (Version: 5.2 - LoanPerformance)
Client for Microsoft Office SharePoint Portal Server 2003 (HKLM\...\{21B9D2F9-1CE7-4CDA-9D0D-28EB96565D25}) (Version: 11.0.5704.0 - Microsoft)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6215.1000 - Microsoft Corporation)
ContinueToSave (HKLM\...\{82189996-8854-4685-A46E-C07659FBBB60}) (Version: 1.0 - ) <==== ATTENTION
FLV Player (HKCU\...\FLV Player) (Version: 1.1 - Somoto Ltd.) <==== ATTENTION
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
GrabRez (HKLM\...\GrabRez) (Version: 2014.02.13.012613 - GrabRez) <==== ATTENTION
IBM Rescue and Recovery with Rapid Restore (HKLM\...\{11783F13-C3A9-44A8-929B-21A476F65272}) (Version: 2.04.0182.011 - IBM)
Iminent (HKLM\...\IMBoosterARP) (Version: 7.5.3.1 - Iminent) <==== ATTENTION
Iminent Toolbar on IE and Chrome (HKLM\...\iminent) (Version: 1.8.28.3 - IminentToolbar) <==== ATTENTION
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.141 - InterVideo Inc.)
iPassConnect (HKLM\...\{AB6FFA58-F491-11D3-8951-000000034735}) (Version: - )
iTunes (HKLM\...\{5D601655-6D54-4384-B52C-17EC5385FBBD}) (Version: 8.2.0.23 - Apple Inc.)
key-find uninstaller (HKLM\...\key-find uninstaller) (Version: - key-find)
Liquid XML Studio 2010 (HKLM\...\Liquid XML Studio 2010) (Version: 8.0.6.1970 - Liquid Technologies Limited)
Liquid XML Studio 2010 (Version: 8.0.6.1970 - Liquid Technologies Limited) Hidden
LoanPerformance RiskModel 3.1.6 (HKLM\...\{A58D887D-A71D-4C08-A21B-30585EA4CB48}) (Version: 3.1.6 - LoanPerformance)
LoanPerformance RiskModel 4.0 (HKLM\...\{70B2220F-2DB7-4A20-AA83-2ABC7087487B}) (Version: 4.0.3 - LoanPerformance)
LoanPerformance RiskModel 4.0 (HKLM\...\{CA44D7AD-8EB6-4F35-9CC5-59079CAD7113}) (Version: 4.0.3 - LoanPerformance)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee AntiSpyware Enterprise Module (HKLM\...\McAfee Anti-Spyware Enterprise Module) (Version: 8.5.0.163 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM\...\{35C03C04-3F1F-42C2-A989-A757EE691F65}) (Version: 8.6.0 - McAfee, Inc.)
Media View (HKLM\...\MediaViewV1alpha1095) (Version: 1.1 - Media View)
Media View (HKLM\...\MediaViewV1alpha893) (Version: 1.1 - Media View)
Media Watch (HKLM\...\MediaWatchV1home478) (Version: 1.1 - Media Watch)
Microsoft .NET Framework (English) (Version: 1.0.3705 - Microsoft) Hidden
Microsoft .NET Framework (English) v1.0.3705 (HKLM\...\Microsoft .NET Framework Full v1.0.3705 (1033)) (Version: - )
Microsoft .NET Framework 1.0 Hotfix (KB891864) (HKLM\...\M891864) (Version: - )
Microsoft .NET Framework 1.0 Hotfix (KB928367) (HKLM\...\M928367) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Hotfix (KB891865) (HKLM\...\M891865) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB953297) (HKLM\...\M953297) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft External Out of Office Assistant (HKLM\...\externaloof) (Version: - )
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (HKLM\...\VISPROR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio Viewer 2003 (English) (HKLM\...\{90520409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.3709.5614 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 2.0.30523.8 - Microsoft Corporation)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{2243F21A-E132-44F7-BA13-024D0845C815}) (Version: 8.05.1704 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.00.1399.06 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.00.1399.06 - Microsoft Corporation) Hidden
Microsoft SQL Server Management Studio Express (HKLM\...\{A4512736-8D63-4298-9271-5329931FA46B}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{BF251EAF-8697-4E89-BF09-C998F97BBC40}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1CBE3804-20DF-48DA-B048-895C206E80A5}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Mobogenie (HKLM\...\Mobogenie) (Version: - Mobogenie.com) <==== ATTENTION
MovieDownloader (HKLM\...\1ClickDownload) (Version: 2.1 Build 26473 - 1clickmoviedownloader.com)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation)
NK04 - VirusScan (HKLM\...\{CB8BC782-6143-423F-8458-BEA64FB868E5}) (Version: 1.1.1020 - RBC - NK04)
Nortel Networks TunnelGuard (HKLM\...\{5650A422-0789-473F-B2C7-6C3D10CC9FFB}) (Version: 2.0.0.0 - Nortel Networks)
PC Speed Maximizer v3.2 (HKLM\...\PC Speed Maximizer_is1) (Version: 3.2 - SoftCity)
Price Check by AOL (HKLM\...\Price Check by AOL) (Version: 1.11.2.1 - AOL Inc.)
QuickTime (HKLM\...\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}) (Version: 7.62.14.0 - Apple Inc.)
Re-markit (HKLM\...\3b3dfc7e-1400-4a43-9a58-11f6f943f8c8) (Version: - Re-markit Software) <==== ATTENTION
Remote Access VPN Client (HKLM\...\{EF964A78-078C-11D1-B7A7-0000C0134CE6}) (Version: - )
Remove Hidden Data Tool (HKLM\...\{90F80409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6058.0 - Microsoft Corporation)
Safari (HKLM\...\{C5C649A8-1D21-4C83-9B08-7B3752E580F4}) (Version: 4.30.17.0 - Apple Inc.)
Search Protect (HKLM\...\SearchProtect) (Version: 2.11.11.7 - Conduit) <==== ATTENTION
SMS Advanced Client (Version: 2.50.4160.2000 - Microsoft Corporation) Hidden
Snapshot Viewer (HKLM\...\{880D04DD-660B-4F4F-940A-F4DB6C95DE35}) (Version: 1.0.850 - RBC - 6N02)
Software Version Updater (HKLM\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
Sothink Flash Downloader for Browser (HKLM\...\{888DEFB8-CFCE-43FE-A7C8-9B18C4450719}_is1) (Version: - SourceTec Software Co., LTD)
Sothink SWF Catcher (HKLM\...\{49273419-5179-4866-9F71-5CF346F302CF}_is1) (Version: 2.6 - SourceTec Software Co., LTD)
Sothink SWF Decompiler (HKLM\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.3 - SourceTec Software Co., LTD)
Sothink SWF Editor (HKLM\...\{0BF1DE3D-31B9-417F-A915-4BCC5AAEE3CD}_is1) (Version: 1.3 - SourceTec Software Co., LTD)
SugarSync Manager (HKLM\...\SugarSync) (Version: 1.9.97.122348 - SugarSync, Inc.)
Sygate Security Agent 4.1 (HKLM\...\{AFD7C2E0-6A0D-466D-AC6C-BD1FD048637A}) (Version: 4.1.3460 - Sygate Technologies, Inc.)
TextPad 5 (HKLM\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.3.1 - Helios)
ThinkPad Configuration (HKLM\...\{FC081D4D-DF1B-4CF1-B530-027E4118D846}) (Version: 1.51 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 1.16 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.33 - )
ThinkPad Power Manager (HKLM\...\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}) (Version: 1.12 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 7.5.17.18 - )
ThinkPad UltraNav Wizard (HKLM\...\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}) (Version: 3.03 - )
ThinkVantage Active Protection System (HKLM\...\{72806716-7088-41B2-8FA6-717A2A164DAB}) (Version: 1.40 - )
TidyNetwork (HKCU\...\TidyNetwork) (Version: - TidyNetwork)
Update for Windows XP (KB908531) (HKLM\...\KB908531) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB911280) (HKLM\...\KB911280) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB927891) (HKLM\...\KB927891) (Version: 3 - Microsoft Corporation)
Update for Windows XP (KB931836) (HKLM\...\KB931836) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB932823-v3) (HKLM\...\KB932823-v3) (Version: 3 - Microsoft Corporation)
Update for Windows XP (KB946627) (HKLM\...\KB946627) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB978207) (HKLM\...\KB978207) (Version: 1 - Microsoft Corporation)
ValueApps (HKCU\...\ValueApps) (Version: 1.4.0.3 - Conduit) <==== ATTENTION
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version: - WebEx Communications, Inc)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows Media Player Enterprise Deployment (Version: 10.0.0.3802 - Microsoft Corporation) Hidden
Windows XP Hotfix - KB873333 (HKLM\...\KB873333) (Version: 20050114.005213 - Microsoft Corporation)
Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation)
Windows XP Hotfix - KB883667 (HKLM\...\KB883667) (Version: 20040812.104354 - Microsoft Corporation)
Windows XP Hotfix - KB885250 (HKLM\...\KB885250) (Version: 20050118.202711 - Microsoft Corporation)
Windows XP Hotfix - KB885453 (HKLM\...\KB885453) (Version: 20040924.183555 - Microsoft Corporation)
Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation)
Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation)
Windows XP Hotfix - KB888113 (HKLM\...\KB888113) (Version: 20041116.131036 - Microsoft Corporation)
Windows XP Hotfix - KB888302 (HKLM\...\KB888302) (Version: 20041207.111426 - Microsoft Corporation)
Windows XP Hotfix - KB890047 (HKLM\...\KB890047) (Version: 20041221.124506 - Microsoft Corporation)
Windows XP Hotfix - KB890175 (HKLM\...\KB890175) (Version: 20041201.233338 - Microsoft Corporation)
Windows XP Hotfix - KB890859 (HKLM\...\KB890859) (Version: 1 - Microsoft Corporation)
Windows XP Hotfix - KB891781 (HKLM\...\KB891781) (Version: 20050110.165439 - Microsoft Corporation)
Windows XP Hotfix - KB893066 (HKLM\...\KB893066) (Version: 1 - Microsoft Corporation)
Windows XP Hotfix - KB893086 (HKLM\...\KB893086) (Version: 1 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip v9.0 (HKLM\...\{B233F2BB-F1D0-460F-88E0-5C19C9132B1A}) (Version: 9.0.930 - RBC - KC10)
WPM17.8.0.3442 (HKLM\...\WPM) (Version: 17.8.0.3442 - Cherished Technololgy LIMITED) <==== ATTENTION
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
YES1 - Sygate Personal Firewall (HKLM\...\{AD93A3B7-3AE5-4A99-B9DD-236075A747BE}) (Version: 1.0.970 - RBC)
YKG1 - Centra Client (HKLM\...\{5FC0907C-69A4-4DED-95C8-54F58784C8E7}) (Version: 1.0.970 - RBC - YKG1)
YKJ2 - Central Configuration Utility (HKLM\...\{95AACF74-B3F5-463B-85D8-D2B76339E735}) (Version: 1.0.1010 - RBC - YKJ2)
YLM2 - RBC Enterprise Library (HKLM\...\{4D95051A-A4EE-4EC9-816C-6461A09BF79D}) (Version: 1.0.930 - RBC - YLM2)
YLM7 - RBC Enterprise Library 2.0 (HKLM\...\{71F5D26D-4836-4124-85AE-48D3DB450DB9}) (Version: 1.0.970 - RBC - YLM7)
YND1 - Symantec Enterprise Vault Outlook Add-In (HKLM\...\{68E9F885-3B73-4884-A598-31FC2C7F8E63}) (Version: 7.5.1250 - RBC - YND1 (Symantec Corporation))
YNX3 - Desktop/Laptop Cisco Wireless Drivers (HKLM\...\{D3E95890-DE97-4A4C-89DC-6056A62619AE}) (Version: 1.0.980 - RBC - YNX3)
YNX4 - Intel Wireless Drivers (HKLM\...\{1B0FAEF9-0E29-41AB-BDBF-E443DB5DE609}) (Version: 1.0.1010 - RBC - YNX4)
YRU4 - Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4693 - )
YSOG - T60 BIOS Code (HKLM\...\{FDB42124-1AAA-42E4-B6D5-46652BF58150}) (Version: 1.0.1010 - RBC - YSOG)
YSOK - CMOS Files (HKLM\...\{96434172-9754-4BC9-A317-10E69F1349FC}) (Version: 1.0.980 - RBC - YSOK)
Zinio Reader 4 (HKLM\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.2.3972 - Zinio LLC)
Zinio Reader 4 (Version: 4.2.3972 - Zinio LLC) Hidden

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2006-10-18 11:49 - 2014-01-14 13:34 - 00000098 ____A C:\WINNT\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINNT\Tasks\Adobe Flash Player Updater.job => C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINNT\Tasks\AmiUpdXp.job => d:\data\rainmaker\Application Data\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\WINNT\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINNT\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl.job => d:\data\rainmaker\Application Data\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe
Task: C:\WINNT\Tasks\GoogleUpdateTaskUserS-1-5-21-3510421623-2965073675-2411060337-1012Core.job => d:\data\rainmaker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINNT\Tasks\GoogleUpdateTaskUserS-1-5-21-3510421623-2965073675-2411060337-1012UA.job => d:\data\rainmaker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINNT\Tasks\Re-markit Update.job => C:\Program Files\Re-markit-soft\ReMar.exe <==== ATTENTION
Task: C:\WINNT\Tasks\Re-markit_wd.job => C:\Program Files\Re-markit-soft\Re-markit_wd.exe <==== ATTENTION
Task: C:\WINNT\Tasks\TidyNetwork Update.job => d:\data\rainmaker\Local Settings\Application Data\TidyNetwork\petnupdate.exe

==================== Loaded Modules (whitelisted) =============

2007-09-01 02:55 - 2006-02-01 16:09 - 00024576 ____N () C:\WINNT\system32\tphklock.dll
2007-09-01 02:54 - 2006-02-01 16:09 - 00028672 ____N () C:\WINNT\system32\notifyf2.dll
2007-09-01 02:55 - 2005-11-11 02:33 - 00073782 ____N () C:\WINNT\system32\ibmpmsvc.exe
2005-10-06 23:18 - 2005-10-06 23:18 - 00385024 ____N () C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
2009-04-25 11:37 - 2007-12-14 15:06 - 00120128 _____ () C:\Program Files\Network Associates\Common Framework\naXML2_71.dll
2009-04-25 11:37 - 2007-12-14 15:06 - 00156992 _____ () C:\Program Files\Network Associates\Common Framework\naisign2.DLL
2006-11-30 08:50 - 2006-11-30 08:50 - 00149080 _____ () C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll
2007-09-01 03:59 - 2005-12-07 02:12 - 00036864 ____N () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
2007-09-01 03:59 - 2005-12-07 02:12 - 00073728 ____N () C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
2011-08-30 20:54 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 01159289 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\client\jvm.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00028787 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\hpi.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00057449 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\verify.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00102511 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\java.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00053360 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\zip.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00057451 ____R () C:\Program Files\Nortel Networks\TunnelGuard\jre\bin\net.dll
2005-09-06 16:50 - 2005-09-06 16:50 - 00077824 ____N () C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIcon.DLL
2007-09-01 02:55 - 2006-02-01 16:09 - 00094208 ____N () C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
2007-09-01 02:55 - 2006-02-01 16:09 - 00077824 ____N () C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
2007-01-13 04:01 - 2007-01-13 04:01 - 00397312 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll
2007-01-13 04:01 - 2007-01-13 04:01 - 00475136 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll
2013-10-10 01:41 - 2013-10-10 01:41 - 00069632 _____ () C:\Program Files\SugarSync\librsync.dll
2009-04-25 19:16 - 2006-11-06 14:00 - 00651264 _____ () C:\Program Files\iPass\iPassConnect\LIBEAY32.dll
2011-08-30 08:46 - 2012-02-22 20:49 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2011-08-30 08:45 - 2012-02-22 20:49 - 00078336 _____ () C:\Program Files\Yahoo!\Messenger\pcre.dll
2010-01-16 01:48 - 2009-06-03 15:27 - 01290752 ____N () C:\WINNT\system32\quartz.dll
2006-10-18 11:50 - 2004-08-04 00:56 - 00014336 ____N () C:\WINNT\system32\msdmo.dll
2006-10-18 11:48 - 2004-08-04 00:56 - 00059904 ____N () C:\WINNT\system32\devenum.dll
2014-02-12 21:29 - 2014-03-20 22:51 - 00348440 _____ () C:\Program Files\GrabRez\updateGrabRez.exe
2014-02-13 00:44 - 2014-03-20 22:54 - 00348440 _____ () C:\Program Files\GrabRez\bin\utilGrabRez.exe
2014-03-22 16:00 - 2014-03-12 03:28 - 00070848 _____ () C:\Program Files\Mobogenie\MgAssist.exe
2014-03-22 16:00 - 2014-03-12 03:28 - 00764096 _____ () C:\Program Files\Mobogenie\DaemonProcess.exe
2014-03-22 16:00 - 2014-03-12 03:28 - 00065728 _____ () C:\Program Files\Mobogenie\Device.dll
2014-03-22 16:00 - 2014-03-12 03:28 - 00474816 _____ () C:\Program Files\Mobogenie\DCR.dll
2014-03-22 16:00 - 2014-03-22 16:00 - 00093696 _____ () C:\Program Files\Re-markit-soft\Re-markit_wd.exe
2014-02-14 23:55 - 2014-02-14 23:55 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-22 16:00 - 2014-03-22 16:00 - 00197120 _____ () C:\Program Files\Re-markit-soft\Re-markit157.exe
2009-07-17 23:21 - 2009-07-17 23:21 - 03883424 _____ () C:\WINNT\system32\Macromed\Flash\NPSWF32.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2014 11:54:31 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (03/23/2014 03:54:31 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (03/22/2014 07:54:30 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (03/22/2014 05:22:17 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (03/22/2014 11:54:29 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (03/22/2014 03:54:29 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (03/21/2014 07:54:29 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (03/21/2014 11:54:29 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (03/21/2014 03:54:29 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (03/20/2014 07:54:28 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.


System errors:
=============
Error: (03/23/2014 01:51:15 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Error: (03/23/2014 01:36:31 PM) (Source: PlugPlayManager) (User: )
Description: The device 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0) disappeared from the system without first being prepared for removal.

Error: (03/23/2014 01:36:16 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (03/23/2014 11:39:01 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain OAK due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (03/23/2014 07:24:01 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain OAK due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (03/23/2014 05:12:52 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 959 minutes.
NtpClient has no source of accurate time.

Error: (03/23/2014 03:24:00 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain OAK due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (03/22/2014 11:24:00 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain OAK due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (03/22/2014 07:09:05 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain OAK due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (03/22/2014 03:09:00 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain OAK due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 89%
Total physical RAM: 1526.36 MB
Available physical RAM: 162.4 MB
Total Pagefile: 4225.74 MB
Available Pagefile: 1037.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.46 MB

==================== Drives ================================

Drive c: (COE) (Fixed) (Total:60.45 GB) (Free:25.73 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (DATA) (Fixed) (Total:32.7 GB) (Free:7.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 93 GB) (Disk ID: DAEEECAE)

Partition: GPT Partition Type.

==================== End Of Log ============================



aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-23 14:00:32
-----------------------------
14:00:32.718 OS Version: Windows 5.1.2600 Service Pack 2
14:00:32.718 Number of processors: 2 586 0xE08
14:00:32.718 ComputerName: 3YFK943Z UserName:
14:00:34.171 Initialize success
14:12:05.125 AVAST engine defs: 14032300
14:15:14.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:15:15.046 Disk 0 Vendor: HTS72101 MCZI Size: 95396MB BusType: 3
14:15:16.250 Disk 0 MBR read successfully
14:15:16.250 Disk 0 MBR scan
14:15:25.843 Disk 0 unknown MBR code
14:15:25.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 61904 MB offset 63
14:15:33.562 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 33488 MB offset 126781200
14:15:33.656 Disk 0 scanning sectors +195365520
14:15:35.171 Disk 0 scanning C:\WINNT\system32\drivers
14:16:56.656 Service scanning
14:18:17.484 Service Re-markit C:\Program Files\Re-markit-soft\Re-markit157.exe **INFECTED** Win32:Dropper-gen [Drp]
14:18:35.171 Modules scanning
14:18:59.765 Disk 0 trace - called modules:
14:18:59.781 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
14:18:59.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89ac1ab8]
14:18:59.781 3 CLASSPNP.SYS[ba8e905b] -> nt!IofCallDriver -> \Device\00000097[0x89a29a08]
14:18:59.781 5 ACPI.sys[ba77f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x89ac0030]
14:19:04.343 AVAST engine scan C:\WINNT
14:19:31.093 AVAST engine scan C:\WINNT\system32
14:24:58.312 AVAST engine scan C:\WINNT\system32\drivers
14:25:17.546 AVAST engine scan d:\data\rainmaker
14:33:45.140 File: d:\data\rainmaker\Local Settings\temp\setup__5043.exe **INFECTED** Win32:Adware-gen [Adw]
14:36:14.062 AVAST engine scan d:\data\All Users
14:39:11.593 Scan finished successfully
14:44:22.781 Disk 0 MBR has been saved successfully to "d:\data\rainmaker\My Documents\Downloads\MBR.dat"
14:44:22.828 The log file has been saved successfully to "d:\data\rainmaker\My Documents\Downloads\aswMBR.txt"
  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Thank you so much for you help.



Hello, and you are very much welcome. :thumbsup:

We have a lot of work to do, so let's get started. :)


The Dangers of P2P Programs

I noticed that you have a P2P file sharing program on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls


Please uninstall the following programs from your machine. If one of the programs in the list isn't shown, don't worry, just move on to the next one.


  • ContinueToSave
  • GrabRez
  • Iminent
  • Iminent Toolbar on IE and Chrome
  • key-find uninstaller
  • Media View
  • Mobogenie
  • MovieDownloader
  • Re-markit
  • Software Version Updater
  • TidyNetwork
  • ValueApps
  • WPM17.8.0.3442
  • Media Watch
  • Cool Mirage/ Movie Downloader
  • Cherished Technololgy LIMITED
  • Imiment
  • PC Speed Maximizer
  • IETabPage Class


Step 2: Chrome Changes


Changing Chrome's Homepage

We need to change your homepage in Chrome. Please follow the instructions below.

  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under On Startup and then click Open a specific set of pages and click Set Pages
  • When the window opens, type in any page you wish as your new start page.
  • Once you have typed in your new home page, close the window.

Remove Chrome Extensions

There are some extensions in Chrome that need to be removed, please follow the instructions below to remove them.

Start Chrome and type this into the address bar: chrome:extensions

This will display a page of all the installed extensions. Please remove the extensions in the list below by clicking the trash can icon beside each one.

  • Media View
  • Re-markit
  • conntiniUetoosyavee
  • Media View
  • Value apps
If one of the extensions I've asked you to remove is not listed, don't worry about it. Just move on to the next one in the list. :)


Changing Chrome's Search Provider

We need to change your default Search Provider in Chrome. Please follow the instructions below.

  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under Search and then click the box that has your current search provider listed. Change it from the malware related search engine to another (Such as Google.)
  • Once you have changed it, click on Manage Search Engines and delete key-find from the list.
  • Once you have removed it, close the window.


Step 3: FRST Fix


  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
(Cool Mirage) C:\Program Files\1clickmoviedownloader.com\MovieDownloader.exe
C:\Program Files\1clickmoviedownloader.com
() C:\Program Files\GrabRez\updateGrabRez.exe
() C:\Program Files\GrabRez\bin\utilGrabRez.exe
C:\Program Files\GrabRez
(Iminent) C:\Program Files\Common Files\Umbrella\Umbrella260.exe
(Iminent) C:\Program Files\Common Files\Umbrella
(Smart PC Solutions) C:\Program Files\PC Speed Maximizer\SPMSmartScan.exe
(Smart PC Solutions) C:\Program Files\PC Speed Maximizer
(Cherished Technololgy LIMITED) d:\data\All Users\Application Data\WPM\wprotectmanager.exe
(Cherished Technololgy LIMITED) d:\data\All Users\Application Data\IePluginService\PluginService.exe
d:\data\All Users\Application Data\WPM
d:\data\All Users\Application Data\IePluginService
() C:\Program Files\Mobogenie\MgAssist.exe
() C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\Mobogenie
() C:\Program Files\Re-markit-soft\Re-markit_wd.exe
C:\Program Files\Re-markit-soft
() C:\Program Files\Re-markit-soft\Re-markit157.exe
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe [764096 2014-03-12] ()
HKLM\...\Runonce: [hugefiles2] - [X]
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [UIHost] logonui.exe [x ] ()
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon] - "C:\WINNT\system32\Rundll32.exe" "d:\data\rainmaker\Application Data\ValueApps\CH\TBVerifier.dll",RunConduitFloatingPlugin lcnnhcneegeeojhgpfijnlnocjdmlaon
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [PC Speed Maximizer] - C:\Program Files\PC Speed Maximizer\SPMLauncher.exe [134768 2014-02-21] (Smart PC Solutions)
d:\data\rainmaker\Application Data\ValueApps
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find....Y0J293RLJ293RLX
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find....Y0J293RLJ293RLX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find....Y0J293RLJ293RLX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find....q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find....q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find....Y0J293RLJ293RLX
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find....Y0J293RLJ293RLX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find....q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find....q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find....q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find....q={searchTerms}
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://search.condui...rchTerms}&SSPV=
BHO: iminent Helper Object - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files\IminentToolbar\1.8.28.3\bh\iminent.dll (Iminent)
C:\Program Files\IminentToolbar
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
C:\Program Files\SupTab
BHO: Media View - {6a62326e-a555-4ce2-a187-f034ea6a08d8} - C:\Program Files\MediaViewV1\MediaViewV1alpha893\ie\MediaViewV1alpha893.dll ()
C:\Program Files\MediaViewV1
BHO: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll (Conduit Ltd.)
C:\Program Files\Conduit
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Minibar.InternetExplorer.BHOx86.dll (SIEN)
C:\Program Files\Iminent
BHO: TidyNetwork - {C0CB31EC-3EFF-359B-C453-F3E943B02C20} - C:\Program Files\TidyNetwork\petn.dll ()
C:\Program Files\TidyNetwork
BHO: GrabRez - {e1420d09-acc8-4efd-9965-e7ae3c5b977c} - C:\Program Files\GrabRez\GrabRezbho.dll (GrabRez)
C:\Program Files\GrabRez
BHO: Media Watch - {f90da889-3d73-46dd-b885-28d014abf887} - C:\Program Files\MediaWatchV1\MediaWatchV1home478\ie\MediaWatchV1home478.dll ()
C:\Program Files\MediaWatchV1
Toolbar: HKLM - Iminent Toolbar - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files\IminentToolbar\1.8.28.3\iminentTlbr.dll (Iminent)
Toolbar: HKCU - AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
FF DefaultSearchEngine: key-find
FF SelectedSearchEngine: key-find
FF Homepage: hxxp://www.key-find.com/?type=hp&ts=1395518393&from=amt&uid=HTS721010G9SA00_MPDZN7Y0J293RLJ293RLX
FF SearchPlugin: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\conduit-search.xml
FF SearchPlugin: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\iminent.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\key-find.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\StartWeb.xml
FF Extension: Iminent Toolbar - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\[email protected] [2014-03-22]
FF Extension: TidyNetwork - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\[email protected] [2014-03-22]
FF Extension: Value Apps - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} [2014-03-22]
FF Extension: Price Check by AOL - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\{1DEC6447-C74F-4886-9002-202C27C703F1}.xpi [2012-09-17]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\MediaViewV1\MediaViewV1alpha893\ff
FF Extension: Media View - C:\Program Files\MediaViewV1\MediaViewV1alpha893\ff [2014-02-28]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\MediaViewV1\MediaViewV1alpha1095\ff
FF Extension: Media View - C:\Program Files\MediaViewV1\MediaViewV1alpha1095\ff [2014-03-15]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\MediaWatchV1\MediaWatchV1home478\ff
FF Extension: Media Watch - C:\Program Files\MediaWatchV1\MediaWatchV1home478\ff [2014-03-22]
FF HKCU\...\Firefox\Extensions: [{77601b4f-338e-4abf-b114-dd2c0929031b}] - C:\Program Files\Re-markit-soft\157.xpi
FF Extension: Re-markit - C:\Program Files\Re-markit-soft\157.xpi [2014-03-22]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://www.key-find....Y0J293RLJ293RLX
D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjkggmndenlgcghfeaiflpbmbomhmaem
D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel
D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jdnbooglimgbkldcjceioecgifemmgno
D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lbeblclcidlaiilbpcfodbfjkahgamli
D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon
D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojjacahpggheelkpkjdkiiadpbfippic
CHR HKLM\...\Chrome\Extension: [bjkggmndenlgcghfeaiflpbmbomhmaem] - C:\Program Files\MediaViewV1\MediaViewV1alpha1095\ch\MediaViewV1alpha1095.crx [2014-02-26]
CHR HKLM\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - "C:\Program Files\Iminent\Iminent.crx" [2014-02-26]
CHR HKLM\...\Chrome\Extension: [lbeblclcidlaiilbpcfodbfjkahgamli] - C:\Program Files\MediaViewV1\MediaViewV1alpha893\ch\MediaViewV1alpha893.crx [2014-02-26]
CHR HKLM\...\Chrome\Extension: [ojjacahpggheelkpkjdkiiadpbfippic] - C:\Program Files\MediaWatchV1\MediaWatchV1home478\ch\MediaWatchV1home478.crx [2014-03-20]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-03-22]
R2 IePluginService; d:\data\All Users\Application Data\IePluginService\PluginService.exe [515584 2014-03-17] (Cherished Technololgy LIMITED)
d:\data\All Users\Application Data\IePluginService
R2 MgAssistService; C:\Program Files\Mobogenie\MgAssist.exe [70848 2014-03-12] ()
C:\Program Files\Mobogenie
R2 Re-markit; C:\Program Files\Re-markit-soft\Re-markit157.exe [197120 2014-03-22] ()
C:\Program Files\Re-markit-soft
R2 SProtection; C:\Program Files\Common Files\Umbrella\Umbrella260.exe [2930496 2014-03-17] (Iminent)
C:\Program Files\Common Files\Umbrella
R2 Update GrabRez; C:\Program Files\GrabRez\updateGrabRez.exe [348440 2014-03-20] ()
C:\Program Files\GrabRez
R2 Util GrabRez; C:\Program Files\GrabRez\bin\utilGrabRez.exe [348440 2014-03-20] ()
S2 WinkHandler; C:\Program Files\Iminent\WinkHandler.exe [425792 2014-03-17] ()
C:\Program Files\Iminent
R2 Wpm; d:\data\All Users\Application Data\WPM\wprotectmanager.exe [496640 2014-03-22] (Cherished Technololgy LIMITED)
d:\data\All Users\Application Data\WPM
2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\My Documents\PC Speed Maximizer
2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\Application Data\PC Speed Maximizer
2014-03-22 16:00 - 2014-03-22 16:16 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:01 - 00000374 _____ () C:\WINNT\Tasks\Re-markit_wd.job
2014-03-22 16:00 - 2014-03-22 16:01 - 00000000 ____D () C:\Program Files\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:00 - 00000603 _____ () D:\data\rainmaker\Desktop\Mobogenie.lnk
2014-03-22 16:00 - 2014-03-22 16:00 - 00000376 _____ () C:\WINNT\Tasks\Re-markit Update.job
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\Start Menu\Programs\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\My Documents\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () C:\Program Files\Re-markit-soft
2014-03-22 15:59 - 2014-03-23 12:59 - 00000514 _____ () C:\WINNT\Tasks\TidyNetwork Update.job
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\TidyNetwork
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\SupTab
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\key-find
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\All Users\Application Data\WPM
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\All Users\Application Data\IePluginService
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () C:\Program Files\TidyNetwork
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () C:\Program Files\SupTab
2014-03-22 15:57 - 2014-03-22 15:57 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Conduit
2014-03-22 15:57 - 2014-03-22 15:57 - 00000000 ____D () D:\data\rainmaker\Application Data\ValueApps
2014-03-22 15:57 - 2014-03-22 15:57 - 00000000 ____D () C:\Program Files\Conduit
2014-03-22 15:49 - 2014-03-22 15:49 - 00000669 _____ () D:\data\rainmaker\Desktop\PC Speed Maximizer.lnk
2014-03-22 15:49 - 2014-03-22 15:49 - 00000000 ____D () D:\data\All Users\Start Menu\Programs\PC Speed Maximizer
2014-03-22 15:49 - 2014-03-22 15:49 - 00000000 ____D () C:\Program Files\PC Speed Maximizer
2014-03-22 15:48 - 2014-03-22 15:58 - 00000000 ____D () D:\data\rainmaker\Application Data\IminentToolbar
2014-03-22 15:48 - 2014-03-22 15:48 - 00000000 ____D () C:\Program Files\IminentToolbar
2014-03-22 15:48 - 2014-03-22 15:48 - 00000000 ____D () C:\Program Files\Iminent
2014-03-22 15:48 - 2014-03-22 15:48 - 00000000 ____D () C:\Program Files\Common Files\Umbrella
2014-02-28 13:21 - 2014-03-15 17:21 - 00000000 ____D () C:\Program Files\MediaViewV1
2014-03-23 12:59 - 2014-03-22 15:59 - 00000514 _____ () C:\WINNT\Tasks\TidyNetwork Update.job
2014-03-22 17:21 - 2014-03-22 17:21 - 00000000 ____D () C:\Program Files\MediaWatchV1
2014-03-22 16:16 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Mobogenie
2014-03-06 06:15 - 2014-02-12 23:44 - 00000000 ____D () C:\Program Files\SearchProtect
D:\data\Admin\PKI_INST.BAT
D:\data\administrator.3YFK943Z\PKI_INST.BAT
D:\data\NetworkService\PKI_INST.BAT
D:\data\rainmaker\PKI_INST.BAT
D:\data\stozin\PKI_INST.BAT
D:\data\tpritcha\PKI_INST.BAT
d:\data\rainmaker\Local Settings\temp\setup__5043.exe
d:\data\rainmaker\Local Settings\temp\setup__5043.exe
Task: C:\WINNT\Tasks\AmiUpdXp.job => d:\data\rainmaker\Application Data\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\WINNT\Tasks\Re-markit Update.job => C:\Program Files\Re-markit-soft\ReMar.exe <==== ATTENTION
Task: C:\WINNT\Tasks\Re-markit_wd.job => C:\Program Files\Re-markit-soft\Re-markit_wd.exe <==== ATTENTION
Task: C:\WINNT\Tasks\TidyNetwork Update.job => d:\data\rainmaker\Local Settings\Application Data\TidyNetwork\petnupdate.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


Posted Image

  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\AdwCleaner[R0].txt

Step 5: Junkware Removal Tool


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Step 6: Fresh FRST Scan


Please start Farbar's Recovery Scan tool and press the Scan button.

When finished, it will produce one log called Frst.txt on your desktop. Please post it in your next reply.


Things I need to see in your next post:


Fixlog.txt Log

AdwCleaner Log

Junkware Removal Tool Log

Fresh FRST.txt log

Question: How is the computer running now?

  • 0

#5
Lisawinter

Lisawinter

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OK, here is all the detail you requested. Seems to be running better thus far. Noticed far less pop-ups and browsers seem faster. PC does not seem like its always running, like it was.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by rainmaker at 2014-03-23 22:11:59 Run:1
Running from D:\data\rainmaker\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
(Cool Mirage) C:\Program Files\1clickmoviedownloader.com\MovieDownloader.exe
C:\Program Files\1clickmoviedownloader.com
() C:\Program Files\GrabRez\updateGrabRez.exe
() C:\Program Files\GrabRez\bin\utilGrabRez.exe
C:\Program Files\GrabRez
(Iminent) C:\Program Files\Common Files\Umbrella\Umbrella260.exe
(Iminent) C:\Program Files\Common Files\Umbrella
(Smart PC Solutions) C:\Program Files\PC Speed Maximizer\SPMSmartScan.exe
(Smart PC Solutions) C:\Program Files\PC Speed Maximizer
(Cherished Technololgy LIMITED) d:\data\All Users\Application Data\WPM\wprotectmanager.exe
(Cherished Technololgy LIMITED) d:\data\All Users\Application Data\IePluginService\PluginService.exe
d:\data\All Users\Application Data\WPM
d:\data\All Users\Application Data\IePluginService
() C:\Program Files\Mobogenie\MgAssist.exe
() C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\Mobogenie
() C:\Program Files\Re-markit-soft\Re-markit_wd.exe
C:\Program Files\Re-markit-soft
() C:\Program Files\Re-markit-soft\Re-markit157.exe
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe [764096 2014-03-12] ()
HKLM\...\Runonce: [hugefiles2] - [X]
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [UIHost] logonui.exe [x ] ()
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon] - "C:\WINNT\system32\Rundll32.exe" "d:\data\rainmaker\Application Data\ValueApps\CH\TBVerifier.dll",RunConduitFloatingPlugin lcnnhcneegeeojhgpfijnlnocjdmlaon
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [PC Speed Maximizer] - C:\Program Files\PC Speed Maximizer\SPMLauncher.exe [134768 2014-02-21] (Smart PC Solutions)
d:\data\rainmaker\Application Data\ValueApps
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find....Y0J293RLJ293RLX
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find....Y0J293RLJ293RLX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find....Y0J293RLJ293RLX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find....q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find....q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find....Y0J293RLJ293RLX
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find....Y0J293RLJ293RLX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find....q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find....q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find....q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find....q={searchTerms}
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://search.condui...rchTerms}&SSPV=
BHO: iminent Helper Object - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files\IminentToolbar\1.8.28.3\bh\iminent.dll (Iminent)
C:\Program Files\IminentToolbar
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
C:\Program Files\SupTab
BHO: Media View - {6a62326e-a555-4ce2-a187-f034ea6a08d8} - C:\Program Files\MediaViewV1\MediaViewV1alpha893\ie\MediaViewV1alpha893.dll ()
C:\Program Files\MediaViewV1
BHO: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll (Conduit Ltd.)
C:\Program Files\Conduit
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Minibar.InternetExplorer.BHOx86.dll (SIEN)
C:\Program Files\Iminent
BHO: TidyNetwork - {C0CB31EC-3EFF-359B-C453-F3E943B02C20} - C:\Program Files\TidyNetwork\petn.dll ()
C:\Program Files\TidyNetwork
BHO: GrabRez - {e1420d09-acc8-4efd-9965-e7ae3c5b977c} - C:\Program Files\GrabRez\GrabRezbho.dll (GrabRez)
C:\Program Files\GrabRez
BHO: Media Watch - {f90da889-3d73-46dd-b885-28d014abf887} - C:\Program Files\MediaWatchV1\MediaWatchV1home478\ie\MediaWatchV1home478.dll ()
C:\Program Files\MediaWatchV1
Toolbar: HKLM - Iminent Toolbar - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files\IminentToolbar\1.8.28.3\iminentTlbr.dll (Iminent)
Toolbar: HKCU - AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
FF DefaultSearchEngine: key-find
FF SelectedSearchEngine: key-find
FF Homepage: hxxp://www.key-find.com/?type=hp&ts=1395518393&from=amt&uid=HTS721010G9SA00_MPDZN7Y0J293RLJ293RLX
FF SearchPlugin: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\conduit-search.xml
FF SearchPlugin: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\iminent.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\key-find.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\StartWeb.xml
FF Extension: Iminent Toolbar - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\[email protected] [2014-03-22]
FF Extension: TidyNetwork - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\[email protected] [2014-03-22]
FF Extension: Value Apps - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} [2014-03-22]
FF Extension: Price Check by AOL - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\{1DEC6447-C74F-4886-9002-202C27C703F1}.xpi [2012-09-17]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\MediaViewV1\MediaViewV1alpha893\ff
FF Extension: Media View - C:\Program Files\MediaViewV1\MediaViewV1alpha893\ff [2014-02-28]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\MediaViewV1\MediaViewV1alpha1095\ff
FF Extension: Media View - C:\Program Files\MediaViewV1\MediaViewV1alpha1095\ff [2014-03-15]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\MediaWatchV1\MediaWatchV1home478\ff
FF Extension: Media Watch - C:\Program Files\MediaWatchV1\MediaWatchV1home478\ff [2014-03-22]
FF HKCU\...\Firefox\Extensions: [{77601b4f-338e-4abf-b114-dd2c0929031b}] - C:\Program Files\Re-markit-soft\157.xpi
FF Extension: Re-markit - C:\Program Files\Re-markit-soft\157.xpi [2014-03-22]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://www.key-find....Y0J293RLJ293RLX
D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjkggmndenlgcghfeaiflpbmbomhmaem
D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel
D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jdnbooglimgbkldcjceioecgifemmgno
D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lbeblclcidlaiilbpcfodbfjkahgamli
D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon
D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojjacahpggheelkpkjdkiiadpbfippic
CHR HKLM\...\Chrome\Extension: [bjkggmndenlgcghfeaiflpbmbomhmaem] - C:\Program Files\MediaViewV1\MediaViewV1alpha1095\ch\MediaViewV1alpha1095.crx [2014-02-26]
CHR HKLM\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - "C:\Program Files\Iminent\Iminent.crx" [2014-02-26]
CHR HKLM\...\Chrome\Extension: [lbeblclcidlaiilbpcfodbfjkahgamli] - C:\Program Files\MediaViewV1\MediaViewV1alpha893\ch\MediaViewV1alpha893.crx [2014-02-26]
CHR HKLM\...\Chrome\Extension: [ojjacahpggheelkpkjdkiiadpbfippic] - C:\Program Files\MediaWatchV1\MediaWatchV1home478\ch\MediaWatchV1home478.crx [2014-03-20]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-03-22]
R2 IePluginService; d:\data\All Users\Application Data\IePluginService\PluginService.exe [515584 2014-03-17] (Cherished Technololgy LIMITED)
d:\data\All Users\Application Data\IePluginService
R2 MgAssistService; C:\Program Files\Mobogenie\MgAssist.exe [70848 2014-03-12] ()
C:\Program Files\Mobogenie
R2 Re-markit; C:\Program Files\Re-markit-soft\Re-markit157.exe [197120 2014-03-22] ()
C:\Program Files\Re-markit-soft
R2 SProtection; C:\Program Files\Common Files\Umbrella\Umbrella260.exe [2930496 2014-03-17] (Iminent)
C:\Program Files\Common Files\Umbrella
R2 Update GrabRez; C:\Program Files\GrabRez\updateGrabRez.exe [348440 2014-03-20] ()
C:\Program Files\GrabRez
R2 Util GrabRez; C:\Program Files\GrabRez\bin\utilGrabRez.exe [348440 2014-03-20] ()
S2 WinkHandler; C:\Program Files\Iminent\WinkHandler.exe [425792 2014-03-17] ()
C:\Program Files\Iminent
R2 Wpm; d:\data\All Users\Application Data\WPM\wprotectmanager.exe [496640 2014-03-22] (Cherished Technololgy LIMITED)
d:\data\All Users\Application Data\WPM
2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\My Documents\PC Speed Maximizer
2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\Application Data\PC Speed Maximizer
2014-03-22 16:00 - 2014-03-22 16:16 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:01 - 00000374 _____ () C:\WINNT\Tasks\Re-markit_wd.job
2014-03-22 16:00 - 2014-03-22 16:01 - 00000000 ____D () C:\Program Files\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:00 - 00000603 _____ () D:\data\rainmaker\Desktop\Mobogenie.lnk
2014-03-22 16:00 - 2014-03-22 16:00 - 00000376 _____ () C:\WINNT\Tasks\Re-markit Update.job
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\Start Menu\Programs\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\My Documents\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () C:\Program Files\Re-markit-soft
2014-03-22 15:59 - 2014-03-23 12:59 - 00000514 _____ () C:\WINNT\Tasks\TidyNetwork Update.job
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\TidyNetwork
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\SupTab
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\key-find
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\All Users\Application Data\WPM
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\All Users\Application Data\IePluginService
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () C:\Program Files\TidyNetwork
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () C:\Program Files\SupTab
2014-03-22 15:57 - 2014-03-22 15:57 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Conduit
2014-03-22 15:57 - 2014-03-22 15:57 - 00000000 ____D () D:\data\rainmaker\Application Data\ValueApps
2014-03-22 15:57 - 2014-03-22 15:57 - 00000000 ____D () C:\Program Files\Conduit
2014-03-22 15:49 - 2014-03-22 15:49 - 00000669 _____ () D:\data\rainmaker\Desktop\PC Speed Maximizer.lnk
2014-03-22 15:49 - 2014-03-22 15:49 - 00000000 ____D () D:\data\All Users\Start Menu\Programs\PC Speed Maximizer
2014-03-22 15:49 - 2014-03-22 15:49 - 00000000 ____D () C:\Program Files\PC Speed Maximizer
2014-03-22 15:48 - 2014-03-22 15:58 - 00000000 ____D () D:\data\rainmaker\Application Data\IminentToolbar
2014-03-22 15:48 - 2014-03-22 15:48 - 00000000 ____D () C:\Program Files\IminentToolbar
2014-03-22 15:48 - 2014-03-22 15:48 - 00000000 ____D () C:\Program Files\Iminent
2014-03-22 15:48 - 2014-03-22 15:48 - 00000000 ____D () C:\Program Files\Common Files\Umbrella
2014-02-28 13:21 - 2014-03-15 17:21 - 00000000 ____D () C:\Program Files\MediaViewV1
2014-03-23 12:59 - 2014-03-22 15:59 - 00000514 _____ () C:\WINNT\Tasks\TidyNetwork Update.job
2014-03-22 17:21 - 2014-03-22 17:21 - 00000000 ____D () C:\Program Files\MediaWatchV1
2014-03-22 16:16 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Mobogenie
2014-03-06 06:15 - 2014-02-12 23:44 - 00000000 ____D () C:\Program Files\SearchProtect
D:\data\Admin\PKI_INST.BAT
D:\data\administrator.3YFK943Z\PKI_INST.BAT
D:\data\NetworkService\PKI_INST.BAT
D:\data\rainmaker\PKI_INST.BAT
D:\data\stozin\PKI_INST.BAT
D:\data\tpritcha\PKI_INST.BAT
d:\data\rainmaker\Local Settings\temp\setup__5043.exe
d:\data\rainmaker\Local Settings\temp\setup__5043.exe
Task: C:\WINNT\Tasks\AmiUpdXp.job => d:\data\rainmaker\Application Data\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\WINNT\Tasks\Re-markit Update.job => C:\Program Files\Re-markit-soft\ReMar.exe <==== ATTENTION
Task: C:\WINNT\Tasks\Re-markit_wd.job => C:\Program Files\Re-markit-soft\Re-markit_wd.exe <==== ATTENTION
Task: C:\WINNT\Tasks\TidyNetwork Update.job => d:\data\rainmaker\Local Settings\Application Data\TidyNetwork\petnupdate.exe
End
*****************

C:\Program Files\1clickmoviedownloader.com\MovieDownloader.exe => No running process found

"C:\Program Files\1clickmoviedownloader.com" directory move:

Could not move "C:\Program Files\1clickmoviedownloader.com" directory. => Scheduled to move on reboot.

C:\Program Files\GrabRez\updateGrabRez.exe => No running process found
C:\Program Files\GrabRez\bin\utilGrabRez.exe => No running process found
"C:\Program Files\GrabRez" => File/Directory not found.
C:\Program Files\Common Files\Umbrella\Umbrella260.exe => No running process found
C:\Program Files\Common Files\Umbrella => No running process found
C:\Program Files\PC Speed Maximizer\SPMSmartScan.exe => No running process found
C:\Program Files\PC Speed Maximizer => No running process found
d:\data\All Users\Application Data\WPM\wprotectmanager.exe => No running process found
[225064] d:\data\All Users\Application Data\IePluginService\PluginService.exe => Process closed successfully.
D:\data\All Users\Application Data\WPM => Moved successfully.
D:\data\All Users\Application Data\IePluginService => Moved successfully.
C:\Program Files\Mobogenie\MgAssist.exe => No running process found
C:\Program Files\Mobogenie\DaemonProcess.exe => No running process found
"C:\Program Files\Mobogenie" => File/Directory not found.
C:\Program Files\Re-markit-soft\Re-markit_wd.exe => No running process found
"C:\Program Files\Re-markit-soft" => File/Directory not found.
C:\Program Files\Re-markit-soft\Re-markit157.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\hugefiles2 => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon => Value deleted successfully.
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\Software\Microsoft\Windows\CurrentVersion\Run\\PC Speed Maximizer => Value not found.

"D:\data\rainmaker\Application Data\ValueApps" directory move:

Could not move "D:\data\rainmaker\Application Data\ValueApps\CH\TBVerifier.dll" => Scheduled to move on reboot.
Could not move "D:\data\rainmaker\Application Data\ValueApps" directory. => Scheduled to move on reboot.

C:\WINNT\system32\GroupPolicy\Machine => Moved successfully.
C:\WINNT\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} => Value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{460C3D19-B3D4-4964-A550-77D263B0CCCB} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112BA211-334C-4A90-90EC-2AD1CDAB287C} => Key not found.
HKCR\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C} => Key not found.
C:\Program Files\IminentToolbar => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key deleted successfully.
HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key deleted successfully.
C:\Program Files\SupTab => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a62326e-a555-4ce2-a187-f034ea6a08d8} => Key not found.
HKCR\CLSID\{6a62326e-a555-4ce2-a187-f034ea6a08d8} => Key not found.
C:\Program Files\MediaViewV1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346} => Key not found.
HKCR\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346} => Key not found.
C:\Program Files\Conduit => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} => Key not found.
HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} => Key not found.
C:\Program Files\Iminent => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0CB31EC-3EFF-359B-C453-F3E943B02C20} => Key not found.
HKCR\CLSID\{C0CB31EC-3EFF-359B-C453-F3E943B02C20} => Key not found.
"C:\Program Files\TidyNetwork" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e1420d09-acc8-4efd-9965-e7ae3c5b977c} => Key not found.
HKCR\CLSID\{e1420d09-acc8-4efd-9965-e7ae3c5b977c} => Key not found.
"C:\Program Files\GrabRez" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f90da889-3d73-46dd-b885-28d014abf887} => Key not found.
HKCR\CLSID\{f90da889-3d73-46dd-b885-28d014abf887} => Key not found.
C:\Program Files\MediaWatchV1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{1FAFD711-ABF9-4F6A-8130-5166C7371427} => Value not found.
HKCR\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => Value deleted successfully.
HKCR\CLSID\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\conduit-search.xml => Moved successfully.
d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\iminent.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\key-find.xml => Moved successfully.
"C:\Program Files\mozilla firefox\browser\searchplugins\StartWeb.xml" => not found.
d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\[email protected] => not found.
d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\[email protected] => not found.
d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} => Moved successfully.
d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\{1DEC6447-C74F-4886-9002-202C27C703F1}.xpi => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => Value not found.
C:\Program Files\MediaViewV1\MediaViewV1alpha893\ff => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => Value not found.
C:\Program Files\MediaViewV1\MediaViewV1alpha1095\ff => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => Value not found.
C:\Program Files\MediaWatchV1\MediaWatchV1home478\ff => not found.
HKCU\Software\Mozilla\Firefox\Extensions\\{77601b4f-338e-4abf-b114-dd2c0929031b} => Value not found.
C:\Program Files\Re-markit-soft\157.xpi => not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.
"D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjkggmndenlgcghfeaiflpbmbomhmaem" => File/Directory not found.
"D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel" => File/Directory not found.
"D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jdnbooglimgbkldcjceioecgifemmgno" => File/Directory not found.
"D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lbeblclcidlaiilbpcfodbfjkahgamli" => File/Directory not found.
"D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon" => File/Directory not found.
"D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojjacahpggheelkpkjdkiiadpbfippic" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\bjkggmndenlgcghfeaiflpbmbomhmaem => Key not found.
"C:\Program Files\MediaViewV1\MediaViewV1alpha1095\ch\MediaViewV1alpha1095.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl => Key not found.
""C:\Program Files\Iminent\Iminent.crx"" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\lbeblclcidlaiilbpcfodbfjkahgamli => Key not found.
"C:\Program Files\MediaViewV1\MediaViewV1alpha893\ch\MediaViewV1alpha893.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\ojjacahpggheelkpkjdkiiadpbfippic => Key not found.
"C:\Program Files\MediaWatchV1\MediaWatchV1home478\ch\MediaWatchV1home478.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma => Key deleted successfully.
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crx => Moved successfully.
IePluginService => Service deleted successfully.
"d:\data\All Users\Application Data\IePluginService" => File/Directory not found.
MgAssistService => Service not found.
"C:\Program Files\Mobogenie" => File/Directory not found.
Re-markit => Service not found.
"C:\Program Files\Re-markit-soft" => File/Directory not found.
SProtection => Service not found.
"C:\Program Files\Common Files\Umbrella" => File/Directory not found.
Update GrabRez => Service not found.
"C:\Program Files\GrabRez" => File/Directory not found.
Util GrabRez => Service not found.
WinkHandler => Service not found.
"C:\Program Files\Iminent" => File/Directory not found.
Wpm => Service not found.
"d:\data\All Users\Application Data\WPM" => File/Directory not found.
"2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\My Documents\PC Speed Maximizer" => File/Directory not found.
"2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\Application Data\PC Speed Maximizer" => File/Directory not found.
"2014-03-22 16:00 - 2014-03-22 16:16 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Mobogenie" => File/Directory not found.
"C:\WINNT\Tasks\Re-markit_wd.job" => File/Directory not found.
"C:\Program Files\Mobogenie" => File/Directory not found.
"2014-03-22 16:00 - 2014-03-22 16:00 - 00000603 _____ () D:\data\rainmaker\Desktop\Mobogenie.lnk" => File/Directory not found.
"C:\WINNT\Tasks\Re-markit Update.job" => File/Directory not found.
"2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\Start Menu\Programs\Mobogenie" => File/Directory not found.
"2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\My Documents\Mobogenie" => File/Directory not found.
"C:\Program Files\Re-markit-soft" => File/Directory not found.
"C:\WINNT\Tasks\TidyNetwork Update.job" => File/Directory not found.
"2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\TidyNetwork" => File/Directory not found.
"2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\SupTab" => File/Directory not found.
"2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\key-find" => File/Directory not found.
"2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\All Users\Application Data\WPM" => File/Directory not found.
"2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\All Users\Application Data\IePluginService" => File/Directory not found.
"C:\Program Files\TidyNetwork" => File/Directory not found.
"C:\Program Files\SupTab" => File/Directory not found.
"2014-03-22 15:57 - 2014-03-22 15:57 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Conduit" => File/Directory not found.
"2014-03-22 15:57 - 2014-03-22 15:57 - 00000000 ____D () D:\data\rainmaker\Application Data\ValueApps" => File/Directory not found.
"C:\Program Files\Conduit" => File/Directory not found.
"2014-03-22 15:49 - 2014-03-22 15:49 - 00000669 _____ () D:\data\rainmaker\Desktop\PC Speed Maximizer.lnk" => File/Directory not found.
"2014-03-22 15:49 - 2014-03-22 15:49 - 00000000 ____D () D:\data\All Users\Start Menu\Programs\PC Speed Maximizer" => File/Directory not found.
"C:\Program Files\PC Speed Maximizer" => File/Directory not found.
"2014-03-22 15:48 - 2014-03-22 15:58 - 00000000 ____D () D:\data\rainmaker\Application Data\IminentToolbar" => File/Directory not found.
"C:\Program Files\IminentToolbar" => File/Directory not found.
"C:\Program Files\Iminent" => File/Directory not found.
"C:\Program Files\Common Files\Umbrella" => File/Directory not found.
"C:\Program Files\MediaViewV1" => File/Directory not found.
"C:\WINNT\Tasks\TidyNetwork Update.job" => File/Directory not found.
"C:\Program Files\MediaWatchV1" => File/Directory not found.
"2014-03-22 16:16 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Mobogenie" => File/Directory not found.
"C:\Program Files\SearchProtect" => File/Directory not found.
D:\data\Admin\PKI_INST.BAT => Moved successfully.
D:\data\administrator.3YFK943Z\PKI_INST.BAT => Moved successfully.
D:\data\NetworkService\PKI_INST.BAT => Moved successfully.
D:\data\rainmaker\PKI_INST.BAT => Moved successfully.
D:\data\stozin\PKI_INST.BAT => Moved successfully.
D:\data\tpritcha\PKI_INST.BAT => Moved successfully.
d:\data\rainmaker\Local Settings\temp\setup__5043.exe => Moved successfully.
"d:\data\rainmaker\Local Settings\temp\setup__5043.exe" => File/Directory not found.
C:\WINNT\Tasks\AmiUpdXp.job not found.
C:\WINNT\Tasks\Re-markit Update.job not found.
C:\WINNT\Tasks\Re-markit_wd.job not found.
C:\WINNT\Tasks\TidyNetwork Update.job not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-23 22:14:50)<=

C:\Program Files\1clickmoviedownloader.com => Is moved successfully.
D:\data\rainmaker\Application Data\ValueApps\CH\TBVerifier.dll => Moved successfully.
D:\data\rainmaker\Application Data\ValueApps => Moved successfully.

==== End of Fixlog ====

# AdwCleaner v3.022 - Report created 23/03/2014 at 22:17:10
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : rainmaker - 3YFK943Z
# Running from : D:\data\rainmaker\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\user.js
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Found : d:\END
Folder Found : d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\[email protected]
Folder Found d:\data\NetworkService\Local Settings\Application Data\SearchProtect
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\rainmaker\Application Data\IminentToolbar
Folder Found d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\ValueApps
Folder Found d:\data\rainmaker\Application Data\SupTab
Folder Found d:\data\rainmaker\Application Data\SwvUpdater
Folder Found d:\data\rainmaker\Local Settings\Application Data\Conduit
Folder Found d:\data\rainmaker\Local Settings\Application Data\cool_mirage
Folder Found d:\data\rainmaker\Local Settings\Application Data\Mobogenie
Folder Found d:\data\rainmaker\Local Settings\Application Data\SearchProtect
Folder Found d:\data\rainmaker\Local Settings\Application Data\webplayer
Folder Found d:\data\rainmaker\My Documents\Mobogenie
Folder Found d:\data\rainmaker\My Documents\PC Speed Maximizer

***** [ Shortcuts ] *****

Shortcut Found : d:\data\rainmaker\Start Menu\Programs\FLV Player\Uninstall.lnk ( _?=d:\data\rainmaker\Local Settings\Application Data\WebPlayer\FLV Player )

***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Found : HKCU\Software\Webplayer
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\Iminent
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Found : HKLM\Software\supTab
Key Found : HKLM\Software\supWPM
Key Found : HKLM\Software\Wpm
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\prefs.js ]

Line Found : user_pref("extensions.iminent.admin", false);
Line Found : user_pref("extensions.iminent.aflt", "orgnl");
Line Found : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Line Found : user_pref("extensions.iminent.autoRvrt", "false");
Line Found : user_pref("extensions.iminent.cntry", "US");
Line Found : user_pref("extensions.iminent.dfltLng", "");
Line Found : user_pref("extensions.iminent.excTlbr", false);
Line Found : user_pref("extensions.iminent.ffxUnstlRst", false);
Line Found : user_pref("extensions.iminent.hdrMd5", "16C755C0A66C3CFB3CD290DD65FC8853");
Line Found : user_pref("extensions.iminent.id", "00da752d000000000000444553544200");
Line Found : user_pref("extensions.iminent.instlDay", "16151");
Line Found : user_pref("extensions.iminent.instlRef", "");
Line Found : user_pref("extensions.iminent.lastVrsnTs", "1.8.28.315:48:44");
Line Found : user_pref("extensions.iminent.newTab", false);
Line Found : user_pref("extensions.iminent.prdct", "iminent");
Line Found : user_pref("extensions.iminent.prtnrId", "iminent");
Line Found : user_pref("extensions.iminent.rvrt", "false");
Line Found : user_pref("extensions.iminent.sg", "none");
Line Found : user_pref("extensions.iminent.smplGrp", "none");
Line Found : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Line Found : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Line Found : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Line Found : user_pref("extensions.iminent.vrsnTs", "1.8.28.315:48:44");
Line Found : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Line Found : user_pref("iminent.LayoutId", "1");
Line Found : user_pref("iminent.adapters", "{\"iminent\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"AdapterKey\":\"iminent\",\"v\":true,\"p\":0,\"t\":1,\"th\":0.275,\"expireTime\":\"139551773824286400\"[...]
Line Found : user_pref("iminent.enabledAds", "false");
Line Found : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//i.iminentjs.info/imitin/javascript.js\",\"queryS[...]
Line Found : user_pref("iminent.newtabredirect", "true");
Line Found : user_pref("iminent.nomsi", "true");
Line Found : user_pref("iminent.registerToolbarEvent101", "1395517955112");
Line Found : user_pref("iminent.searchindex", "1");
Line Found : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
Line Found : user_pref("iminent.version", "8.10.2.1");
Line Found : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.10.2.1\",\"InstallEventCTime\":1395600279734}");
Line Found : user_pref("valueApps.ct3316263./9B+7E.:2z527.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E/x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E06CG5EL8:", "6E6D686D6E6B70737470");
Line Found : user_pref("valueApps.ct3316263./9B+7E06CG5EL8:.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E73747176797A76242F4B49474F42357D5D5C3D");
Line Found : user_pref("valueApps.ct3316263./9B+7E06CG5EL;8I:K.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B+7E0x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E1x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E2x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E31;CJ7FK;KG#8QKEF)TIL.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E3x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E6x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E7x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E9x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E:x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E;x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E<x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E>x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E?x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7EAx305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Found : user_pref("valueApps.ct3316263./9B+7EBE3G=;D9N9=D.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B+7EBx305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7ECx305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7EDx305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B-0?3G>D", "6B6B3D6942426E6F7A44797974207B78497A257B52217D2A53552523272D5B2A2E31315C");
Line Found : user_pref("valueApps.ct3316263./9B-0?3G>D.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./[email protected]:5;", "");
Line Found : user_pref("valueApps.ct3316263./[email protected]:5;.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B-0?3GFA7EF", "2B2E2C3D");
Line Found : user_pref("valueApps.ct3316263./9B-0?3GFA7EF.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");
Line Found : user_pref("valueApps.ct3316263./9B-3=3ECCJA=F>.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B/>01=9A6K6<IM;[email protected]", "6A696B7273747576");
Line Found : user_pref("valueApps.ct3316263./9B/>01=9A6K6<IM;[email protected]", false);
Line Found : user_pref("valueApps.ct3316263./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Found : user_pref("valueApps.ct3316263./9B3=>@44I48?.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B5BA==9CJAG", "6A3C696A6C433F447A7572797647794D794F4E2221");
Line Found : user_pref("valueApps.ct3316263./9B5BA==9CJAG.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B6B11G4C56B>F;P;[email protected]", "6E6D686D6E6B6F73736F747374");
Line Found : user_pref("valueApps.ct3316263./9B6B11G4C56B>F;P;[email protected]", false);
Line Found : user_pref("valueApps.ct3316263./[email protected];7B=?OFB>>RHIQS", "393F352F3E");
Line Found : user_pref("valueApps.ct3316263./[email protected];7B=?OFB>>RHIQS.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B9643G3/9E", "6A");
Line Found : user_pref("valueApps.ct3316263./9B9643G3/9E.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B;45>:BI9I7IE", "2B2E2C3D");
Line Found : user_pref("valueApps.ct3316263./9B;45>:BI9I7IE.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B<:222H64<", "393F352F3E");
Line Found : user_pref("valueApps.ct3316263./9B<:222H64<.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B<:222H64<L8DAJ", "6D70706E7674727975762A797272797A75207E");
Line Found : user_pref("valueApps.ct3316263./9B<:222H64<L8DAJ.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B=+03EH8H8J?:", "4443");
Line Found : user_pref("valueApps.ct3316263./9B=+03EH8H8J?:.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Found : user_pref("valueApps.ct3316263./9B?+E2A52D8.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B?B0D:8AJ62<H", "6D");
Line Found : user_pref("valueApps.ct3316263./9B?B0D:8AJ62<H.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./[email protected]<0BI6A7GN:[email protected]?", "6C");
Line Found : user_pref("valueApps.ct3316263./[email protected]<0BI6A7GN:[email protected]?.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.PG_ENABLE", "74727565");
Line Found : user_pref("valueApps.ct3316263.PG_ENABLE.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.SF_JUST_INSTALLED", "46414C5345");
Line Found : user_pref("valueApps.ct3316263.SF_JUST_INSTALLED.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.SF_USER_ID", "6369645F32323332303134313631313435333936393333");
Line Found : user_pref("valueApps.ct3316263.SF_USER_ID.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263._key_cl_active", "39656563346130622D303533362D343034302D393037642D656637376465656366346333");
Line Found : user_pref("valueApps.ct3316263._key_cl_active.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.cb_experience_000", "39");
Line Found : user_pref("valueApps.ct3316263.cb_experience_000.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.cb_firstuse0100", "31");
Line Found : user_pref("valueApps.ct3316263.cb_firstuse0100.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.cb_user_id_000", "43423232393239373034353734315F313339353539373132343739385F46697265666F78");
Line Found : user_pref("valueApps.ct3316263.cb_user_id_000.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.cbfirsttime", "536174204D617220323220323031342031363A30313A313320474D542D3034303020284561737465726E205374616E646172642054696D6529");
Line Found : user_pref("valueApps.ct3316263.cbfirsttime.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.impression_session_counter", "33");
Line Found : user_pref("valueApps.ct3316263.impression_session_counter.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.impression_session_id", "2233303432383239622D663734352D343739662D626561322D36356563323161643430653422");
Line Found : user_pref("valueApps.ct3316263.impression_session_id.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.impression_session_last_active", "31333935363234343535333637");
Line Found : user_pref("valueApps.ct3316263.impression_session_last_active.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_appStateReportTime", "31333935363234343531343130");
Line Found : user_pref("valueApps.ct3316263.mam_gk_appStateReportTime.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_appState_Clarity_Active", "6F6E");
Line Found : user_pref("valueApps.ct3316263.mam_gk_appState_Clarity_Active.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_appsConfig.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Found : user_pref("valueApps.ct3316263.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_calledSetupService", "31");
Line Found : user_pref("valueApps.ct3316263.mam_gk_calledSetupService.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_currentVersion", "312E31332E302E3137");
Line Found : user_pref("valueApps.ct3316263.mam_gk_currentVersion.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_first_time", "31");
Line Found : user_pref("valueApps.ct3316263.mam_gk_first_time.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_lastInstallationSessionGuid", "7B32613736666234642D353936622D346632392D623863352D6664633837303739323237617D");
Line Found : user_pref("valueApps.ct3316263.mam_gk_lastInstallationSessionGuid.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_lastLoginTime", "31333935363234343531373731");
Line Found : user_pref("valueApps.ct3316263.mam_gk_lastLoginTime.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_localization.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263.mam_gk_mamEnabled", "74727565");
Line Found : user_pref("valueApps.ct3316263.mam_gk_mamEnabled.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_settings1.13.0.17.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263.mam_gk_showWelcomeGadget", "66616C7365");
Line Found : user_pref("valueApps.ct3316263.mam_gk_showWelcomeGadget.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_stamp", "313034335F30");
Line Found : user_pref("valueApps.ct3316263.mam_gk_stamp.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_userBornDate", "3230313430333232");
Line Found : user_pref("valueApps.ct3316263.mam_gk_userBornDate.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_userId", "62653439653366302D333736362D343264632D396336642D346431353664323761663230");
Line Found : user_pref("valueApps.ct3316263.mam_gk_userId.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_user_approval_interacted", "");
Line Found : user_pref("valueApps.ct3316263.mam_gk_user_approval_interacted.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.rematchGround-country-code", "22555322");
Line Found : user_pref("valueApps.ct3316263.rematchGround-country-code.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.rematchGround.upstairs", "7B22687474703A2F2F66617374636F6E74656E742E636F6E647569742E636F6D2F646F776E6C6F61645F6F66666572732E68746D6C3F637469643D6374333331363236337E62313[...]
Line Found : user_pref("valueApps.ct3316263.rematchGround.upstairs.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.rematchagent-is-test-user", "66616C7365");
Line Found : user_pref("valueApps.ct3316263.rematchagent-is-test-user.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.rematchagent-matkot-user-id", "22313339353531373437333437343536323334353622");
Line Found : user_pref("valueApps.ct3316263.rematchagent-matkot-user-id.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.rematchagent-periodic-reports", "7B2270696E675F30223A5B313339353632343435343135362C31343430303030305D7D");
Line Found : user_pref("valueApps.ct3316263.rematchagent-periodic-reports.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.rematchagent-user-id", "2266643061656139362D643065382D343238662D386366342D36336433656164653566643722");
Line Found : user_pref("valueApps.ct3316263.rematchagent-user-id.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.url_history0001.storedInFile", true);

[ File : d:\data\Admin\Application Data\Mozilla\Firefox\Profiles\ilojflhm.default\prefs.js ]


-\\ Google Chrome v

[ File : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12898 octets] - [14/01/2014 13:44:38]
AdwCleaner[R1].txt - [21976 octets] - [23/03/2014 22:17:10]
AdwCleaner[S0].txt - [13294 octets] - [14/01/2014 13:46:37]

########## EOF - d:\AdwCleaner\AdwCleaner[R1].txt - [22098 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by rainmaker on 2014/03/23 at 22:20:26.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "d:\data\rainmaker\Application Data\swvupdater"
Successfully deleted: [Folder] "d:\data\rainmaker\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "d:\data\rainmaker\Local Settings\Application Data\cool_mirage"
Successfully deleted: [Folder] "d:\data\rainmaker\Local Settings\Application Data\mobogenie"
Successfully deleted: [Folder] "d:\data\rainmaker\Local Settings\Application Data\searchprotect"
Failed to delete: [Folder] "d:\data\rainmaker\Local Settings\Application Data\webplayer"



~~~ FireFox

Successfully deleted: [File] d:\data\rainmaker\Application Data\mozilla\firefox\profiles\0gqxbqod.default\user.js
Successfully deleted the following from d:\data\rainmaker\Application Data\mozilla\firefox\profiles\0gqxbqod.default\prefs.js

user_pref("iminent.adapters", "{\"iminent\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"AdapterKey\":\"iminent\",\"v\":true,\"p\":0,\"t\":1,\"th\":0.275,\"expireTime





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014/03/23 at 22:28:37.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by rainmaker (administrator) on 3YFK943Z on 23-03-2014 22:29:24
Running from D:\data\rainmaker\Desktop
Microsoft Windows XP Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\WINNT\System32\smss.exe
(Microsoft Corporation) C:\WINNT\system32\csrss.exe
(Microsoft Corporation) C:\WINNT\system32\winlogon.exe
(Microsoft Corporation) C:\WINNT\system32\services.exe
(Microsoft Corporation) C:\WINNT\system32\lsass.exe
() C:\WINNT\system32\ibmpmsvc.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\System32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\spoolsv.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(DameWare Development LLC) C:\WINNT\system32\DWRCS.EXE
() C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
(DameWare Development) C:\WINNT\system32\DWRCST.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Lenovo.) C:\WINNT\System32\TPHDEXLG.EXE
(Alexandria Software Consulting) c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(IBM Corp.) C:\IBMTOOLS\UTILS\ibmprc.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
(Intel Corporation) C:\WINNT\system32\igfxtray.exe
(Intel Corporation) C:\WINNT\system32\hkcmd.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\McTray.exe
(Intel Corporation) C:\WINNT\system32\igfxpers.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\WINNT\system32\rundll32.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\WINNT\System32\alg.exe
(Lenovo, Ltd. and IBM Corporation.) C:\WINNT\system32\TpShocks.exe
() C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
() C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BitTorrent Inc.) C:\Program Files\BitTorrent\BitTorrent.exe
(Microsoft Corporation) C:\WINNT\system32\ctfmon.exe
() D:\data\rainmaker\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe
(Nortel Networks) C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\WINNT\system32\wuauclt.exe
(Google Inc.) D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINNT\explorer.exe
(Google Inc.) D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IBMPRC] - C:\IBMTOOLS\UTILS\ibmprc.exe [90112 2005-04-27] (IBM Corp.)
HKLM\...\Run: [McAfeeUpdaterUI] - C:\Program Files\Network Associates\Common Framework\UdaterUI.exe [136512 2007-12-14] (McAfee, Inc.)
HKLM\...\Run: [igfxtray] - C:\WINNT\system32\igfxtray.exe [94208 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] - C:\WINNT\system32\hkcmd.exe [77824 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] - C:\WINNT\system32\igfxpers.exe [118784 2006-09-15] (Intel Corporation)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-12-15] (Analog Devices, Inc.)
HKLM\...\Run: [PWRMGRTR] - C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL [151552 2005-12-07] (Lenovo Group Limited)
HKLM\...\Run: [BLOG] - C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL [208896 2005-12-07] ()
HKLM\...\Run: [SynTPLpr] - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [110592 2005-09-15] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [512000 2005-09-15] (Synaptics, Inc.)
HKLM\...\Run: [TpShocks] - C:\WINNT\system32\TpShocks.exe [106496 2005-11-07] (Lenovo, Ltd. and IBM Corporation.)
HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [94208 2006-02-01] ()
HKLM\...\Run: [SmcService] - C:\Program Files\Sygate\SSA\Smc.exe [2635480 2006-07-25] (Sygate Technologies, Inc.)
HKLM\...\Run: [ShStatEXE] - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [111952 2007-10-16] (McAfee, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [413696 2009-05-26] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [292136 2009-06-05] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\WINNT\system32\userinit.exe,
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [UIHost] logonui.exe [x ] ()
Winlogon\Notify\crypt32chain: C:\WINNT\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINNT\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINNT\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINNT\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINNT\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINNT\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\tpfnf2: C:\WINNT\system32\notifyf2.dll ()
Winlogon\Notify\tphotkey: C:\WINNT\system32\tphklock.dll ()
Winlogon\Notify\wlballoon: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434528 2006-10-26] (Microsoft Corporation)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [BitTorrent] - C:\Program Files\BitTorrent\BitTorrent.exe [882520 2013-05-16] (BitTorrent Inc.)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6591800 2012-02-22] (Yahoo! Inc.)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [ctfmon.exe] - C:\WINNT\system32\ctfmon.exe [15360 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [Google Update] - d:\data\rainmaker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-07-03] (Google Inc.)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [FLV Player] - D:\data\rainmaker\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe [202752 2012-10-26] ()
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\PROGRA~1\SupTab\SEARCH~1.DLL File Not Found
Startup: D:\data\All Users\Start Menu\Programs\Startup\TunnelGuard Tray Monitor.lnk
ShortcutTarget: TunnelGuard Tray Monitor.lnk -> C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE (Nortel Networks)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\system32\shell32.dll [8460288 2007-10-25] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - d:\data\rainmaker\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\aol-search.xml
FF Extension: Quick Start - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\[email protected] [2014-03-22]
FF Extension: Firebug - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\[email protected] [2012-12-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [[email protected]] - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\[email protected]
FF Extension: Quick Start - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\qu[email protected] [2014-03-22]

Chrome:
=======
CHR HomePage: hxxp://www.key-find.com/?type=hp&ts=1395624075&from=amt&uid=HTS721010G9SA00_MPDZN7Y0J293RLJ293RLX
CHR RestoreOnStartup: "sync": {
"suppress_start"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Google Update) - d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - d:\data\rainmaker\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Extension: (Google Wallet) - D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-14]
CHR StartMenuInternet: Google Chrome - D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S3 AdobeFlashPlayerUpdateSvc; C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-04-14] (Adobe Systems Incorporated)
S4 Alerter; C:\WINNT\system32\alrsvc.dll [17408 2004-08-04] (Microsoft Corporation)
R3 ALG; C:\WINNT\System32\alg.exe [44544 2004-08-04] (Microsoft Corporation)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.)
S3 AppMgmt; C:\WINNT\System32\appmgmts.dll [167936 2004-08-04] (Microsoft Corporation)
S3 aspnet_state; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
R2 AudioSrv; C:\WINNT\System32\audiosrv.dll [42496 2004-08-04] (Microsoft Corporation)
S3 BITS; C:\WINNT\system32\qmgr.dll [382464 2004-08-04] (Microsoft Corporation)
S2 Browser; C:\WINNT\System32\browser.dll [77312 2004-08-04] (Microsoft Corporation)
S2 CcmExec; C:\WINNT\system32\CCM\CcmExec.exe [578784 2006-02-09] (Microsoft Corporation)
S3 CiSvc; C:\WINNT\system32\cisvc.exe [5632 2004-08-04] (Microsoft Corporation)
S3 ClipSrv; C:\WINNT\system32\clipsrv.exe [33280 2004-08-04] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S3 COMSysApp; C:\WINNT\system32\dllhost.exe [5120 2004-08-04] (Microsoft Corporation)
R2 CryptSvc; C:\WINNT\System32\cryptsvc.dll [60416 2004-08-04] (Microsoft Corporation)
R2 DcomLaunch; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINNT\System32\dhcpcsvc.dll [111616 2006-05-19] (Microsoft Corporation)
S3 dmadmin; C:\WINNT\System32\dmadmin.exe [224768 2004-08-04] (Microsoft Corp., Veritas Software)
S3 dmserver; C:\WINNT\System32\dmserver.dll [23552 2004-08-04] (Microsoft Corp.)
R2 Dnscache; C:\WINNT\System32\dnsrslvr.dll [45568 2008-02-20] (Microsoft Corporation)
R2 DWMRCS; C:\WINNT\system32\DWRCS.EXE [222720 2007-07-25] (DameWare Development LLC)
R2 ERSvc; C:\WINNT\System32\ersvc.dll [23040 2004-08-04] (Microsoft Corporation)
R2 Eventlog; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINNT\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
S3 ExtranetAccess; C:\Program Files\Nexxia\Extranet_serv.exe [835584 2006-05-09] (Nortel Networks NA, Inc.)
S3 FastUserSwitchingCompatibility; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
R2 helpsvc; C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll [38912 2004-08-04] (Microsoft Corporation)
R2 HidServ; C:\WINNT\System32\hidserv.dll [21504 2004-08-04] (Microsoft Corporation)
S3 HTTPFilter; C:\WINNT\System32\w3ssl.dll [15872 2004-08-04] (Microsoft Corporation)
R2 IBM Rapid Restore Ultra Service; C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [385024 2005-10-06] ()
R2 IBMPMSVC; C:\WINNT\system32\ibmpmsvc.exe [73782 2005-11-11] ()
S3 idsvc; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINNT\system32\imapi.exe [150016 2004-08-04] (Microsoft Corporation)
S3 iPassConnectEngine; C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe [1310720 2006-11-30] (iPass, Inc.)
R3 iPassPeriodicUpdateApp; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe [126976 2006-11-29] (iPass, Inc.)
R2 iPassPeriodicUpdateService; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe [86016 2006-11-29] (iPass, Inc.)
S4 Irmon; C:\WINNT\System32\irmon.dll [27136 2004-08-03] (Microsoft Corporation)
R2 lanmanserver; C:\WINNT\System32\srvsvc.dll [96768 2004-12-07] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINNT\System32\wkssvc.dll [134144 2009-06-10] (Microsoft Corporation)
R2 LmHosts; C:\WINNT\System32\lmhsvc.dll [13824 2004-08-04] (Microsoft Corporation)
S3 magaService; c:\Program Files\Sygate\SSA\maga\maga.exe [323658 2006-07-25] (Sygate Technologies, Inc.)
R2 McAfeeFramework; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [103744 2007-12-14] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144704 2007-10-16] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54608 2007-10-16] (McAfee, Inc.)
S4 Messenger; C:\WINNT\System32\msgsvc.dll [33792 2004-08-04] (Microsoft Corporation)
S3 mnmsrvc; C:\WINNT\system32\mnmsrvc.exe [32768 2004-08-04] (Microsoft Corporation)
S3 MSDTC; C:\WINNT\system32\msdtc.exe [6144 2004-08-04] (Microsoft Corporation)
S2 MSIServer; C:\WINNT\System32\msiexec.exe [78848 2005-05-03] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
S4 NetDDE; C:\WINNT\system32\netdde.exe [111104 2004-08-04] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINNT\system32\netdde.exe [111104 2004-08-04] (Microsoft Corporation)
R2 Netlogon; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
R3 Netman; C:\WINNT\System32\netman.dll [197632 2005-08-22] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [132096 2008-07-29] (Microsoft Corporation)
R3 Nla; C:\WINNT\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 NtmsSvc; C:\WINNT\system32\ntmssvc.dll [435200 2004-08-04] (Microsoft Corporation)
R2 PlugPlay; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
S4 PolicyAgent; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 RasAuto; C:\WINNT\System32\rasauto.dll [89088 2004-08-04] (Microsoft Corporation)
R3 RasMan; C:\WINNT\System32\rasmans.dll [181248 2006-06-22] (Microsoft Corporation)
S3 RDSessMgr; C:\WINNT\system32\sessmgr.exe [140800 2004-08-04] (Microsoft Corporation)
S4 RemoteAccess; C:\WINNT\System32\mprdim.dll [49152 2002-08-29] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINNT\system32\regsvc.dll [59904 2004-08-04] (Microsoft Corporation)
S3 RpcLocator; C:\WINNT\system32\locator.exe [75264 2004-08-04] (Microsoft Corporation)
R2 RpcSs; C:\WINNT\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINNT\system32\rsvp.exe [132608 2002-08-29] (Microsoft Corporation)
R2 SamSs; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 SCardSvr; C:\WINNT\System32\SCardSvr.exe [95744 2004-08-04] (Microsoft Corporation)
R2 Schedule; C:\WINNT\system32\schedsvc.dll [190976 2004-08-04] (Microsoft Corporation)
R2 seclogon; C:\WINNT\System32\seclogon.dll [18944 2004-08-04] (Microsoft Corporation)
R2 SENS; C:\WINNT\system32\sens.dll [38912 2004-08-04] (Microsoft Corporation)
R2 SharedAccess; C:\WINNT\System32\ipnathlp.dll [331264 2004-08-04] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
S4 SmcService; c:\Program Files\Sygate\SSA\smc.exe [2635480 2006-07-25] (Sygate Technologies, Inc.)
R2 Spooler; C:\WINNT\system32\spoolsv.exe [57856 2005-06-10] (Microsoft Corporation)
R2 srservice; C:\WINNT\system32\srsvc.dll [170496 2004-08-04] (Microsoft Corporation)
R3 SSDPSRV; C:\WINNT\System32\ssdpsrv.dll [71680 2004-08-04] (Microsoft Corporation)
R2 stisvc; C:\WINNT\system32\wiaservc.dll [333824 2006-12-19] (Microsoft Corporation)
S3 SwPrv; C:\WINNT\system32\dllhost.exe [5120 2004-08-04] (Microsoft Corporation)
S3 SysmonLog; C:\WINNT\system32\smlogsvc.exe [89600 2004-08-04] (Microsoft Corporation)
R3 TapiSrv; C:\WINNT\System32\tapisrv.dll [249344 2005-07-08] (Microsoft Corporation)
R3 TermService; C:\WINNT\System32\termsrv.dll [295424 2004-08-04] (Microsoft Corporation)
R2 Themes; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
S3 TlntSvr; C:\WINNT\system32\tlntsvr.exe [73216 2004-08-04] (Microsoft Corporation)
R2 TPHDEXLGSVC; C:\WINNT\System32\TPHDEXLG.EXE [77824 2005-06-20] (Lenovo.)
R2 TrkWks; C:\WINNT\system32\trkwks.dll [90624 2004-08-04] (Microsoft Corporation)
R2 tunnelguardservice; c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe [53248 2005-09-06] (Alexandria Software Consulting)
S3 upnphost; C:\WINNT\System32\upnphost.dll [185344 2007-02-05] (Microsoft Corporation)
S3 UPS; C:\WINNT\System32\ups.exe [18432 2004-08-04] (Microsoft Corporation)
S3 VSS; C:\WINNT\System32\vssvc.exe [289792 2004-08-04] (Microsoft Corporation)
R2 W32Time; C:\WINNT\system32\w32time.dll [174592 2004-08-04] (Microsoft Corporation)
R2 WebClient; C:\WINNT\System32\webclnt.dll [68096 2006-01-03] (Microsoft Corporation)
R2 winmgmt; C:\WINNT\system32\wbem\WMIsvc.dll [144896 2004-08-04] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINNT\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
S3 Wmi; C:\WINNT\System32\advapi32.dll [617984 2009-02-09] (Microsoft Corporation)
S3 WmiApSrv; C:\WINNT\system32\wbem\wmiapsrv.exe [126464 2004-08-04] (Microsoft Corporation)
S2 wscsvc; C:\WINNT\system32\wscsvc.dll [81408 2004-08-04] (Microsoft Corporation)
R2 wuauserv; C:\WINNT\system32\wuauserv.dll [6656 2004-08-04] (Microsoft Corporation)
S3 WudfSvc; C:\WINNT\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
R2 WZCSVC; C:\WINNT\System32\wzcsvc.dll [474624 2005-04-20] (Microsoft Corporation)
S3 xmlprov; C:\WINNT\System32\xmlprov.dll [129536 2004-08-04] (Microsoft Corporation)
S3 PsaSrv; C:\WINNT\system32\PsaSrv.exe [X]

==================== Drivers (Whitelisted) ====================

R0 ACPI; C:\WINNT\System32\DRIVERS\ACPI.sys [187776 2004-08-04] (Microsoft Corporation)
R0 ACPIEC; C:\WINNT\System32\DRIVERS\ACPIEC.sys [11648 2002-08-29] (Microsoft Corporation)
R3 ADIHdAudAddService; C:\WINNT\System32\drivers\ADIHdAud.sys [173056 2005-12-15] (Analog Devices, Inc.)
R3 AEAudioService; C:\WINNT\System32\drivers\AEAudio.sys [152960 2005-12-15] (Andrea Electronics Corporation)
S3 aec; C:\WINNT\System32\drivers\aec.sys [142464 2004-08-03] (Microsoft Corporation)
R1 AFD; C:\WINNT\System32\drivers\afd.sys [138368 2008-08-14] (Microsoft Corporation)
R0 ANCSQ; C:\WINNT\System32\drivers\ANCSQ.sys [6912 2005-04-27] (IBM Corp.)
S3 AsyncMac; C:\WINNT\System32\DRIVERS\asyncmac.sys [14336 2004-08-03] (Microsoft Corporation)
R0 atapi; C:\WINNT\System32\DRIVERS\atapi.sys [95360 2004-08-03] (Microsoft Corporation)
S3 Atmarpc; C:\WINNT\System32\DRIVERS\atmarpc.sys [59904 2004-08-03] (Microsoft Corporation)
R3 atmeltpm; C:\WINNT\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.)
R3 audstub; C:\WINNT\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R1 Beep; C:\WINNT\system32\Drivers\Beep.sys [4224 2002-08-29] (Microsoft Corporation)
S4 cbidf2k; C:\WINNT\system32\Drivers\cbidf2k.sys [13952 2002-08-29] (Microsoft Corporation)
S1 Cdaudio; C:\WINNT\system32\Drivers\Cdaudio.sys [18688 2002-08-29] (Microsoft Corporation)
R4 Cdfs; C:\WINNT\system32\Drivers\Cdfs.sys [63744 2004-08-03] (Microsoft Corporation)
R1 Cdrom; C:\WINNT\System32\DRIVERS\cdrom.sys [49536 2004-08-04] (Microsoft Corporation)
R3 CmBatt; C:\WINNT\System32\DRIVERS\CmBatt.sys [14080 2004-08-03] (Microsoft Corporation)
R0 Compbatt; C:\WINNT\System32\DRIVERS\compbatt.sys [9344 2001-08-17] (Microsoft Corporation)
R0 Disk; C:\WINNT\System32\DRIVERS\disk.sys [36352 2004-08-04] (Microsoft Corporation)
S4 dmboot; C:\WINNT\System32\drivers\dmboot.sys [799744 2004-08-03] (Microsoft Corp., Veritas Software)
S4 dmio; C:\WINNT\System32\drivers\dmio.sys [153344 2004-08-03] (Microsoft Corp., Veritas Software)
S4 dmload; C:\WINNT\System32\drivers\dmload.sys [5888 2002-08-29] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINNT\System32\drivers\DMusic.sys [52864 2004-08-03] (Microsoft Corporation)
S3 drmkaud; C:\WINNT\System32\drivers\drmkaud.sys [2944 2004-08-03] (Microsoft Corporation)
R3 DwMirror; C:\WINNT\System32\DRIVERS\DamewareMini.sys [2944 2007-02-07] (DameWare Development, Inc.)
R1 dwvkbd; C:\WINNT\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
R3 e1express; C:\WINNT\System32\DRIVERS\e1e5132.sys [181760 2006-01-22] (Intel Corporation)
R3 Eacfilt; C:\WINNT\System32\DRIVERS\eacfilt.sys [24521 2006-05-09] (Nortel Networks)
R2 EGATHDRV; C:\WINNT\SYSTEM32\EGATHDRV.SYS [5427 2005-04-27] (IBM Corporation)
S4 Fastfat; C:\WINNT\system32\Drivers\Fastfat.sys [143360 2004-08-03] (Microsoft Corporation)
S1 Fdc; C:\WINNT\system32\Drivers\Fdc.sys [27392 2004-08-04] (Microsoft Corporation)
R1 Fips; C:\WINNT\system32\Drivers\Fips.sys [34944 2002-08-29] (Microsoft Corporation)
S3 FLMCKUSB; C:\WINNT\System32\Drivers\FLMckUSB.sys [69810 2004-12-15] (AuthenTec, Inc.)
S1 Flpydisk; C:\WINNT\system32\Drivers\Flpydisk.sys [20480 2004-08-04] (Microsoft Corporation)
R0 FltMgr; C:\WINNT\System32\DRIVERS\fltMgr.sys [124800 2004-08-03] (Microsoft Corporation)
U1 Fs_Rec; C:\WINNT\system32\Drivers\Fs_Rec.sys [7936 2002-08-29] (Microsoft Corporation)
R0 Ftdisk; C:\WINNT\System32\DRIVERS\ftdisk.sys [125056 2002-08-29] (Microsoft Corporation)
R3 GEARAspiWDM; C:\WINNT\System32\DRIVERS\GEARAspiWDM.sys [23400 2009-03-19] (GEAR Software Inc.)
R3 Gpc; C:\WINNT\System32\DRIVERS\msgpc.sys [35072 2004-08-03] (Microsoft Corporation)
R3 HDAudBus; C:\WINNT\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows ® Server 2003 DDK provider)
S3 HidUsb; C:\WINNT\System32\DRIVERS\hidusb.sys [9600 2001-08-17] (Microsoft Corporation)
R3 HSF_DPV; C:\WINNT\System32\DRIVERS\hsx_dpv.sys [936448 2005-12-06] (Conexant Systems, Inc.)
R3 HSXHWAZL; C:\WINNT\System32\DRIVERS\hsxhwazl.sys [192512 2005-12-06] (Conexant Systems, Inc.)
R3 HTTP; C:\WINNT\System32\Drivers\HTTP.sys [263040 2004-08-04] (Microsoft Corporation)
R1 i8042prt; C:\WINNT\System32\DRIVERS\i8042prt.sys [52736 2004-08-04] (Microsoft Corporation)
R3 ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [1173468 2006-09-15] (Intel Corporation)
R0 iaStor; C:\WINNT\System32\drivers\iaStor.sys [874240 2005-10-12] (Intel Corporation)
R2 ibmfilter; C:\WINNT\system32\drivers\ibmfilter.sys [63616 2005-04-27] (IBM)
R3 IBMPMDRV; C:\WINNT\System32\DRIVERS\ibmpmdrv.sys [10112 2005-11-11] (Lenovo.)
R1 Imapi; C:\WINNT\System32\DRIVERS\imapi.sys [41856 2004-08-04] (Microsoft Corporation)
R0 IntelIde; C:\WINNT\System32\DRIVERS\intelide.sys [5504 2004-08-03] (Microsoft Corporation)
R1 intelppm; C:\WINNT\System32\DRIVERS\intelppm.sys [36096 2004-08-04] (Microsoft Corporation)
S3 Ip6Fw; C:\WINNT\System32\DRIVERS\Ip6Fw.sys [29056 2004-08-03] (Microsoft Corporation)
R2 iPassP; C:\WINNT\System32\DRIVERS\iPassP.sys [21419 2009-04-25] (Meetinghouse Data Communications)
S3 IpFilterDriver; C:\WINNT\System32\DRIVERS\ipfltdrv.sys [32896 2002-08-29] (Microsoft Corporation)
S3 IpInIp; C:\WINNT\System32\DRIVERS\ipinip.sys [20992 2004-08-03] (Microsoft Corporation)
R3 IpNat; C:\WINNT\System32\DRIVERS\ipnat.sys [134912 2004-08-03] (Microsoft Corporation)
R1 IPSec; C:\WINNT\System32\DRIVERS\ipsec.sys [74752 2004-08-03] (Microsoft Corporation)
S3 IPSECEXT; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155216 2006-05-09] (Nortel Networks NA, Inc.)
R3 IPSECSHM; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155216 2006-05-09] (Nortel Networks NA, Inc.)
R2 irda; C:\WINNT\System32\DRIVERS\irda.sys [87424 2004-08-03] (Microsoft Corporation)
R3 IRENUM; C:\WINNT\System32\DRIVERS\irenum.sys [11264 2004-08-03] (Microsoft Corporation)
R0 isapnp; C:\WINNT\System32\DRIVERS\isapnp.sys [35840 2002-08-29] (Microsoft Corporation)
R1 Kbdclass; C:\WINNT\System32\DRIVERS\kbdclass.sys [24576 2004-08-04] (Microsoft Corporation)
S1 kbdhid; C:\WINNT\System32\DRIVERS\kbdhid.sys [14848 2004-08-03] (Microsoft Corporation)
R3 kmixer; C:\WINNT\System32\drivers\kmixer.sys [171776 2004-08-03] (Microsoft Corporation)
R0 KSecDD; C:\WINNT\system32\Drivers\KSecDD.sys [92032 2004-08-03] (Microsoft Corporation)
R2 mdmxsdk; C:\WINNT\System32\DRIVERS\mdmxsdk.sys [12544 2005-10-05] (Conexant)
R3 mfeapfk; C:\WINNT\System32\drivers\mfeapfk.sys [64168 2007-10-16] (McAfee, Inc.)
R3 mfeavfk; C:\WINNT\System32\drivers\mfeavfk.sys [72680 2007-10-16] (McAfee, Inc.)
R3 mfebopk; C:\WINNT\System32\drivers\mfebopk.sys [33960 2007-10-16] (McAfee, Inc.)
R3 mfehidk; C:\WINNT\System32\drivers\mfehidk.sys [171272 2007-10-16] (McAfee, Inc.)
R1 mferkdk; C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [31784 2007-10-16] (McAfee, Inc.)
R1 mfetdik; C:\WINNT\System32\drivers\mfetdik.sys [51944 2007-10-16] (McAfee, Inc.)
R1 mnmdd; C:\WINNT\system32\Drivers\mnmdd.sys [4224 2002-08-29] (Microsoft Corporation)
R3 Modem; C:\WINNT\system32\Drivers\Modem.sys [30080 2004-08-04] (Microsoft Corporation)
R1 Mouclass; C:\WINNT\System32\DRIVERS\mouclass.sys [23040 2004-08-04] (Microsoft Corporation)
S3 mouhid; C:\WINNT\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation)
R0 MountMgr; C:\WINNT\system32\Drivers\MountMgr.sys [42240 2004-08-03] (Microsoft Corporation)
R3 MRxDAV; C:\WINNT\System32\DRIVERS\mrxdav.sys [179584 2007-12-18] (Microsoft Corporation)
R1 MRxSmb; C:\WINNT\System32\DRIVERS\mrxsmb.sys [453632 2008-10-24] (Microsoft Corporation)
R1 Msfs; C:\WINNT\system32\Drivers\Msfs.sys [19072 2004-08-03] (Microsoft Corporation)
S3 MSKSSRV; C:\WINNT\System32\drivers\MSKSSRV.sys [7552 2004-08-03] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINNT\System32\drivers\MSPCLOCK.sys [5376 2004-08-03] (Microsoft Corporation)
S3 MSPQM; C:\WINNT\System32\drivers\MSPQM.sys [4992 2004-08-03] (Microsoft Corporation)
R3 mssmbios; C:\WINNT\System32\DRIVERS\mssmbios.sys [15488 2004-08-04] (Microsoft Corporation)
R0 Mup; C:\WINNT\system32\Drivers\Mup.sys [107904 2004-08-03] (Microsoft Corporation)
R0 NDIS; C:\WINNT\system32\Drivers\NDIS.sys [182912 2004-08-03] (Microsoft Corporation)
R3 NdisTapi; C:\WINNT\System32\DRIVERS\ndistapi.sys [9600 2002-08-29] (Microsoft Corporation)
R3 Ndisuio; C:\WINNT\System32\DRIVERS\ndisuio.sys [14592 2005-04-19] (Microsoft Corporation)
R3 NdisWan; C:\WINNT\System32\DRIVERS\ndiswan.sys [91776 2004-08-03] (Microsoft Corporation)
R3 NDProxy; C:\WINNT\system32\Drivers\NDProxy.sys [38016 2002-08-29] (Microsoft Corporation)
R1 NetBIOS; C:\WINNT\System32\DRIVERS\netbios.sys [34560 2004-08-03] (Microsoft Corporation)
R1 NetBT; C:\WINNT\System32\DRIVERS\netbt.sys [162816 2004-08-03] (Microsoft Corporation)
R3 NETw3x32; C:\WINNT\System32\DRIVERS\NETw3x32.sys [1709696 2006-09-27] (Intel® Corporation)
R1 Npfs; C:\WINNT\system32\Drivers\Npfs.sys [30848 2004-08-03] (Microsoft Corporation)
R3 NSCIRDA; C:\WINNT\System32\DRIVERS\nscirda.sys [28672 2004-08-03] (National Semiconductor Corporation)
R4 Ntfs; C:\WINNT\system32\Drivers\Ntfs.sys [574592 2004-08-03] (Microsoft Corporation)
R1 Null; C:\WINNT\system32\Drivers\Null.sys [2944 2002-08-29] (Microsoft Corporation)
S3 NwlnkFlt; C:\WINNT\System32\DRIVERS\nwlnkflt.sys [12416 2002-08-29] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINNT\System32\DRIVERS\nwlnkfwd.sys [32512 2002-08-29] (Microsoft Corporation)
S3 Parport; C:\WINNT\System32\DRIVERS\parport.sys [80128 2004-08-04] (Microsoft Corporation)
R0 PartMgr; C:\WINNT\system32\Drivers\PartMgr.sys [18688 2002-08-29] (Microsoft Corporation)
S4 ParVdm; C:\WINNT\system32\Drivers\ParVdm.sys [6784 2002-08-29] (Microsoft Corporation)
R0 PCI; C:\WINNT\System32\DRIVERS\pci.sys [68224 2004-08-03] (Microsoft Corporation)
R0 PCIIde; C:\WINNT\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation)
R0 Pcmcia; C:\WINNT\System32\DRIVERS\pcmcia.sys [119936 2004-08-04] (Microsoft Corporation)
R3 PptpMiniport; C:\WINNT\System32\DRIVERS\raspptp.sys [48384 2004-08-03] (Microsoft Corporation)
S3 prepdrvr; C:\WINNT\system32\CCM\prepdrv.sys [20704 2006-02-09] (Microsoft Corporation)
S4 psadd; C:\WINNT\system32\Drivers\psadd.sys [13184 2007-03-20] (IBM Corporation)
R3 PSched; C:\WINNT\System32\DRIVERS\psched.sys [69120 2004-08-03] (Microsoft Corporation)
R3 Ptilink; C:\WINNT\System32\DRIVERS\ptilink.sys [17792 2002-08-29] (Parallel Technologies, Inc.)
R0 PxHelp20; C:\WINNT\System32\Drivers\PxHelp20.sys [20576 2007-03-20] (Sonic Solutions)
R1 RasAcd; C:\WINNT\System32\DRIVERS\rasacd.sys [8832 2002-08-29] (Microsoft Corporation)
R3 Rasirda; C:\WINNT\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 Rasl2tp; C:\WINNT\System32\DRIVERS\rasl2tp.sys [51328 2004-08-03] (Microsoft Corporation)
R3 RasPppoe; C:\WINNT\System32\DRIVERS\raspppoe.sys [41472 2004-08-03] (Microsoft Corporation)
R3 Raspti; C:\WINNT\System32\DRIVERS\raspti.sys [16512 2002-08-29] (Microsoft Corporation)
R1 Rdbss; C:\WINNT\System32\DRIVERS\rdbss.sys [174592 2006-05-05] (Microsoft Corporation)
R1 RDPCDD; C:\WINNT\System32\DRIVERS\RDPCDD.sys [4224 2002-08-29] (Microsoft Corporation)
R3 rdpdr; C:\WINNT\System32\DRIVERS\rdpdr.sys [196864 2004-08-03] (Microsoft Corporation)
S3 RDPWD; C:\WINNT\system32\Drivers\RDPWD.sys [139528 2005-06-10] (Microsoft Corporation)
R1 redbook; C:\WINNT\System32\DRIVERS\redbook.sys [57472 2004-08-03] (Microsoft Corporation)
S3 Secdrv; C:\WINNT\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 serenum; C:\WINNT\System32\DRIVERS\serenum.sys [15488 2004-08-04] (Microsoft Corporation)
S3 Serial; C:\WINNT\System32\DRIVERS\serial.sys [64896 2004-08-04] (Microsoft Corporation)
S1 Sfloppy; C:\WINNT\system32\Drivers\Sfloppy.sys [11392 2004-08-04] (Microsoft Corporation)
R1 ShockMgr; C:\WINNT\system32\Drivers\ShockMgr.sys [4736 2005-06-20] (Lenovo.)
R0 Shockprf; C:\WINNT\system32\Drivers\Shockprf.sys [85760 2005-11-30] (Lenovo)
R1 Smapint; C:\WINNT\System32\drivers\Smapint.sys [14848 2005-11-30] (Microsoft Corporation)
S3 splitter; C:\WINNT\System32\drivers\splitter.sys [6400 2004-08-03] (Microsoft Corporation)
R0 sr; C:\WINNT\System32\DRIVERS\sr.sys [73472 2004-08-03] (Microsoft Corporation)
R3 Srv; C:\WINNT\System32\DRIVERS\srv.sys [333184 2008-12-11] (Microsoft Corporation)
R3 swenum; C:\WINNT\System32\DRIVERS\swenum.sys [4352 2004-08-04] (Microsoft Corporation)
S3 swmidi; C:\WINNT\System32\drivers\swmidi.sys [54272 2001-08-17] (Microsoft Corporation)
R0 Symmpi; C:\WINNT\System32\DRIVERS\symmpi.sys [99328 2007-03-20] (LSI Logic)
R3 SynTP; C:\WINNT\System32\DRIVERS\SynTP.sys [177664 2005-09-15] (Synaptics, Inc.)
R3 sysaudio; C:\WINNT\System32\drivers\sysaudio.sys [60800 2004-08-03] (Microsoft Corporation)
R1 Tcpip; C:\WINNT\System32\DRIVERS\tcpip.sys [360320 2008-06-20] (Microsoft Corporation)
S3 TcUsb; C:\WINNT\System32\Drivers\tcusb.sys [24832 2004-11-04] (UPEK Inc.)
S3 TDPIPE; C:\WINNT\system32\Drivers\TDPIPE.sys [12040 2004-08-04] (Microsoft Corporation)
R1 TDSMAPI; C:\WINNT\System32\drivers\TDSMAPI.SYS [9343 2005-11-30] ()
S3 TDTCP; C:\WINNT\system32\Drivers\TDTCP.sys [21896 2004-08-04] (Microsoft Corporation)
R0 Teefer; C:\WINNT\System32\Drivers\Teefer.sys [61008 2006-07-25] (Sygate Technologies, Inc.)
R1 TermDD; C:\WINNT\System32\DRIVERS\termdd.sys [40840 2004-08-04] (Microsoft Corporation)
S3 tpflhlp; c:\drivers\t60\bios\tpflhlp.sys [13360 2007-08-09] (Lenovo Group Limited)
R1 TPHKDRV; C:\WINNT\system32\Drivers\TPHKDRV.sys [17699 2006-02-01] (IBM Corporation)
R1 TPPWRIF; C:\WINNT\System32\drivers\Tppwrif.sys [4442 2005-12-07] ()
S4 Udfs; C:\WINNT\system32\Drivers\Udfs.sys [66176 2004-08-03] (Microsoft Corporation)
R3 Update; C:\WINNT\System32\DRIVERS\update.sys [209408 2004-08-03] (Microsoft Corporation)
S3 USBAAPL; C:\WINNT\System32\Drivers\usbaapl.sys [39424 2009-06-05] (Apple, Inc.)
S3 usbaudio; C:\WINNT\System32\drivers\usbaudio.sys [59264 2004-08-03] (Microsoft Corporation)
S3 usbccgp; C:\WINNT\System32\DRIVERS\usbccgp.sys [31616 2004-08-03] (Microsoft Corporation)
R3 usbehci; C:\WINNT\System32\DRIVERS\usbehci.sys [26624 2004-08-03] (Microsoft Corporation)
R3 usbhub; C:\WINNT\System32\DRIVERS\usbhub.sys [57600 2004-08-03] (Microsoft Corporation)
S3 usbscan; C:\WINNT\System32\DRIVERS\usbscan.sys [15104 2004-08-03] (Microsoft Corporation)
S3 USBSTOR; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [26496 2004-08-03] (Microsoft Corporation)
R3 usbuhci; C:\WINNT\System32\DRIVERS\usbuhci.sys [20480 2004-08-04] (Microsoft Corporation)
R1 VgaSave; C:\WINNT\System32\drivers\vga.sys [20992 2004-08-03] (Microsoft Corporation)
R0 VolSnap; C:\WINNT\system32\Drivers\VolSnap.sys [52352 2004-08-03] (Microsoft Corporation)
S3 w39n51; C:\WINNT\System32\DRIVERS\w39n51.sys [1428096 2005-12-05] (Intel® Corporation)
R3 Wanarp; C:\WINNT\System32\DRIVERS\wanarp.sys [34560 2004-08-03] (Microsoft Corporation)
R3 wdmaud; C:\WINNT\System32\drivers\wdmaud.sys [82944 2004-08-03] (Microsoft Corporation)
R2 wg3n; C:\WINNT\SYSTEM32\Drivers\wg3n.sys [14952 2006-07-25] (Sygate Technologies, Inc.)
R2 wg4n; C:\WINNT\SYSTEM32\Drivers\wg4n.sys [14952 2006-07-25] (Sygate Technologies, Inc.)
R2 wg5n; C:\WINNT\SYSTEM32\Drivers\wg5n.sys [14952 2006-07-25] (Sygate Technologies, Inc.)
R2 wg6n; C:\WINNT\SYSTEM32\Drivers\wg6n.sys [14952 2006-07-25] (Sygate Technologies, Inc.)
R3 winachsf; C:\WINNT\System32\DRIVERS\hsx_cnxt.sys [670208 2005-12-06] (Conexant Systems, Inc.)
R1 wpsdrvnt; C:\WINNT\system32\drivers\wpsdrvnt.sys [21075 2006-07-25] (Sygate Technologies, Inc.)
R1 WS2IFSL; C:\WINNT\System32\drivers\ws2ifsl.sys [12032 2002-08-29] (Microsoft Corporation)
S3 WudfPf; C:\WINNT\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation)
S3 WudfRd; C:\WINNT\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U1 RCHelp;
S4 vsdatant; [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-23 22:29 - 2014-03-23 22:29 - 00044845 _____ () D:\data\rainmaker\Desktop\FRST.txt
2014-03-23 22:28 - 2014-03-23 22:28 - 00002141 _____ () D:\data\rainmaker\Desktop\JRT.txt
2014-03-23 22:19 - 2014-03-23 22:19 - 00022179 _____ () D:\data\rainmaker\Desktop\AdwCleaner[R1].txt
2014-03-23 22:16 - 2014-03-23 22:16 - 01950720 _____ () D:\data\rainmaker\Desktop\adwcleaner.exe
2014-03-23 22:11 - 2014-03-23 22:15 - 00029867 _____ () D:\data\rainmaker\Desktop\Fixlog.txt
2014-03-23 13:56 - 2014-03-23 22:29 - 00000000 ____D () C:\FRST
2014-03-23 13:53 - 2014-03-23 13:54 - 01145856 _____ (Farbar) D:\data\rainmaker\Desktop\FRST.exe
2014-03-22 16:38 - 2014-03-22 16:38 - 00113070 _____ () D:\data\rainmaker\Desktop\OTL.Txt
2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\My Documents\PC Speed Maximizer
2014-03-22 16:01 - 2014-03-22 16:01 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\cache
2014-03-22 16:01 - 2014-03-22 16:01 - 00000000 ____D () D:\data\rainmaker\.android
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\My Documents\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 _____ () D:\data\rainmaker\daemonprocess.txt
2014-03-22 15:59 - 2014-03-23 21:22 - 00000000 ____D () D:\data\rainmaker\Application Data\key-find
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\SupTab
2014-03-22 15:49 - 2014-03-23 22:21 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\WebPlayer
2014-03-22 15:49 - 2014-03-22 15:52 - 00002096 _____ () D:\data\rainmaker\Desktop\FLV Player.lnk
2014-03-22 15:49 - 2014-03-22 15:49 - 00000000 ____D () D:\data\rainmaker\Start Menu\Programs\FLV Player
2014-03-22 15:48 - 2014-03-22 15:58 - 00000000 ____D () D:\data\rainmaker\Application Data\IminentToolbar
2014-02-28 13:21 - 2014-03-23 22:15 - 00000008 __RSH () D:\data\rainmaker\ntuser.pol

==================== One Month Modified Files and Folders =======

2014-03-23 22:29 - 2014-03-23 22:29 - 00044845 _____ () D:\data\rainmaker\Desktop\FRST.txt
2014-03-23 22:29 - 2014-03-23 13:56 - 00000000 ____D () C:\FRST
2014-03-23 22:29 - 2013-04-02 17:07 - 00000000 ____D () D:\data\rainmaker\Local Settings\temp
2014-03-23 22:29 - 2011-09-03 12:52 - 00001024 ____H () D:\data\rainmaker\ntuser.dat.LOG
2014-03-23 22:29 - 2011-09-03 12:52 - 00000000 __SHD () D:\data\rainmaker\Cookies
2014-03-23 22:29 - 2011-09-03 12:52 - 00000000 ____D () D:\data\rainmaker\Desktop
2014-03-23 22:28 - 2014-03-23 22:28 - 00002141 _____ () D:\data\rainmaker\Desktop\JRT.txt
2014-03-23 22:28 - 2011-09-03 12:52 - 00000000 ___HD () D:\data\rainmaker\Recent
2014-03-23 22:25 - 2011-09-04 14:56 - 00000000 ____D () D:\data\rainmaker\Application Data\BitTorrent
2014-03-23 22:25 - 2011-09-04 14:55 - 00000000 ____D () D:\data\rainmaker\My Documents\Downloads
2014-03-23 22:21 - 2014-03-22 15:49 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\WebPlayer
2014-03-23 22:21 - 2011-09-03 12:52 - 00000000 ___HD () D:\data\rainmaker\Local Settings\Application Data
2014-03-23 22:21 - 2011-09-03 12:52 - 00000000 ___HD () D:\data\rainmaker\Application Data
2014-03-23 22:19 - 2014-03-23 22:19 - 00022179 _____ () D:\data\rainmaker\Desktop\AdwCleaner[R1].txt
2014-03-23 22:18 - 2014-01-14 14:00 - 01038974 _____ (Thisisu) D:\data\rainmaker\Desktop\JRT.exe
2014-03-23 22:16 - 2014-03-23 22:16 - 01950720 _____ () D:\data\rainmaker\Desktop\adwcleaner.exe
2014-03-23 22:16 - 2007-03-20 16:43 - 00001024 ____H () D:\data\NetworkService\ntuser.dat.LOG
2014-03-23 22:16 - 2007-03-20 16:43 - 00001024 ____H () D:\data\LocalService\ntuser.dat.LOG
2014-03-23 22:15 - 2014-03-23 22:11 - 00029867 _____ () D:\data\rainmaker\Desktop\Fixlog.txt
2014-03-23 22:15 - 2014-02-28 13:21 - 00000008 __RSH () D:\data\rainmaker\ntuser.pol
2014-03-23 22:15 - 2011-09-03 12:52 - 00000000 ____D () D:\data\rainmaker
2014-03-23 22:14 - 2011-09-03 12:52 - 00000062 ___SH () D:\data\rainmaker\Local Settings\desktop.ini
2014-03-23 22:14 - 2007-03-20 16:43 - 00000062 ___SH () D:\data\NetworkService\Local Settings\desktop.ini
2014-03-23 22:14 - 2007-03-20 16:43 - 00000062 ___SH () D:\data\LocalService\Local Settings\desktop.ini
2014-03-23 22:14 - 2007-03-20 16:43 - 00000006 ____H () C:\WINNT\Tasks\SA.DAT
2014-03-23 22:14 - 2006-10-18 12:00 - 01224170 _____ () C:\WINNT\WindowsUpdate.log
2014-03-23 22:14 - 2006-10-18 11:51 - 00002206 _____ () C:\WINNT\system32\wpa.dbl
2014-03-23 22:14 - 2006-10-18 07:58 - 00000159 _____ () C:\WINNT\wiadebug.log
2014-03-23 22:14 - 2006-10-18 07:58 - 00000049 _____ () C:\WINNT\wiaservc.log
2014-03-23 22:13 - 2012-05-13 14:55 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-23 22:13 - 2011-09-03 12:52 - 11010048 ____H () D:\data\rainmaker\NTUSER.DAT
2014-03-23 22:13 - 2007-03-20 16:43 - 00262144 ____H () D:\data\NetworkService\NTUSER.DAT
2014-03-23 22:13 - 2007-03-20 16:43 - 00262144 ____H () D:\data\LocalService\NTUSER.DAT
2014-03-23 22:13 - 2007-03-20 16:43 - 00032628 _____ () C:\WINNT\SchedLgU.Txt
2014-03-23 22:13 - 2007-03-20 16:43 - 00000000 ____D () D:\data\NetworkService\Local Settings\Temp
2014-03-23 22:12 - 2012-12-23 21:48 - 00000278 ___SH () D:\data\rainmaker\ntuser.ini
2014-03-23 22:12 - 2011-08-30 08:29 - 00000000 ____D () D:\data\Admin
2014-03-23 22:12 - 2009-09-21 09:36 - 00000000 ____D () D:\data\administrator.3YFK943Z
2014-03-23 22:12 - 2009-06-26 18:24 - 00000000 ____D () D:\data\tpritcha
2014-03-23 22:12 - 2008-12-02 19:44 - 00000000 ____D () D:\data\stozin
2014-03-23 22:12 - 2007-03-20 17:11 - 00000000 ___HD () C:\WINNT\system32\GroupPolicy
2014-03-23 22:12 - 2007-03-20 16:43 - 00000000 __SHD () D:\data\NetworkService
2014-03-23 22:12 - 2006-10-18 07:56 - 00000000 __RHD () D:\data\All Users\Application Data
2014-03-23 22:04 - 2012-07-03 08:22 - 00000958 _____ () C:\WINNT\Tasks\GoogleUpdateTaskUserS-1-5-21-3510421623-2965073675-2411060337-1012UA.job
2014-03-23 22:04 - 2012-07-03 08:22 - 00000906 _____ () C:\WINNT\Tasks\GoogleUpdateTaskUserS-1-5-21-3510421623-2965073675-2411060337-1012Core.job
2014-03-23 21:47 - 2012-04-14 14:35 - 00000826 _____ () C:\WINNT\Tasks\Adobe Flash Player Updater.job
2014-03-23 21:25 - 2006-10-18 07:56 - 00000000 ____D () D:\data\All Users\Start Menu\Programs
2014-03-23 21:25 - 2006-10-18 07:56 - 00000000 ____D () D:\data\All Users\Desktop
2014-03-23 21:23 - 2011-09-03 12:52 - 00000000 ___RD () D:\data\rainmaker\Start Menu\Programs
2014-03-23 21:22 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\key-find
2014-03-23 21:22 - 2012-12-15 17:44 - 00000625 _____ () D:\data\All Users\Desktop\Mozilla Firefox.lnk
2014-03-23 21:22 - 2011-11-27 18:26 - 00000625 _____ () D:\data\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-23 21:22 - 2011-09-03 12:52 - 00000692 _____ () D:\data\rainmaker\Start Menu\Programs\Internet Explorer.lnk
2014-03-23 21:22 - 2011-09-03 12:52 - 00000656 _____ () D:\data\rainmaker\Desktop\Launch Internet Explorer Browser.lnk
2014-03-23 21:22 - 2009-10-19 09:01 - 00000625 _____ () D:\data\All Users\Desktop\b.lnk
2014-03-23 19:56 - 2009-10-26 14:15 - 00001324 _____ () C:\WINNT\system32\d3d9caps.dat
2014-03-23 13:54 - 2014-03-23 13:53 - 01145856 _____ (Farbar) D:\data\rainmaker\Desktop\FRST.exe
2014-03-22 23:01 - 2007-08-31 14:17 - 02307302 _____ () C:\engine.log
2014-03-22 20:57 - 2011-08-30 08:29 - 00001024 ____H () D:\data\Admin\ntuser.dat.LOG
2014-03-22 20:57 - 2009-09-21 09:36 - 00001024 ____H () D:\data\administrator.3YFK943Z\ntuser.dat.LOG
2014-03-22 20:57 - 2009-06-26 18:24 - 00001024 ____H () D:\data\tpritcha\ntuser.dat.LOG
2014-03-22 20:57 - 2008-12-02 19:44 - 00001024 ____H () D:\data\stozin\ntuser.dat.LOG
2014-03-22 20:57 - 2008-05-08 00:39 - 00001024 ____H () D:\data\sserebre\ntuser.dat.LOG
2014-03-22 20:57 - 2007-09-01 04:07 - 00001024 ____H () D:\data\wksbuild\ntuser.dat.LOG
2014-03-22 20:57 - 2007-08-31 14:20 - 00001024 ____H () D:\data\tmaloof\ntuser.dat.LOG
2014-03-22 20:57 - 2007-03-20 16:44 - 00001024 ____H () D:\data\Administrator\ntuser.dat.LOG
2014-03-22 16:38 - 2014-03-22 16:38 - 00113070 _____ () D:\data\rainmaker\Desktop\OTL.Txt
2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\My Documents\PC Speed Maximizer
2014-03-22 16:05 - 2011-09-03 12:52 - 00000000 ___RD () D:\data\rainmaker\My Documents
2014-03-22 16:01 - 2014-03-22 16:01 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\cache
2014-03-22 16:01 - 2014-03-22 16:01 - 00000000 ____D () D:\data\rainmaker\.android
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\My Documents\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 _____ () D:\data\rainmaker\daemonprocess.txt
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\SupTab
2014-03-22 15:58 - 2014-03-22 15:48 - 00000000 ____D () D:\data\rainmaker\Application Data\IminentToolbar
2014-03-22 15:52 - 2014-03-22 15:49 - 00002096 _____ () D:\data\rainmaker\Desktop\FLV Player.lnk
2014-03-22 15:49 - 2014-03-22 15:49 - 00000000 ____D () D:\data\rainmaker\Start Menu\Programs\FLV Player
2014-03-22 15:48 - 2011-09-04 14:56 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Temp
2014-03-22 15:37 - 2011-08-30 20:58 - 00002101 _____ () D:\data\All Users\Desktop\Safari.lnk
2014-03-20 17:27 - 2009-06-17 14:10 - 00000284 _____ () C:\WINNT\Tasks\AppleSoftwareUpdate.job
2014-03-18 03:57 - 2009-04-28 03:00 - 00000000 ____D () C:\Quarantine

Some content of TEMP:
====================
D:\data\rainmaker\Local Settings\temp\D1395517211.exe
D:\data\rainmaker\Local Settings\temp\dlLogic.exe
D:\data\rainmaker\Local Settings\temp\EnableExtDll.dll
D:\data\rainmaker\Local Settings\temp\FLVPlayerSetup.exe
D:\data\rainmaker\Local Settings\temp\IMsetup.exe
D:\data\rainmaker\Local Settings\temp\nsb38.exe
D:\data\rainmaker\Local Settings\temp\nse32.exe
D:\data\rainmaker\Local Settings\temp\nsf35.exe
D:\data\rainmaker\Local Settings\temp\nsiA9F.exe
D:\data\rainmaker\Local Settings\temp\nsn2F.exe
D:\data\rainmaker\Local Settings\temp\nso3E.exe
D:\data\rainmaker\Local Settings\temp\nsx3B.exe
D:\data\rainmaker\Local Settings\temp\PCSpeedMaximizer.exe
D:\data\rainmaker\Local Settings\temp\set-app.exe
D:\data\rainmaker\Local Settings\temp\setapp.exe
D:\data\rainmaker\Local Settings\temp\SPSetup.exe
D:\data\rainmaker\Local Settings\temp\TidyNetwork.exe
D:\data\rainmaker\Local Settings\temp\Updater.exe


==================== Bamital & volsnap Check =================

C:\WINNT\explorer.exe => MD5 is legit
C:\WINNT\system32\winlogon.exe => MD5 is legit
C:\WINNT\system32\svchost.exe => MD5 is legit
C:\WINNT\system32\services.exe
[2006-10-18 11:50] - [2009-02-06 06:22] - 0110592 ____N (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd

C:\WINNT\system32\User32.dll
[2008-12-13 01:23] - [2007-03-08 11:36] - 0577536 ____A (Microsoft Corporation) b409909f6e2e8a7067076ed748abf1e7

C:\WINNT\system32\userinit.exe => MD5 is legit
C:\WINNT\system32\rpcss.dll
[2009-06-13 01:22] - [2009-02-09 06:01] - 0401408 ____A (Microsoft Corporation) 24b5d53b9accc1e2edcf0a878d6659d4

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINNT\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

OK, here is all the detail you requested. Seems to be running better thus far. Noticed far less pop-ups and browsers seem faster. PC does not seem like its always running, like it was.

Thank you for the logs :)  Glad to hear that it's improved, let's continue. :thumbsup:


Please disable your antivirus for the duration of my instructions.  Don't forget to re-enable them after you have completed the steps.


Step 1:  Chrome's Homepage

Chrome's homepage is still set to a known malware site, please follow the instructions below to change it.
 

  • Open Chrome and type this in the address bar:  chrome:settings
  • When the Settings page opens, look under On Startup and then click Open a specific set of pages and click Set Pages
  • When the window opens, type in any page you wish as your new start page.
  • Once you have typed in your new home page, close the window.

 

Step 2:  AdwCleaner


Please re-run AdwCleaner, and when the scan completes, press the Clean button.  

AdwCleaner will remove any found threats and reboot the machine.

Please post the log that will be produced when the machine reboots.


Step 3:  FRST Fix

 

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\PROGRA~1\SupTab\SEARCH~1.DLL File Not Found
2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\My Documents\PC Speed Maximizer
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\My Documents\Mobogenie
2014-03-22 15:59 - 2014-03-23 21:22 - 00000000 ____D () D:\data\rainmaker\Application Data\key-find
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\SupTab
2014-03-22 15:48 - 2014-03-22 15:58 - 00000000 ____D () D:\data\rainmaker\Application Data\IminentToolbar
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.



Step 4:  Temporary File Cleaner


Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.  Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Step 5:  Reset Your Firewall


Click on Start >> Run... and cut/paste in the following and click on OK

firewall.cpl

Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> and ensure On(recommended) is selected >> OK


Things I need to see in your next post:

AdwCleaner Log

Fixlog.txt Log


 


  • 0

#7
Lisawinter

Lisawinter

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Ok, here are the updates:

 

# AdwCleaner v3.022 - Report created 23/03/2014 at 22:17:10
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : rainmaker - 3YFK943Z
# Running from : D:\data\rainmaker\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\user.js
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Found : d:\END
Folder Found : d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\[email protected]
Folder Found d:\data\NetworkService\Local Settings\Application Data\SearchProtect
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\rainmaker\Application Data\IminentToolbar
Folder Found d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\ValueApps
Folder Found d:\data\rainmaker\Application Data\SupTab
Folder Found d:\data\rainmaker\Application Data\SwvUpdater
Folder Found d:\data\rainmaker\Local Settings\Application Data\Conduit
Folder Found d:\data\rainmaker\Local Settings\Application Data\cool_mirage
Folder Found d:\data\rainmaker\Local Settings\Application Data\Mobogenie
Folder Found d:\data\rainmaker\Local Settings\Application Data\SearchProtect
Folder Found d:\data\rainmaker\Local Settings\Application Data\webplayer
Folder Found d:\data\rainmaker\My Documents\Mobogenie
Folder Found d:\data\rainmaker\My Documents\PC Speed Maximizer

***** [ Shortcuts ] *****

Shortcut Found : d:\data\rainmaker\Start Menu\Programs\FLV Player\Uninstall.lnk (  _?=d:\data\rainmaker\Local Settings\Application Data\WebPlayer\FLV Player )

***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Found : HKCU\Software\Webplayer
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\Iminent
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Found : HKLM\Software\supTab
Key Found : HKLM\Software\supWPM
Key Found : HKLM\Software\Wpm
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\prefs.js ]

Line Found : user_pref("extensions.iminent.admin", false);
Line Found : user_pref("extensions.iminent.aflt", "orgnl");
Line Found : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Line Found : user_pref("extensions.iminent.autoRvrt", "false");
Line Found : user_pref("extensions.iminent.cntry", "US");
Line Found : user_pref("extensions.iminent.dfltLng", "");
Line Found : user_pref("extensions.iminent.excTlbr", false);
Line Found : user_pref("extensions.iminent.ffxUnstlRst", false);
Line Found : user_pref("extensions.iminent.hdrMd5", "16C755C0A66C3CFB3CD290DD65FC8853");
Line Found : user_pref("extensions.iminent.id", "00da752d000000000000444553544200");
Line Found : user_pref("extensions.iminent.instlDay", "16151");
Line Found : user_pref("extensions.iminent.instlRef", "");
Line Found : user_pref("extensions.iminent.lastVrsnTs", "1.8.28.315:48:44");
Line Found : user_pref("extensions.iminent.newTab", false);
Line Found : user_pref("extensions.iminent.prdct", "iminent");
Line Found : user_pref("extensions.iminent.prtnrId", "iminent");
Line Found : user_pref("extensions.iminent.rvrt", "false");
Line Found : user_pref("extensions.iminent.sg", "none");
Line Found : user_pref("extensions.iminent.smplGrp", "none");
Line Found : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Line Found : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Line Found : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Line Found : user_pref("extensions.iminent.vrsnTs", "1.8.28.315:48:44");
Line Found : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Line Found : user_pref("iminent.LayoutId", "1");
Line Found : user_pref("iminent.adapters", "{\"iminent\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"AdapterKey\":\"iminent\",\"v\":true,\"p\":0,\"t\":1,\"th\":0.275,\"expireTime\":\"139551773824286400\"[...]
Line Found : user_pref("iminent.enabledAds", "false");
Line Found : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//i.iminentjs.info/imitin/javascript.js\",\"queryS[...]
Line Found : user_pref("iminent.newtabredirect", "true");
Line Found : user_pref("iminent.nomsi", "true");
Line Found : user_pref("iminent.registerToolbarEvent101", "1395517955112");
Line Found : user_pref("iminent.searchindex", "1");
Line Found : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
Line Found : user_pref("iminent.version", "8.10.2.1");
Line Found : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.10.2.1\",\"InstallEventCTime\":1395600279734}");
Line Found : user_pref("valueApps.ct3316263./9B+7E.:2z527.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E/x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E06CG5EL8:", "6E6D686D6E6B70737470");
Line Found : user_pref("valueApps.ct3316263./9B+7E06CG5EL8:.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E73747176797A76242F4B49474F42357D5D5C3D");
Line Found : user_pref("valueApps.ct3316263./9B+7E06CG5EL;8I:K.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B+7E0x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E1x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E2x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E31;CJ7FK;KG#8QKEF)TIL.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E3x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E6x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E7x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E9x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E:x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E;x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E<x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E>x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E?x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7EAx305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Found : user_pref("valueApps.ct3316263./9B+7EBE3G=;D9N9=D.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B+7EBx305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7ECx305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7EDx305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B-0?3G>D", "6B6B3D6942426E6F7A44797974207B78497A257B52217D2A53552523272D5B2A2E31315C");
Line Found : user_pref("valueApps.ct3316263./9B-0?3G>D.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./[email protected]:5;", "");
Line Found : user_pref("valueApps.ct3316263./[email protected]:5;.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B-0?3GFA7EF", "2B2E2C3D");
Line Found : user_pref("valueApps.ct3316263./9B-0?3GFA7EF.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");
Line Found : user_pref("valueApps.ct3316263./9B-3=3ECCJA=F>.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B/>01=9A6K6<IM;[email protected]", "6A696B7273747576");
Line Found : user_pref("valueApps.ct3316263./9B/>01=9A6K6<IM;[email protected]", false);
Line Found : user_pref("valueApps.ct3316263./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Found : user_pref("valueApps.ct3316263./9B3=>@44I48?.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B5BA==9CJAG", "6A3C696A6C433F447A7572797647794D794F4E2221");
Line Found : user_pref("valueApps.ct3316263./9B5BA==9CJAG.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B6B11G4C56B>F;P;[email protected]", "6E6D686D6E6B6F73736F747374");
Line Found : user_pref("valueApps.ct3316263./9B6B11G4C56B>F;P;[email protected]", false);
Line Found : user_pref("valueApps.ct3316263./[email protected];7B=?OFB>>RHIQS", "393F352F3E");
Line Found : user_pref("valueApps.ct3316263./[email protected];7B=?OFB>>RHIQS.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B9643G3/9E", "6A");
Line Found : user_pref("valueApps.ct3316263./9B9643G3/9E.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B;45>:BI9I7IE", "2B2E2C3D");
Line Found : user_pref("valueApps.ct3316263./9B;45>:BI9I7IE.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B<:222H64<", "393F352F3E");
Line Found : user_pref("valueApps.ct3316263./9B<:222H64<.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B<:222H64<L8DAJ", "6D70706E7674727975762A797272797A75207E");
Line Found : user_pref("valueApps.ct3316263./9B<:222H64<L8DAJ.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B=+03EH8H8J?:", "4443");
Line Found : user_pref("valueApps.ct3316263./9B=+03EH8H8J?:.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Found : user_pref("valueApps.ct3316263./9B?+E2A52D8.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B?B0D:8AJ62<H", "6D");
Line Found : user_pref("valueApps.ct3316263./9B?B0D:8AJ62<H.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./[email protected]0<0BI6A7GN:[email protected]?", "6C");
Line Found : user_pref("valueApps.ct3316263./[email protected]<0BI6A7GN:[email protected]?.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.PG_ENABLE", "74727565");
Line Found : user_pref("valueApps.ct3316263.PG_ENABLE.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.SF_JUST_INSTALLED", "46414C5345");
Line Found : user_pref("valueApps.ct3316263.SF_JUST_INSTALLED.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.SF_USER_ID", "6369645F32323332303134313631313435333936393333");
Line Found : user_pref("valueApps.ct3316263.SF_USER_ID.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263._key_cl_active", "39656563346130622D303533362D343034302D393037642D656637376465656366346333");
Line Found : user_pref("valueApps.ct3316263._key_cl_active.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.cb_experience_000", "39");
Line Found : user_pref("valueApps.ct3316263.cb_experience_000.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.cb_firstuse0100", "31");
Line Found : user_pref("valueApps.ct3316263.cb_firstuse0100.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.cb_user_id_000", "43423232393239373034353734315F313339353539373132343739385F46697265666F78");
Line Found : user_pref("valueApps.ct3316263.cb_user_id_000.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.cbfirsttime", "536174204D617220323220323031342031363A30313A313320474D542D3034303020284561737465726E205374616E646172642054696D6529");
Line Found : user_pref("valueApps.ct3316263.cbfirsttime.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.impression_session_counter", "33");
Line Found : user_pref("valueApps.ct3316263.impression_session_counter.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.impression_session_id", "2233303432383239622D663734352D343739662D626561322D36356563323161643430653422");
Line Found : user_pref("valueApps.ct3316263.impression_session_id.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.impression_session_last_active", "31333935363234343535333637");
Line Found : user_pref("valueApps.ct3316263.impression_session_last_active.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_appStateReportTime", "31333935363234343531343130");
Line Found : user_pref("valueApps.ct3316263.mam_gk_appStateReportTime.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_appState_Clarity_Active", "6F6E");
Line Found : user_pref("valueApps.ct3316263.mam_gk_appState_Clarity_Active.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_appsConfig.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Found : user_pref("valueApps.ct3316263.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_calledSetupService", "31");
Line Found : user_pref("valueApps.ct3316263.mam_gk_calledSetupService.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_currentVersion", "312E31332E302E3137");
Line Found : user_pref("valueApps.ct3316263.mam_gk_currentVersion.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_first_time", "31");
Line Found : user_pref("valueApps.ct3316263.mam_gk_first_time.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_lastInstallationSessionGuid", "7B32613736666234642D353936622D346632392D623863352D6664633837303739323237617D");
Line Found : user_pref("valueApps.ct3316263.mam_gk_lastInstallationSessionGuid.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_lastLoginTime", "31333935363234343531373731");
Line Found : user_pref("valueApps.ct3316263.mam_gk_lastLoginTime.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_localization.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263.mam_gk_mamEnabled", "74727565");
Line Found : user_pref("valueApps.ct3316263.mam_gk_mamEnabled.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_settings1.13.0.17.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263.mam_gk_showWelcomeGadget", "66616C7365");
Line Found : user_pref("valueApps.ct3316263.mam_gk_showWelcomeGadget.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_stamp", "313034335F30");
Line Found : user_pref("valueApps.ct3316263.mam_gk_stamp.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_userBornDate", "3230313430333232");
Line Found : user_pref("valueApps.ct3316263.mam_gk_userBornDate.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_userId", "62653439653366302D333736362D343264632D396336642D346431353664323761663230");
Line Found : user_pref("valueApps.ct3316263.mam_gk_userId.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_user_approval_interacted", "");
Line Found : user_pref("valueApps.ct3316263.mam_gk_user_approval_interacted.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.rematchGround-country-code", "22555322");
Line Found : user_pref("valueApps.ct3316263.rematchGround-country-code.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.rematchGround.upstairs", "7B22687474703A2F2F66617374636F6E74656E742E636F6E647569742E636F6D2F646F776E6C6F61645F6F66666572732E68746D6C3F637469643D6374333331363236337E62313[...]
Line Found : user_pref("valueApps.ct3316263.rematchGround.upstairs.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.rematchagent-is-test-user", "66616C7365");
Line Found : user_pref("valueApps.ct3316263.rematchagent-is-test-user.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.rematchagent-matkot-user-id", "22313339353531373437333437343536323334353622");
Line Found : user_pref("valueApps.ct3316263.rematchagent-matkot-user-id.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.rematchagent-periodic-reports", "7B2270696E675F30223A5B313339353632343435343135362C31343430303030305D7D");
Line Found : user_pref("valueApps.ct3316263.rematchagent-periodic-reports.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.rematchagent-user-id", "2266643061656139362D643065382D343238662D386366342D36336433656164653566643722");
Line Found : user_pref("valueApps.ct3316263.rematchagent-user-id.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.url_history0001.storedInFile", true);

[ File : d:\data\Admin\Application Data\Mozilla\Firefox\Profiles\ilojflhm.default\prefs.js ]


-\\ Google Chrome v

[ File : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12898 octets] - [14/01/2014 13:44:38]
AdwCleaner[R1].txt - [21976 octets] - [23/03/2014 22:17:10]
AdwCleaner[S0].txt - [13294 octets] - [14/01/2014 13:46:37]

########## EOF - d:\AdwCleaner\AdwCleaner[R1].txt - [22098 octets] ##########
 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by rainmaker at 2014-03-25 21:13:42 Run:2
Running from D:\data\rainmaker\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\PROGRA~1\SupTab\SEARCH~1.DLL File Not Found
2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\My Documents\PC Speed Maximizer
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\My Documents\Mobogenie
2014-03-22 15:59 - 2014-03-23 21:22 - 00000000 ____D () D:\data\rainmaker\Application Data\key-find
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\SupTab
2014-03-22 15:48 - 2014-03-22 15:58 - 00000000 ____D () D:\data\rainmaker\Application Data\IminentToolbar
End
*****************

"C:\\PROGRA~1\\SupTab\\SEARCH~1.DLL" => Value Data removed successfully.
"2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\My Documents\PC Speed Maximizer" => File/Directory not found.
"2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\My Documents\Mobogenie" => File/Directory not found.
"2014-03-22 15:59 - 2014-03-23 21:22 - 00000000 ____D () D:\data\rainmaker\Application Data\key-find" => File/Directory not found.
"2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\SupTab" => File/Directory not found.
"2014-03-22 15:48 - 2014-03-22 15:58 - 00000000 ____D () D:\data\rainmaker\Application Data\IminentToolbar" => File/Directory not found.

==== End of Fixlog ====


  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hi :)

 

Thank you for the logs, however, once AdwCleaner has finished, you need to push the Clean button to eliminate the threats it has found.

 

Please run AdwCleaner again, it will scan and when finished it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button.  When finished, it will ask to reboot.  Please reboot.
 

When the machine reboots, it will open a log, please post it in your next reply. :thumbsup:

 

 


  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP