Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC help with Browser Redirects [Solved]


  • This topic is locked This topic is locked

#1
amanda222

amanda222

    Member

  • Member
  • PipPip
  • 16 posts

Hi.  I am hoping that someone can help me with an issue with constant browser redirects occuring, on all browser types firefox, chrome, etc.  Attached is the requested log

 

Thanks!

A

 

OTL logfile created on: 2014/09/24 1:05:25 PM - Run 8
OTL by OldTimer - Version 3.2.69.0     Folder = d:\data\rainmaker\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/MM/dd
 
1.49 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 58.58% Memory free
4.13 Gb Paging File | 3.68 Gb Available in Paging File | 89.21% Paging File free
Paging file location(s): C:\pagefile.sys 2850 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 60.45 Gb Total Space | 22.15 Gb Free Space | 36.64% Space Free | Partition Type: NTFS
Drive D: | 32.70 Gb Total Space | 5.61 Gb Free Space | 17.17% Space Free | Partition Type: NTFS
 
Computer Name: 3YFK943Z | User Name: rainmaker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/26 15:40:15 | 001,082,880 | ---- | M] () -- d:\data\All Users\Application Data\VenusApp Software\SW-Booster\SW-Booster.exe
PRC - [2013/03/29 10:52:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\data\rainmaker\Desktop\OTL.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/12/14 15:06:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
PRC - [2007/12/14 15:06:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2007/12/14 15:06:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2007/12/14 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\Mctray.exe
PRC - [2007/10/16 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007/10/16 20:50:00 | 000,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2007/10/16 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2007/07/25 17:16:42 | 000,073,728 | ---- | M] (DameWare Development) -- C:\WINNT\system32\DWRCST.EXE
PRC - [2007/07/25 17:16:30 | 000,222,720 | ---- | M] (DameWare Development LLC) -- C:\WINNT\system32\DWRCS.EXE
PRC - [2006/11/29 17:47:28 | 000,126,976 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
PRC - [2006/11/29 17:47:28 | 000,086,016 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
PRC - [2006/02/01 16:10:32 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2006/02/01 16:09:46 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/12/02 03:03:00 | 000,225,280 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
PRC - [2005/10/28 21:13:44 | 000,155,648 | ---- | M] (IBM) -- C:\Program Files\IBM\IBM Rapid Restore Ultra\br_funcs.exe
PRC - [2005/10/06 23:18:26 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2005/09/15 14:57:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/09/06 16:51:08 | 000,053,248 | ---- | M] (Alexandria Software Consulting) -- c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
PRC - [2005/09/06 16:50:50 | 000,045,056 | ---- | M] (Nortel Networks) -- C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE
PRC - [2005/04/27 11:07:16 | 000,221,184 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrucmd.exe
PRC - [2005/04/27 09:53:08 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/26 15:40:15 | 001,082,880 | ---- | M] () -- d:\data\All Users\Application Data\VenusApp Software\SW-Booster\SW-Booster.exe
MOD - [2014/08/26 15:40:06 | 004,296,192 | ---- | M] () -- c:\Program Files\SW-Booster\Assistant.dll
MOD - [2014/08/26 15:40:06 | 000,174,928 | ---- | M] () -- c:\Program Files\SW-Booster\AssistantSvc.dll
MOD - [2014/02/21 13:16:52 | 000,265,216 | ---- | M] () -- C:\Program Files\Bitcasa\ExplorerMenu.dll
MOD - [2014/02/21 13:06:24 | 002,064,896 | ---- | M] () -- C:\Program Files\Bitcasa\bitcasaui.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/12/14 15:06:00 | 000,156,992 | ---- | M] () -- C:\Program Files\Network Associates\Common Framework\naisign2.dll
MOD - [2007/12/14 15:06:00 | 000,120,128 | ---- | M] () -- C:\Program Files\Network Associates\Common Framework\naXML2_71.dll
MOD - [2006/11/30 08:50:00 | 000,149,080 | ---- | M] () -- C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.DLL
MOD - [2006/11/06 14:00:58 | 000,651,264 | ---- | M] () -- C:\Program Files\iPass\iPassConnect\libeay32.dll
MOD - [2006/02/01 16:09:46 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2006/02/01 16:09:42 | 000,024,576 | ---- | M] () -- C:\WINNT\system32\tphklock.dll
MOD - [2005/12/07 02:12:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2005/12/07 02:12:00 | 000,036,864 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2005/10/06 23:18:26 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
MOD - [2005/09/06 16:50:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIcon.DLL
MOD - [2005/04/27 11:12:28 | 000,131,072 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\ui.dll
MOD - [2005/04/27 11:12:22 | 000,139,264 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\CDRecord.dll
MOD - [2005/04/27 11:10:04 | 000,069,632 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\zlib.dll
MOD - [2005/04/27 11:07:16 | 000,221,184 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrucmd.exe
MOD - [2003/02/20 16:42:34 | 001,159,289 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\client\jvm.dll
MOD - [2003/02/20 16:42:34 | 000,102,511 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\java.dll
MOD - [2003/02/20 16:42:34 | 000,057,451 | R--- | M] () -- C:\Program Files\Nortel Networks\TunnelGuard\jre\bin\net.dll
MOD - [2003/02/20 16:42:34 | 000,057,449 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\verify.dll
MOD - [2003/02/20 16:42:34 | 000,053,360 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\zip.dll
MOD - [2003/02/20 16:42:32 | 000,028,787 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\hpi.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - [2014/06/21 16:01:48 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/05 16:21:27 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/14 15:06:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/10/16 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2007/10/16 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2007/07/25 17:16:30 | 000,222,720 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINNT\system32\DWRCS.EXE -- (DWMRCS)
SRV - [2006/11/30 18:09:32 | 001,310,720 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2006/11/29 17:47:28 | 000,126,976 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2006/11/29 17:47:28 | 000,086,016 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2006/07/25 14:23:30 | 002,635,480 | ---- | M] (Sygate Technologies, Inc.) [Disabled | Stopped] -- c:\Program Files\Sygate\SSA\Smc.exe -- (SmcService)
SRV - [2006/07/25 14:14:52 | 000,323,658 | ---- | M] (Sygate Technologies, Inc.) [On_Demand | Stopped] -- c:\Program Files\Sygate\SSA\Maga\Maga.exe -- (magaService)
SRV - [2006/05/09 17:37:50 | 000,835,584 | ---- | M] (Nortel Networks NA, Inc.) [On_Demand | Stopped] -- C:\Program Files\Nexxia\Extranet_serv.exe -- (ExtranetAccess)
SRV - [2006/02/09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINNT\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2005/10/06 23:18:26 | 000,385,024 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2005/09/06 16:51:08 | 000,053,248 | ---- | M] (Alexandria Software Consulting) [Auto | Running] -- c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe -- (tunnelguardservice)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/11/25 13:02:58 | 000,346,688 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cbfs5.sys -- (cbfs5)
DRV - [2009/04/25 19:16:14 | 000,021,419 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\iPassP.sys -- (iPassP)
DRV - [2007/10/16 20:50:00 | 000,171,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/10/16 20:50:00 | 000,072,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/10/16 20:50:00 | 000,064,168 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2007/10/16 20:50:00 | 000,051,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2007/10/16 20:50:00 | 000,033,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/10/16 20:50:00 | 000,031,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2007/08/09 17:33:14 | 000,013,360 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Stopped] -- c:\DRIVERS\T60\BIOS\tpflhlp.sys -- (tpflhlp)
DRV - [2007/03/20 16:58:30 | 000,013,184 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/03/20 08:01:07 | 000,099,328 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\symmpi.sys -- (Symmpi)
DRV - [2007/02/15 08:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\WINNT\system32\drivers\dwvkbd.sys -- (dwvkbd)
DRV - [2007/02/07 08:00:00 | 000,002,944 | ---- | M] (DameWare Development, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\DamewareMini.sys -- (DwMirror)
DRV - [2006/07/25 14:24:26 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg6n.sys -- (wg6n)
DRV - [2006/07/25 14:24:24 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg5n.sys -- (wg5n)
DRV - [2006/07/25 14:24:20 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg4n.sys -- (wg4n)
DRV - [2006/07/25 14:24:16 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg3n.sys -- (wg3n)
DRV - [2006/07/25 13:59:48 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2006/07/25 13:57:10 | 000,061,008 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\Teefer.sys -- (Teefer)
DRV - [2006/05/09 17:47:10 | 000,024,521 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2006/05/09 17:46:42 | 000,155,216 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2006/05/09 17:46:42 | 000,155,216 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2006/02/09 03:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2005/12/07 02:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/12/05 18:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/11/30 02:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/11/30 02:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/04/27 10:27:34 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/04/27 09:15:50 | 000,006,912 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\ANCSQ.sys -- (ANCSQ)
DRV - [2004/12/15 12:04:14 | 000,069,810 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\FLMckUSB.sys -- (FLMCKUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fly...616&lg=EN&cc=US
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.fly...616&lg=EN&cc=US
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fly...616&lg=EN&cc=US
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.fly...616&lg=EN&cc=US
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..browser.startup.homepage: "http://websearch.fly...16&lg=EN&cc=US"
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..keyword.URL: "http://websearch.fly...N&cc=US&l=1&q="
FF - prefs.js..browser.search.defaulturl: "http://websearch.fly...N&cc=US&l=1&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: d:\data\rainmaker\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/06/05 16:21:14 | 000,000,000 | ---D | M]
 
[2011/09/03 12:58:15 | 000,000,000 | ---D | M] (No name found) -- d:\data\rainmaker\Application Data\Mozilla\Extensions
[2014/08/26 15:38:45 | 000,000,000 | ---D | M] (No name found) -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions
[2014/09/09 21:41:47 | 000,000,000 | ---D | M] (No name found) -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\staged
[2014/03/22 15:56:18 | 002,297,084 | ---- | M] () (No name found) -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\[email protected]
[2014/08/26 15:40:38 | 000,000,636 | ---- | M] () -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\WebSearch.xml
[2014/06/05 16:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/05 16:21:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: WebSearch (Enabled)
CHR - default_search_provider: search_url = http://websearch.fly...616&lg=EN&cc=US
CHR - default_search_provider: suggest_url = http://localhost,
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINNT\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
CHR - plugin: Google Update (Enabled) = d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = d:\data\rainmaker\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - Extension: Mini Notepad = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apjhdoaiejppfmijnkopdcpjcngdlffj\222\
CHR - Extension: Google Voice Search Hotword (Beta) = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube Flags = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeammepjjllhpcfnkohocddkmdejjebc\232\
CHR - Extension: Best Save = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifkgichhpmabepjkbkmfeclembjdbpml\146\
CHR - Extension: Google Wallet = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Responsive Web Design Tester = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg\248\
 
O1 HOSTS File: ([2014/06/21 08:27:04 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adblocker) - {14FECF05-07E6-F00A-022B-972661DBF6D7} - C:\Program Files\Adblocker\AhEu12NXg.dll ()
O2 - BHO: (Search-NeewTab) - {1D2F45C0-E723-C694-063B-A958023E9A1B} - C:\Program Files\Search-NeewTab\0trWpx5X.dll ()
O2 - BHO: (ISavEr) - {48A88D8E-873A-2452-ACF4-2FD4456C5CD2} - d:\data\All Users\Application Data\ISavEr\HqIxdafdhd.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FFindBeestDoeeall) - {9d91ea96-d5d8-42bf-a426-0f7a7a0cb266} - d:\data\All Users\Application Data\FFindBeestDoeeall\4z9QXXDMby62L6.dll ()
O2 - BHO: (pricecHop) - {AF65D59C-F293-541E-232A-5DEFC263D618} - C:\Program Files\pricecHop\dPtqFGMe.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Bitcasa] C:\Program Files\Bitcasa\BitcasaBoot.exe ()
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SmcService] c:\Program Files\Sygate\SSA\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [FLV Player] D:\data\rainmaker\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe File not found
O4 - HKCU..\Run: [LiveSupport] "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: d:\data\All Users\Start Menu\Programs\Startup\TunnelGuard Tray Monitor.lnk = C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE (Nortel Networks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Sothink Flash Downloader For IE - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O15 - HKLM\..Trusted Domains: rbc.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: rbc.com ([*.oak.fg] * in Local intranet)
O15 - HKLM\..Trusted Domains: rbc.com ([mis.fg] https in Trusted sites)
O15 - HKLM\..Trusted Domains: rbc.com ([pmtprojectserver.fg] http in Trusted sites)
O15 - HKLM\..Trusted Domains: rbccm.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: rbccm.com ([crm] * in Local intranet)
O15 - HKLM\..Trusted Domains: royalbank.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: rbc.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: royalbank.com ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oak.fg.rbc.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7CDD4B1-2448-4BD0-9C0C-A8E2B9BEF111}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (c:\progra~1\sw-boo~1\assist~1.dll) - c:\Program Files\SW-Booster\Assistant.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINNT\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINNT\System32\tphklock.dll ()
O21 - SSODL: EldosMountNotificator-cbfs5 - {2FDAFB24-B169-4275-A542-BBBF7E571352} - C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {2FDAFB24-B169-4275-A542-BBBF7E571352} - Virtual Storage Mount Notification - C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
O24 - Desktop BackupWallPaper: C:\WINNT\RBCVGA.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/18 12:01:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/24 13:04:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/09/19 14:00:31 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\FFindBeestDoeeall
[2014/09/09 21:40:03 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\ISavEr
[2014/08/28 17:27:10 | 000,000,000 | ---D | C] -- d:\data\NetworkService\Application Data\Yahoo!
[2014/08/26 15:41:23 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\Search-NeewTab
[2014/08/26 15:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Search-NeewTab
[2014/08/26 15:40:15 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\VenusApp Software
[2014/08/26 15:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\SW-Booster
[2014/08/26 15:39:08 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\Adblocker
[2014/08/26 15:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Adblocker
[2014/08/26 15:38:48 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\pricecHop
[2014/08/26 15:38:48 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\3eda283a8b7b0d3d
[2014/08/26 15:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\pricecHop
[2014/08/26 15:38:40 | 000,000,000 | ---D | C] -- d:\data\rainmaker\Local Settings\Application Data\Chromatic Browser
[2014/08/26 15:38:34 | 000,000,000 | ---D | C] -- d:\data\rainmaker\Local Settings\Application Data\Torch
[2014/08/26 15:38:24 | 000,000,000 | ---D | C] -- d:\data\rainmaker\Local Settings\Application Data\Comodo
[2014/08/26 15:37:47 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\InstallMate
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/24 13:02:08 | 000,000,880 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/24 13:02:06 | 000,000,564 | -H-- | M] () -- C:\WINNT\tasks\SW-Booster-S-787344154.job
[2014/09/24 13:01:31 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2014/09/23 17:00:01 | 000,000,884 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/23 16:47:20 | 000,000,826 | ---- | M] () -- C:\WINNT\tasks\Adobe Flash Player Updater.job
[2014/09/23 16:44:39 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2014/08/28 17:27:05 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2014/08/28 16:39:15 | 000,001,324 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
 
========== Files Created - No Company Name ==========
 
[2014/08/26 15:40:16 | 000,000,564 | -H-- | C] () -- C:\WINNT\tasks\SW-Booster-S-787344154.job
[2014/06/21 10:36:43 | 000,024,064 | ---- | C] () -- C:\WINNT\zoek-delete.exe
[2014/02/28 13:21:06 | 000,000,008 | RHS- | C] () -- d:\data\rainmaker\ntuser.pol
[2013/04/02 16:35:20 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
[2013/04/02 16:35:19 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
[2013/04/02 16:35:18 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2013/04/02 16:35:18 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2013/04/02 16:35:18 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2013/03/30 20:35:14 | 000,015,616 | ---- | C] () -- C:\WINNT\System32\drivers\TrueSight.sys
[2011/09/04 15:50:00 | 000,050,688 | ---- | C] () -- d:\data\rainmaker\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/03 12:52:54 | 000,000,118 | ---- | C] () -- d:\data\rainmaker\Local Settings\Application Data\fusioncache.dat
[2010/01/15 22:16:55 | 000,006,954 | RHS- | C] () -- d:\data\All Users\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2007/03/20 16:47:16 | 000,000,227 | RHS- | M] () -- C:\WINNT\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 01:35:10 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:01:53 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 00:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/09/24 13:18:50 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\3eda283a8b7b0d3d
[2014/08/26 15:39:08 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\Adblocker
[2008/07/14 19:57:39 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\Bloomberg
[2014/09/19 14:00:37 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\FFindBeestDoeeall
[2014/08/26 15:40:49 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\InstallMate
[2009/04/25 19:16:19 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\iPass
[2014/09/09 21:40:09 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\ISavEr
[2010/02/05 16:38:28 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\LiquidTechnologies
[2007/03/20 17:15:11 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\Network Associates
[2014/05/13 10:21:21 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\pastaleads
[2013/05/16 11:16:08 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\Price Check by AOL
[2014/08/26 15:38:48 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\pricecHop
[2014/08/26 15:41:23 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\Search-NeewTab
[2014/09/24 13:16:21 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\TAkeuTheCoUpOOn
[2014/05/13 10:26:04 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\TEMP
[2014/08/26 15:40:50 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\VenusApp Software
[2010/02/05 16:38:09 | 000,000,000 | -H-D | M] -- d:\data\All Users\Application Data\{1E2473C2-7307-4952-8F94-5AFE8309DF4D}
[2009/06/17 14:12:31 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/12/26 15:37:03 | 000,000,000 | ---D | M] -- d:\data\rainmaker\Application Data\Axro
[2014/06/18 13:28:11 | 000,000,000 | ---D | M] -- d:\data\rainmaker\Application Data\BitTorrent
[2012/05/05 12:56:38 | 000,000,000 | ---D | M] -- d:\data\rainmaker\Application Data\Dropbox
[2014/03/23 21:22:10 | 000,000,000 | ---D | M] -- d:\data\rainmaker\Application Data\key-find
[2011/11/22 10:48:41 | 000,000,000 | ---D | M] -- d:\data\rainmaker\Application Data\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
 
========== Purity Check ==========
 
 
 
< End of report >
 

 


  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi Amanda,

 

Yes, I can see the cause of your symptoms and I am willing to work up a fix for you, however, you need to know a few things first. You are using Windows XP which is at it's end of life. Additionally, you are not current on your Services Packs. Last, I see evidence of P2P (Peer-to-Peer) software on your computer. This is a combination that pretty much assures me that you'll be re-infected fairly quickly! So, I'll work up a fix and after that I'll need you to update to the latest Service Pack. Sound good? :)

 

 

 


  • 0

#3
amanda222

amanda222

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Thanks so much.  Lets get started!


  • 0

#4
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, perform these steps and then let me know how the computer is behaving.

 

51a5d669693dd-icon_OTL.png Fix with OTL

Please re-run OTL with this removal script included.

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
:Commands
[CreateRestorePoint] 
 
:OTL
PRC - [2014/08/26 15:40:15 | 001,082,880 | ---- | M] () -- d:\data\All Users\Application Data\VenusApp Software\SW-Booster\SW-Booster.exe

MOD - [2014/08/26 15:40:15 | 001,082,880 | ---- | M] () -- d:\data\All Users\Application Data\VenusApp Software\SW-Booster\SW-Booster.exe

MOD - [2014/08/26 15:40:06 | 004,296,192 | ---- | M] () -- c:\Program Files\SW-Booster\Assistant.dll

MOD - [2014/08/26 15:40:06 | 000,174,928 | ---- | M] () -- c:\Program Files\SW-Booster\AssistantSvc.dll

O20 - AppInit_DLLs: (c:\progra~1\sw-boo~1\assist~1.dll) - c:\Program Files\SW-Booster\Assistant.dll ()

[2014/08/26 15:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\SW-Booster

[2014/09/24 13:02:06 | 000,000,564 | -H-- | M] () -- C:\WINNT\tasks\SW-Booster-S-787344154.job

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fly...616&lg=EN&cc=US

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.fly...616&lg=EN&cc=US

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.fly...616&lg=EN&cc=US

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1

FF - prefs.js..browser.startup.homepage: "http://websearch.fly...16&lg=EN&cc=US"

FF - prefs.js..browser.search.order.1: "WebSearch"

FF - prefs.js..browser.search.defaultenginename: "WebSearch"

FF - prefs.js..browser.search.selectedEngine: "WebSearch"

FF - prefs.js..browser.search.order.1,S: S", "WebSearch"

FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"

FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"

FF - prefs.js..keyword.URL: "http://websearch.fly...N&cc=US&l=1&q="

FF - prefs.js..browser.search.defaulturl: "http://websearch.fly...N&cc=US&l=1&q="

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found

[2014/08/26 15:40:38 | 000,000,636 | ---- | M] () -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\WebSearch.xml

O2 - BHO: (Adblocker) - {14FECF05-07E6-F00A-022B-972661DBF6D7} - C:\Program Files\Adblocker\AhEu12NXg.dll ()

O2 - BHO: (Search-NeewTab) - {1D2F45C0-E723-C694-063B-A958023E9A1B} - C:\Program Files\Search-NeewTab\0trWpx5X.dll ()

O2 - BHO: (ISavEr) - {48A88D8E-873A-2452-ACF4-2FD4456C5CD2} - d:\data\All Users\Application Data\ISavEr\HqIxdafdhd.dll ()

O2 - BHO: (FFindBeestDoeeall) - {9d91ea96-d5d8-42bf-a426-0f7a7a0cb266} - d:\data\All Users\Application Data\FFindBeestDoeeall\4z9QXXDMby62L6.dll ()

O2 - BHO: (pricecHop) - {AF65D59C-F293-541E-232A-5DEFC263D618} - C:\Program Files\pricecHop\dPtqFGMe.dll ()

O4 - HKCU..\Run: [FLV Player] D:\data\rainmaker\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe File not found

O4 - HKCU..\Run: [LiveSupport] "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log File not found
 
:Files

d:\data\All Users\Application Data\VenusApp Software\SW-Booster\SW-Booster.exe
 
 
:Commands
[ResetHosts] 
[EmptyTemp] 
[Reboot]
  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.

 


  • 0

#5
amanda222

amanda222

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Here is the updated log after running the Fix.  PC seems to be running smoother.  Will continue to give it a look to see is re-directs continue.  Please advise of next step.  Thx

 

OTL logfile created on: 2014/09/24 9:35:00 PM - Run 9
OTL by OldTimer - Version 3.2.69.0     Folder = d:\data\rainmaker\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/MM/dd
 
1.49 Gb Total Physical Memory | 0.15 Gb Available Physical Memory | 9.98% Memory free
4.13 Gb Paging File | 2.64 Gb Available in Paging File | 63.90% Paging File free
Paging file location(s): C:\pagefile.sys 2850 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 60.45 Gb Total Space | 22.06 Gb Free Space | 36.49% Space Free | Partition Type: NTFS
Drive D: | 32.70 Gb Total Space | 5.56 Gb Free Space | 17.01% Space Free | Partition Type: NTFS
 
Computer Name: 3YFK943Z | User Name: rainmaker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/26 15:40:15 | 001,082,880 | ---- | M] () -- d:\data\All Users\Application Data\VenusApp Software\SW-Booster\SW-Booster.exe
PRC - [2014/06/05 09:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/03/29 10:52:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\data\rainmaker\Desktop\OTL.exe
PRC - [2012/05/25 04:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/12/14 15:06:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
PRC - [2007/12/14 15:06:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2007/12/14 15:06:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2007/12/14 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\Mctray.exe
PRC - [2007/10/16 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007/10/16 20:50:00 | 000,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2007/10/16 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2007/07/25 17:16:42 | 000,073,728 | ---- | M] (DameWare Development) -- C:\WINNT\system32\DWRCST.EXE
PRC - [2007/07/25 17:16:30 | 000,222,720 | ---- | M] (DameWare Development LLC) -- C:\WINNT\system32\DWRCS.EXE
PRC - [2006/11/29 17:47:28 | 000,126,976 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
PRC - [2006/11/29 17:47:28 | 000,086,016 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
PRC - [2006/02/01 16:10:32 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2006/02/01 16:09:46 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/12/02 03:03:00 | 000,225,280 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
PRC - [2005/10/06 23:18:26 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2005/09/15 14:57:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/09/06 16:51:08 | 000,053,248 | ---- | M] (Alexandria Software Consulting) -- c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
PRC - [2005/09/06 16:50:50 | 000,045,056 | ---- | M] (Nortel Networks) -- C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE
PRC - [2005/04/27 09:53:08 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/26 15:40:15 | 001,082,880 | ---- | M] () -- d:\data\All Users\Application Data\VenusApp Software\SW-Booster\SW-Booster.exe
MOD - [2014/08/26 15:40:06 | 004,296,192 | ---- | M] () -- c:\Program Files\SW-Booster\Assistant.dll
MOD - [2014/08/26 15:40:06 | 000,174,928 | ---- | M] () -- c:\Program Files\SW-Booster\AssistantSvc.dll
MOD - [2014/07/08 08:18:04 | 014,663,856 | ---- | M] () -- d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll
MOD - [2014/06/05 09:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014/06/05 09:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014/06/05 09:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014/02/21 13:16:52 | 000,265,216 | ---- | M] () -- C:\Program Files\Bitcasa\ExplorerMenu.dll
MOD - [2014/02/21 13:06:24 | 002,064,896 | ---- | M] () -- C:\Program Files\Bitcasa\bitcasaui.dll
MOD - [2014/02/10 13:44:24 | 004,592,128 | ---- | M] () -- d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll
MOD - [2014/02/10 13:44:24 | 000,112,128 | ---- | M] () -- d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/05/25 04:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2010/02/05 14:40:58 | 001,291,264 | ---- | M] () -- C:\WINNT\system32\quartz.dll
MOD - [2007/12/14 15:06:00 | 000,156,992 | ---- | M] () -- C:\Program Files\Network Associates\Common Framework\naisign2.dll
MOD - [2007/12/14 15:06:00 | 000,120,128 | ---- | M] () -- C:\Program Files\Network Associates\Common Framework\naXML2_71.dll
MOD - [2006/11/30 08:50:00 | 000,149,080 | ---- | M] () -- C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.DLL
MOD - [2006/11/06 14:00:58 | 000,651,264 | ---- | M] () -- C:\Program Files\iPass\iPassConnect\libeay32.dll
MOD - [2006/02/01 16:09:46 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2006/02/01 16:09:42 | 000,024,576 | ---- | M] () -- C:\WINNT\system32\tphklock.dll
MOD - [2005/12/07 02:12:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2005/12/07 02:12:00 | 000,036,864 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2005/10/06 23:18:26 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
MOD - [2005/09/06 16:50:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIcon.DLL
MOD - [2004/08/04 00:56:44 | 000,059,904 | ---- | M] () -- C:\WINNT\system32\devenum.dll
MOD - [2004/08/04 00:56:44 | 000,014,336 | ---- | M] () -- C:\WINNT\system32\msdmo.dll
MOD - [2003/02/20 16:42:34 | 001,159,289 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\client\jvm.dll
MOD - [2003/02/20 16:42:34 | 000,102,511 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\java.dll
MOD - [2003/02/20 16:42:34 | 000,057,451 | R--- | M] () -- C:\Program Files\Nortel Networks\TunnelGuard\jre\bin\net.dll
MOD - [2003/02/20 16:42:34 | 000,057,449 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\verify.dll
MOD - [2003/02/20 16:42:34 | 000,053,360 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\zip.dll
MOD - [2003/02/20 16:42:32 | 000,028,787 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\hpi.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - [2014/06/21 16:01:48 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/05 16:21:27 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/14 15:06:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/10/16 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2007/10/16 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2007/07/25 17:16:30 | 000,222,720 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINNT\system32\DWRCS.EXE -- (DWMRCS)
SRV - [2006/11/30 18:09:32 | 001,310,720 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2006/11/29 17:47:28 | 000,126,976 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2006/11/29 17:47:28 | 000,086,016 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2006/07/25 14:23:30 | 002,635,480 | ---- | M] (Sygate Technologies, Inc.) [Disabled | Stopped] -- c:\Program Files\Sygate\SSA\Smc.exe -- (SmcService)
SRV - [2006/07/25 14:14:52 | 000,323,658 | ---- | M] (Sygate Technologies, Inc.) [On_Demand | Stopped] -- c:\Program Files\Sygate\SSA\Maga\Maga.exe -- (magaService)
SRV - [2006/05/09 17:37:50 | 000,835,584 | ---- | M] (Nortel Networks NA, Inc.) [On_Demand | Stopped] -- C:\Program Files\Nexxia\Extranet_serv.exe -- (ExtranetAccess)
SRV - [2006/02/09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINNT\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2005/10/06 23:18:26 | 000,385,024 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2005/09/06 16:51:08 | 000,053,248 | ---- | M] (Alexandria Software Consulting) [Auto | Running] -- c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe -- (tunnelguardservice)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/11/25 13:02:58 | 000,346,688 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cbfs5.sys -- (cbfs5)
DRV - [2009/04/25 19:16:14 | 000,021,419 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\iPassP.sys -- (iPassP)
DRV - [2007/10/16 20:50:00 | 000,171,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/10/16 20:50:00 | 000,072,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/10/16 20:50:00 | 000,064,168 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2007/10/16 20:50:00 | 000,051,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2007/10/16 20:50:00 | 000,033,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/10/16 20:50:00 | 000,031,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2007/08/09 17:33:14 | 000,013,360 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Stopped] -- c:\DRIVERS\T60\BIOS\tpflhlp.sys -- (tpflhlp)
DRV - [2007/03/20 16:58:30 | 000,013,184 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/03/20 08:01:07 | 000,099,328 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\symmpi.sys -- (Symmpi)
DRV - [2007/02/15 08:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\WINNT\system32\drivers\dwvkbd.sys -- (dwvkbd)
DRV - [2007/02/07 08:00:00 | 000,002,944 | ---- | M] (DameWare Development, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\DamewareMini.sys -- (DwMirror)
DRV - [2006/07/25 14:24:26 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg6n.sys -- (wg6n)
DRV - [2006/07/25 14:24:24 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg5n.sys -- (wg5n)
DRV - [2006/07/25 14:24:20 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg4n.sys -- (wg4n)
DRV - [2006/07/25 14:24:16 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg3n.sys -- (wg3n)
DRV - [2006/07/25 13:59:48 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2006/07/25 13:57:10 | 000,061,008 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\Teefer.sys -- (Teefer)
DRV - [2006/05/09 17:47:10 | 000,024,521 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2006/05/09 17:46:42 | 000,155,216 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2006/05/09 17:46:42 | 000,155,216 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2006/02/09 03:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2005/12/07 02:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/12/05 18:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/11/30 02:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/11/30 02:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/04/27 10:27:34 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/04/27 09:15:50 | 000,006,912 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\ANCSQ.sys -- (ANCSQ)
DRV - [2004/12/15 12:04:14 | 000,069,810 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\FLMckUSB.sys -- (FLMCKUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.fly...616&lg=EN&cc=US
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.fly...616&lg=EN&cc=US
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..browser.startup.homepage: "http://search.easylifeapp.com/"
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..keyword.URL: "http://websearch.fly...N&cc=US&l=1&q="
FF - prefs.js..browser.search.defaulturl: "http://websearch.fly...N&cc=US&l=1&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: d:\data\rainmaker\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/06/05 16:21:14 | 000,000,000 | ---D | M]
 
[2011/09/03 12:58:15 | 000,000,000 | ---D | M] (No name found) -- d:\data\rainmaker\Application Data\Mozilla\Extensions
[2014/08/26 15:38:45 | 000,000,000 | ---D | M] (No name found) -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions
[2014/09/24 13:16:42 | 000,000,000 | ---D | M] (No name found) -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\staged
[2014/03/22 15:56:18 | 002,297,084 | ---- | M] () (No name found) -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\[email protected]
[2014/08/26 15:40:38 | 000,000,636 | ---- | M] () -- d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\WebSearch.xml
[2014/06/05 16:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/05 16:21:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: WebSearch (Enabled)
CHR - default_search_provider: search_url = http://websearch.fly...616&lg=EN&cc=US
CHR - default_search_provider: suggest_url = http://localhost,
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINNT\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
CHR - plugin: Google Update (Enabled) = d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = d:\data\rainmaker\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - Extension: Mini Notepad = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apjhdoaiejppfmijnkopdcpjcngdlffj\222\
CHR - Extension: Google Voice Search Hotword (Beta) = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Facepad for Facebook = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgaknhmchnjaphondjciheacngggiclo\198\
CHR - Extension: YouTube Flags = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeammepjjllhpcfnkohocddkmdejjebc\232\
CHR - Extension: Best Save = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifkgichhpmabepjkbkmfeclembjdbpml\146\
CHR - Extension: Google Wallet = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Responsive Web Design Tester = d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg\248\
 
O1 HOSTS File: ([2014/06/21 08:27:04 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adblocker) - {14FECF05-07E6-F00A-022B-972661DBF6D7} - C:\Program Files\Adblocker\AhEu12NXg.dll ()
O2 - BHO: (Search-NeewTab) - {1D2F45C0-E723-C694-063B-A958023E9A1B} - C:\Program Files\Search-NeewTab\0trWpx5X.dll ()
O2 - BHO: (ISavEr) - {48A88D8E-873A-2452-ACF4-2FD4456C5CD2} - d:\data\All Users\Application Data\ISavEr\HqIxdafdhd.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FFindBeestDoeeall) - {9d91ea96-d5d8-42bf-a426-0f7a7a0cb266} - d:\data\All Users\Application Data\FFindBeestDoeeall\4z9QXXDMby62L6.dll ()
O2 - BHO: (pricecHop) - {AF65D59C-F293-541E-232A-5DEFC263D618} - C:\Program Files\pricecHop\dPtqFGMe.dll ()
O2 - BHO: (TAkeuTheCoUpOOn) - {d952ea12-cc2f-46b5-88e7-4179eb3ca828} - d:\data\All Users\Application Data\TAkeuTheCoUpOOn\Qby5KBEJe9LAIw.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Bitcasa] C:\Program Files\Bitcasa\BitcasaBoot.exe ()
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SmcService] c:\Program Files\Sygate\SSA\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [FLV Player] D:\data\rainmaker\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe File not found
O4 - HKCU..\Run: [LiveSupport] "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: d:\data\All Users\Start Menu\Programs\Startup\TunnelGuard Tray Monitor.lnk = C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE (Nortel Networks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Sothink Flash Downloader For IE - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O15 - HKLM\..Trusted Domains: rbc.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: rbc.com ([*.oak.fg] * in Local intranet)
O15 - HKLM\..Trusted Domains: rbc.com ([mis.fg] https in Trusted sites)
O15 - HKLM\..Trusted Domains: rbc.com ([pmtprojectserver.fg] http in Trusted sites)
O15 - HKLM\..Trusted Domains: rbccm.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: rbccm.com ([crm] * in Local intranet)
O15 - HKLM\..Trusted Domains: royalbank.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: rbc.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: royalbank.com ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oak.fg.rbc.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7CDD4B1-2448-4BD0-9C0C-A8E2B9BEF111}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (c:\progra~1\sw-boo~1\assist~1.dll) - c:\Program Files\SW-Booster\Assistant.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINNT\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINNT\System32\tphklock.dll ()
O21 - SSODL: EldosMountNotificator-cbfs5 - {2FDAFB24-B169-4275-A542-BBBF7E571352} - C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {2FDAFB24-B169-4275-A542-BBBF7E571352} - Virtual Storage Mount Notification - C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
O24 - Desktop BackupWallPaper: C:\WINNT\RBCVGA.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/18 12:01:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
:COMMANDS [CREATERESTOREPOINT] :OTL PRC - [2014/08/26 15:40:15 | 001,082,880 | ---- | M] () -- D:\DATA\ALL USERS\APPLICATION DATA\VENUSAPP SOFTWARE\SW-BOOSTER\SW-BOOSTER.EXE MOD - [2014/08/26 15:40:15 | 001,082,880 | ---- | M] () -- D:\DATA\ALL USERS\APPLICATION DATA\VENUSAPP SOFTWARE\SW-BOOSTER\SW-BOOSTER.EXE MOD - [2014/08/26 15:40:06 | 004,296,192 | ---- | M] () -- C:\PROGRAM FILES\SW-BOOSTER\ASSISTANT.DLL MOD - [2014/08/26 15:40:06 | 000,174,928 | ---- | M] () -- C:\PROGRAM FILES\SW-BO
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/24 13:40:40 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\Browser AdBlocker
[2014/09/24 13:16:11 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\TAkeuTheCoUpOOn
[2014/09/24 13:04:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/09/19 14:00:31 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\FFindBeestDoeeall
[2014/09/09 21:40:03 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\ISavEr
[2014/08/28 17:27:10 | 000,000,000 | ---D | C] -- d:\data\NetworkService\Application Data\Yahoo!
[2014/08/26 15:41:23 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\Search-NeewTab
[2014/08/26 15:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Search-NeewTab
[2014/08/26 15:40:15 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\VenusApp Software
[2014/08/26 15:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\SW-Booster
[2014/08/26 15:39:08 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\Adblocker
[2014/08/26 15:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Adblocker
[2014/08/26 15:38:48 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\pricecHop
[2014/08/26 15:38:48 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\3eda283a8b7b0d3d
[2014/08/26 15:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\pricecHop
[2014/08/26 15:38:40 | 000,000,000 | ---D | C] -- d:\data\rainmaker\Local Settings\Application Data\Chromatic Browser
[2014/08/26 15:38:34 | 000,000,000 | ---D | C] -- d:\data\rainmaker\Local Settings\Application Data\Torch
[2014/08/26 15:38:24 | 000,000,000 | ---D | C] -- d:\data\rainmaker\Local Settings\Application Data\Comodo
[2014/08/26 15:37:47 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\InstallMate
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/24 21:24:32 | 000,000,880 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/24 21:24:32 | 000,000,564 | -H-- | M] () -- C:\WINNT\tasks\SW-Booster-S-787344154.job
[2014/09/24 21:23:46 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2014/09/24 15:00:00 | 000,000,884 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/24 14:47:00 | 000,000,826 | ---- | M] () -- C:\WINNT\tasks\Adobe Flash Player Updater.job
[2014/09/23 16:44:39 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2014/08/28 17:27:05 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2014/08/28 16:39:15 | 000,001,324 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
 
========== Files Created - No Company Name ==========
 
[2014/08/26 15:40:16 | 000,000,564 | -H-- | C] () -- C:\WINNT\tasks\SW-Booster-S-787344154.job
[2014/06/21 10:36:43 | 000,024,064 | ---- | C] () -- C:\WINNT\zoek-delete.exe
[2014/02/28 13:21:06 | 000,000,008 | RHS- | C] () -- d:\data\rainmaker\ntuser.pol
[2013/04/02 16:35:20 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
[2013/04/02 16:35:19 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
[2013/04/02 16:35:18 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2013/04/02 16:35:18 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2013/04/02 16:35:18 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2013/03/30 20:35:14 | 000,015,616 | ---- | C] () -- C:\WINNT\System32\drivers\TrueSight.sys
[2011/09/04 15:50:00 | 000,050,688 | ---- | C] () -- d:\data\rainmaker\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/03 12:52:54 | 000,000,118 | ---- | C] () -- d:\data\rainmaker\Local Settings\Application Data\fusioncache.dat
[2010/01/15 22:16:55 | 000,006,954 | RHS- | C] () -- d:\data\All Users\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2007/03/20 16:47:16 | 000,000,227 | RHS- | M] () -- C:\WINNT\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 01:35:10 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:01:53 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 00:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >

  • 0

#6
amanda222

amanda222

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Still getting some types of redirects.  When I am on a site- say google search results- I click on a link to access that page and in the process another tab in chrome opens up with some type of redirect or add.


  • 0

#7
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Still getting some types of redirects. When I am on a site- say google search results- I click on a link to access that page and in the process another tab in chrome opens up with some type of redirect or add.

 

Yup, I see it. Easiest way to do this is with FRST. Could you scan as described below and post the log and I'll take care of the remaining baddies.

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please downloadFarbar Recovery Scan Tool and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


  • 0

#8
amanda222

amanda222

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Ok, here are the logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-09-2014 01
Ran by rainmaker (administrator) on 3YFK943Z on 25-09-2014 14:08:33
Running from d:\data\rainmaker\Desktop
Loaded Profile: rainmaker (Available profiles: administrator & rainmaker & Admin & rbcadmin)
Platform: Microsoft Windows XP Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\WINNT\system32\smss.exe
(Microsoft Corporation) C:\WINNT\system32\winlogon.exe
(Microsoft Corporation) C:\WINNT\system32\services.exe
(Microsoft Corporation) C:\WINNT\system32\lsass.exe
() C:\WINNT\system32\ibmpmsvc.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\spoolsv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\WINNT\system32\rundll32.exe
(DameWare Development LLC) C:\WINNT\system32\DWRCS.EXE
() C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\WINNT\system32\msiexec.exe
(DameWare Development) C:\WINNT\system32\DWRCST.EXE
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Lenovo.) C:\WINNT\system32\TPHDEXLG.exe
(Alexandria Software Consulting) C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
(Microsoft Corporation) C:\WINNT\explorer.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
() D:\data\All Users\Application Data\VenusApp Software\SW-Booster\SW-Booster.exe
(IBM Corp.) C:\IBMTOOLS\utils\ibmprc.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
(Intel Corporation) C:\WINNT\system32\igfxtray.exe
(Intel Corporation) C:\WINNT\system32\hkcmd.exe
(Intel Corporation) C:\WINNT\system32\igfxpers.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\Mctray.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\WINNT\system32\rundll32.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo, Ltd. and IBM Corporation.) C:\WINNT\system32\TpShocks.exe
() C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
() C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
(Microsoft Corporation) C:\WINNT\system32\ctfmon.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
(Nortel Networks) C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
(Microsoft Corporation) C:\WINNT\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINNT\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\PBUpdate.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IBMPRC] => C:\IBMTOOLS\UTILS\ibmprc.exe [90112 2005-04-27] (IBM Corp.)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\Network Associates\Common Framework\UdaterUI.exe [136512 2007-12-14] (McAfee, Inc.)
HKLM\...\Run: [igfxtray] => C:\WINNT\system32\igfxtray.exe [94208 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINNT\system32\hkcmd.exe [77824 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINNT\system32\igfxpers.exe [118784 2006-09-15] (Intel Corporation)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-12-15] (Analog Devices, Inc.)
HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [BLOG] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [110592 2005-09-15] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [512000 2005-09-15] (Synaptics, Inc.)
HKLM\...\Run: [TpShocks] => C:\WINNT\system32\TpShocks.exe [106496 2005-11-07] (Lenovo, Ltd. and IBM Corporation.)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [94208 2006-02-01] ()
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [111952 2007-10-16] (McAfee, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2009-05-26] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [292136 2009-06-05] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\BitcasaBoot.exe "C:\Program Files\Bitcasa\Bitcasa.exe" /startup
HKLM\...\Winlogon: [Userinit] C:\WINNT\system32\userinit.exe,
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [UIHost] logonui.exe [x ] ()
Winlogon\Notify\crypt32chain: C:\WINNT\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINNT\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINNT\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINNT\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINNT\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINNT\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\tpfnf2: C:\WINNT\system32\notifyf2.dll ()
Winlogon\Notify\tphotkey: C:\WINNT\system32\tphklock.dll ()
Winlogon\Notify\wlballoon: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [ctfmon.exe] => C:\WINNT\system32\ctfmon.exe [15360 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [FLV Player] => D:\data\rainmaker\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [LiveSupport] => "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log 
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434528 2006-10-26] (Microsoft Corporation)
AppInit_DLLs: c:\progra~1\sw-boo~1\assist~1.dll => c:\Program Files\SW-Booster\Assistant.dll [4296192 2014-08-26] ()
Startup: d:\data\All Users\Start Menu\Programs\Startup\TunnelGuard Tray Monitor.lnk
ShortcutTarget: TunnelGuard Tray Monitor.lnk -> C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE (Nortel Networks)
SSODL: EldosMountNotificator-cbfs5 - {2FDAFB24-B169-4275-A542-BBBF7E571352} - C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 1EldosIconOverlay-cbfs5 -> {87AE300F-D62D-458A-B35A-B3B7B6F9EB65} => C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 2EldosIconOverlay-cbfs5 -> {F02BF715-CB7E-4DB6-AD09-227DB5FB4B29} => C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: BitcasaBadFileOverlay -> {EC168C82-5053-422A-BB08-3CD9ACA22E85} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: BitcasaIconOverlay -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: BitcasaMirrorOverlay -> {8C403C00-4544-4A53-879B-1949390CDE13} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: BitcasaNotMirrored -> {775CDDED-E6D2-4DD8-8C1F-158BEF44B62A} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: BitcasaProgressOverlay -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: EldosIconOverlay-cbfs5 -> {2A23874A-2B68-4C72-8A22-5B1FFADC5081} => C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: VirtualExpanderFile.1 -> {E4000AC4-5E5F-4956-807A-C5854405D64F} => C:\WINNT\system32\VirtualExpander\VEShellExt.dll (Sony Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fly...616&lg=EN&cc=US
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fly...616&lg=EN&cc=US
SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fly...616&lg=EN&cc=US
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fly...616&lg=EN&cc=US
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Search-NeewTab -> {1D2F45C0-E723-C694-063B-A958023E9A1B} -> C:\Program Files\Search-NeewTab\0trWpx5X.dll ()
BHO: ISavEr -> {48A88D8E-873A-2452-ACF4-2FD4456C5CD2} -> d:\data\All Users\Application Data\ISavEr\HqIxdafdhd.dll ()
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\system32\shell32.dll [8460800 2008-07-03] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default
FF Homepage: hxxp://search.easylifeapp.com/
FF SearchEngineOrder.1: WebSearch
FF DefaultSearchEngine: WebSearch
FF SelectedSearchEngine: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF Keyword.URL: hxxp://websearch.flyandsearch.info/?pid=724&r=2014/08/26&hid=5238787093181005616&lg=EN&cc=US&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\WebSearch.xml
FF Extension: Firebug - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\[email protected] [2012-12-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2008-11-05]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.easylifeapp.com/
CHR StartupUrls: Default -> "hxxp://search.easylifeapp.com/"
CHR DefaultSearchKeyword: Default -> websearch
CHR DefaultSearchProvider: Default -> WebSearch
CHR DefaultSearchURL: Default -> http://websearch.fly...616&lg=EN&cc=US
CHR DefaultSuggestURL: Default -> http://localhost
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoftî DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoftî DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Google Update) - d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - d:\data\rainmaker\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR CustomProfile: d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Mini Notepad) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apjhdoaiejppfmijnkopdcpjcngdlffj [2014-09-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-08]
CHR Extension: (Facepad for Facebook) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgaknhmchnjaphondjciheacngggiclo [2014-09-24]
CHR Extension: (YouTube Flags) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeammepjjllhpcfnkohocddkmdejjebc [2014-09-17]
CHR Extension: (Best Save) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifkgichhpmabepjkbkmfeclembjdbpml [2014-08-26]
CHR Extension: (Google Wallet) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-14]
CHR Extension: (Responsive Web Design Tester) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2014-09-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeFlashPlayerUpdateSvc; C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257696 2014-06-21] (Adobe Systems Incorporated)
S4 Alerter; C:\WINNT\system32\alrsvc.dll [17408 2004-08-04] (Microsoft Corporation)
R3 ALG; C:\WINNT\System32\alg.exe [44544 2004-08-04] (Microsoft Corporation)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.)
S3 AppMgmt; C:\WINNT\System32\appmgmts.dll [167936 2004-08-04] (Microsoft Corporation)
S3 aspnet_state; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
R2 AudioSrv; C:\WINNT\System32\audiosrv.dll [42496 2004-08-04] (Microsoft Corporation)
S3 BITS; C:\WINNT\system32\qmgr.dll [382464 2004-08-04] (Microsoft Corporation)
S2 Browser; C:\WINNT\System32\browser.dll [77312 2004-08-04] (Microsoft Corporation)
R2 c67abfdb; c:\Program Files\SW-Booster\AssistantSvc.dll [174928 2014-08-26] () [File not signed]
S2 CcmExec; C:\WINNT\system32\CCM\CcmExec.exe [578784 2006-02-09] (Microsoft Corporation)
S3 CiSvc; C:\WINNT\system32\cisvc.exe [5632 2004-08-04] (Microsoft Corporation)
S3 ClipSrv; C:\WINNT\system32\clipsrv.exe [33280 2004-08-04] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S3 COMSysApp; C:\WINNT\system32\dllhost.exe [5120 2004-08-04] (Microsoft Corporation)
R2 CryptSvc; C:\WINNT\System32\cryptsvc.dll [60416 2004-08-04] (Microsoft Corporation)
R2 DcomLaunch; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINNT\System32\dhcpcsvc.dll [111616 2006-05-19] (Microsoft Corporation)
S3 dmadmin; C:\WINNT\System32\dmadmin.exe [224768 2004-08-04] (Microsoft Corp., Veritas Software)
S3 dmserver; C:\WINNT\System32\dmserver.dll [23552 2004-08-04] (Microsoft Corp.)
R2 Dnscache; C:\WINNT\System32\dnsrslvr.dll [45568 2008-02-20] (Microsoft Corporation)
R2 DWMRCS; C:\WINNT\system32\DWRCS.EXE [222720 2007-07-25] (DameWare Development LLC) [File not signed]
R2 ERSvc; C:\WINNT\System32\ersvc.dll [23040 2004-08-04] (Microsoft Corporation)
R2 Eventlog; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINNT\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
S3 ExtranetAccess; C:\Program Files\Nexxia\Extranet_serv.exe [835584 2006-05-09] (Nortel Networks NA, Inc.) [File not signed]
S3 FastUserSwitchingCompatibility; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
R2 helpsvc; C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll [38912 2004-08-04] (Microsoft Corporation)
R2 HidServ; C:\WINNT\System32\hidserv.dll [21504 2004-08-04] (Microsoft Corporation)
S3 HTTPFilter; C:\WINNT\System32\w3ssl.dll [15872 2004-08-04] (Microsoft Corporation)
R2 IBM Rapid Restore Ultra Service; C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [385024 2005-10-06] () [File not signed]
R2 IBMPMSVC; C:\WINNT\system32\ibmpmsvc.exe [73782 2005-11-11] ()
S3 idsvc; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINNT\system32\imapi.exe [150016 2004-08-04] (Microsoft Corporation)
S3 iPassConnectEngine; C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe [1310720 2006-11-30] (iPass, Inc.) [File not signed]
R3 iPassPeriodicUpdateApp; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe [126976 2006-11-29] (iPass, Inc.) [File not signed]
R2 iPassPeriodicUpdateService; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe [86016 2006-11-29] (iPass, Inc.) [File not signed]
S4 Irmon; C:\WINNT\System32\irmon.dll [27136 2004-08-03] (Microsoft Corporation)
R2 lanmanserver; C:\WINNT\System32\srvsvc.dll [96768 2004-12-07] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINNT\System32\wkssvc.dll [134144 2009-06-10] (Microsoft Corporation)
R2 LmHosts; C:\WINNT\System32\lmhsvc.dll [13824 2004-08-04] (Microsoft Corporation)
R2 McAfeeFramework; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [103744 2007-12-14] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144704 2007-10-16] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54608 2007-10-16] (McAfee, Inc.)
S4 Messenger; C:\WINNT\System32\msgsvc.dll [33792 2004-08-04] (Microsoft Corporation)
S3 mnmsrvc; C:\WINNT\system32\mnmsrvc.exe [32768 2004-08-04] (Microsoft Corporation)
S3 MSDTC; C:\WINNT\system32\msdtc.exe [6144 2004-08-04] (Microsoft Corporation)
R2 MSIServer; C:\WINNT\System32\msiexec.exe [78848 2005-05-03] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
S4 NetDDE; C:\WINNT\system32\netdde.exe [111104 2004-08-04] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINNT\system32\netdde.exe [111104 2004-08-04] (Microsoft Corporation)
R2 Netlogon; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
R3 Netman; C:\WINNT\System32\netman.dll [197632 2005-08-22] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [132096 2008-07-29] (Microsoft Corporation)
R3 Nla; C:\WINNT\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 NtmsSvc; C:\WINNT\system32\ntmssvc.dll [435200 2004-08-04] (Microsoft Corporation)
R2 PlugPlay; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
S4 PolicyAgent; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 RasAuto; C:\WINNT\System32\rasauto.dll [89088 2004-08-04] (Microsoft Corporation)
R3 RasMan; C:\WINNT\System32\rasmans.dll [181248 2006-06-22] (Microsoft Corporation)
S3 RDSessMgr; C:\WINNT\system32\sessmgr.exe [140800 2004-08-04] (Microsoft Corporation)
S4 RemoteAccess; C:\WINNT\System32\mprdim.dll [49152 2002-08-29] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINNT\system32\regsvc.dll [59904 2004-08-04] (Microsoft Corporation)
S3 RpcLocator; C:\WINNT\system32\locator.exe [75264 2004-08-04] (Microsoft Corporation)
R2 RpcSs; C:\WINNT\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINNT\system32\rsvp.exe [132608 2002-08-29] (Microsoft Corporation)
R2 SamSs; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 SCardSvr; C:\WINNT\System32\SCardSvr.exe [95744 2004-08-04] (Microsoft Corporation)
R2 Schedule; C:\WINNT\system32\schedsvc.dll [190976 2004-08-04] (Microsoft Corporation)
R2 seclogon; C:\WINNT\System32\seclogon.dll [18944 2004-08-04] (Microsoft Corporation)
R2 SENS; C:\WINNT\system32\sens.dll [38912 2004-08-04] (Microsoft Corporation)
R2 SharedAccess; C:\WINNT\System32\ipnathlp.dll [331264 2004-08-04] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
R2 Spooler; C:\WINNT\system32\spoolsv.exe [57856 2005-06-10] (Microsoft Corporation)
R2 srservice; C:\WINNT\system32\srsvc.dll [170496 2004-08-04] (Microsoft Corporation)
R3 SSDPSRV; C:\WINNT\System32\ssdpsrv.dll [71680 2004-08-04] (Microsoft Corporation)
R2 stisvc; C:\WINNT\system32\wiaservc.dll [333824 2006-12-19] (Microsoft Corporation)
S3 SwPrv; C:\WINNT\system32\dllhost.exe [5120 2004-08-04] (Microsoft Corporation)
S3 SysmonLog; C:\WINNT\system32\smlogsvc.exe [89600 2004-08-04] (Microsoft Corporation)
R3 TapiSrv; C:\WINNT\System32\tapisrv.dll [249344 2005-07-08] (Microsoft Corporation)
R3 TermService; C:\WINNT\System32\termsrv.dll [295424 2004-08-04] (Microsoft Corporation)
R2 Themes; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
S3 TlntSvr; C:\WINNT\system32\tlntsvr.exe [73216 2004-08-04] (Microsoft Corporation)
R2 TPHDEXLGSVC; C:\WINNT\System32\TPHDEXLG.EXE [77824 2005-06-20] (Lenovo.) [File not signed]
R2 TrkWks; C:\WINNT\system32\trkwks.dll [90624 2004-08-04] (Microsoft Corporation)
R2 tunnelguardservice; c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe [53248 2005-09-06] (Alexandria Software Consulting) [File not signed]
S3 upnphost; C:\WINNT\System32\upnphost.dll [185344 2007-02-05] (Microsoft Corporation)
S3 UPS; C:\WINNT\System32\ups.exe [18432 2004-08-04] (Microsoft Corporation)
S3 VSS; C:\WINNT\System32\vssvc.exe [289792 2004-08-04] (Microsoft Corporation)
R2 W32Time; C:\WINNT\system32\w32time.dll [174592 2004-08-04] (Microsoft Corporation)
R2 WebClient; C:\WINNT\System32\webclnt.dll [68096 2006-01-03] (Microsoft Corporation)
R2 winmgmt; C:\WINNT\system32\wbem\WMIsvc.dll [144896 2004-08-04] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINNT\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
S3 Wmi; C:\WINNT\System32\advapi32.dll [617984 2009-02-09] (Microsoft Corporation)
S3 WmiApSrv; C:\WINNT\system32\wbem\wmiapsrv.exe [126464 2004-08-04] (Microsoft Corporation)
S2 wscsvc; C:\WINNT\system32\wscsvc.dll [81408 2004-08-04] (Microsoft Corporation)
R2 wuauserv; C:\WINNT\system32\wuauserv.dll [6656 2004-08-04] (Microsoft Corporation)
S3 WudfSvc; C:\WINNT\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
R2 WZCSVC; C:\WINNT\System32\wzcsvc.dll [474624 2005-04-20] (Microsoft Corporation)
S3 xmlprov; C:\WINNT\System32\xmlprov.dll [129536 2004-08-04] (Microsoft Corporation)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 magaService; c:\Program Files\Sygate\SSA\maga\maga.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ACPI; C:\WINNT\System32\DRIVERS\ACPI.sys [187776 2004-08-04] (Microsoft Corporation)
R0 ACPIEC; C:\WINNT\System32\DRIVERS\ACPIEC.sys [11648 2002-08-29] (Microsoft Corporation)
R3 ADIHdAudAddService; C:\WINNT\System32\drivers\ADIHdAud.sys [173056 2005-12-15] (Analog Devices, Inc.)
R3 AEAudioService; C:\WINNT\System32\drivers\AEAudio.sys [152960 2005-12-15] (Andrea Electronics Corporation)
S3 aec; C:\WINNT\System32\drivers\aec.sys [142464 2004-08-03] (Microsoft Corporation)
R1 AFD; C:\WINNT\System32\drivers\afd.sys [138368 2008-08-14] (Microsoft Corporation)
R0 ANCSQ; C:\WINNT\System32\drivers\ANCSQ.sys [6912 2005-04-27] (IBM Corp.) [File not signed]
S3 AsyncMac; C:\WINNT\System32\DRIVERS\asyncmac.sys [14336 2004-08-03] (Microsoft Corporation)
R0 atapi; C:\WINNT\System32\DRIVERS\atapi.sys [95360 2004-08-03] (Microsoft Corporation)
S3 Atmarpc; C:\WINNT\System32\DRIVERS\atmarpc.sys [59904 2004-08-03] (Microsoft Corporation)
R3 atmeltpm; C:\WINNT\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.)
R3 audstub; C:\WINNT\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R1 Beep; C:\WINNT\system32\Drivers\Beep.sys [4224 2002-08-29] (Microsoft Corporation)
R1 cbfs5; C:\WINNT\system32\drivers\cbfs5.sys [346688 2013-11-25] (EldoS Corporation)
S4 cbidf2k; C:\WINNT\system32\Drivers\cbidf2k.sys [13952 2002-08-29] (Microsoft Corporation)
S1 Cdaudio; C:\WINNT\system32\Drivers\Cdaudio.sys [18688 2002-08-29] (Microsoft Corporation)
S4 Cdfs; C:\WINNT\system32\Drivers\Cdfs.sys [63744 2004-08-03] (Microsoft Corporation)
R1 Cdrom; C:\WINNT\System32\DRIVERS\cdrom.sys [49536 2004-08-04] (Microsoft Corporation)
R3 CmBatt; C:\WINNT\System32\DRIVERS\CmBatt.sys [14080 2004-08-03] (Microsoft Corporation)
R0 Compbatt; C:\WINNT\System32\DRIVERS\compbatt.sys [9344 2001-08-17] (Microsoft Corporation)
R0 Disk; C:\WINNT\System32\DRIVERS\disk.sys [36352 2004-08-04] (Microsoft Corporation)
S4 dmboot; C:\WINNT\System32\drivers\dmboot.sys [799744 2004-08-03] (Microsoft Corp., Veritas Software)
S4 dmio; C:\WINNT\System32\drivers\dmio.sys [153344 2004-08-03] (Microsoft Corp., Veritas Software)
S4 dmload; C:\WINNT\System32\drivers\dmload.sys [5888 2002-08-29] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINNT\System32\drivers\DMusic.sys [52864 2004-08-03] (Microsoft Corporation)
S3 drmkaud; C:\WINNT\System32\drivers\drmkaud.sys [2944 2004-08-03] (Microsoft Corporation)
R3 DwMirror; C:\WINNT\System32\DRIVERS\DamewareMini.sys [2944 2007-02-07] (DameWare Development, Inc.)
R1 dwvkbd; C:\WINNT\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
R3 e1express; C:\WINNT\System32\DRIVERS\e1e5132.sys [181760 2006-01-22] (Intel Corporation)
R3 Eacfilt; C:\WINNT\System32\DRIVERS\eacfilt.sys [24521 2006-05-09] (Nortel Networks) [File not signed]
R2 EGATHDRV; C:\WINNT\SYSTEM32\EGATHDRV.SYS [5427 2005-04-27] (IBM Corporation) [File not signed]
S4 Fastfat; C:\WINNT\system32\Drivers\Fastfat.sys [143360 2004-08-03] (Microsoft Corporation)
S1 Fdc; C:\WINNT\system32\Drivers\Fdc.sys [27392 2004-08-04] (Microsoft Corporation)
R1 Fips; C:\WINNT\system32\Drivers\Fips.sys [34944 2002-08-29] (Microsoft Corporation)
S3 FLMCKUSB; C:\WINNT\System32\Drivers\FLMckUSB.sys [69810 2004-12-15] (AuthenTec, Inc.)
S1 Flpydisk; C:\WINNT\system32\Drivers\Flpydisk.sys [20480 2004-08-04] (Microsoft Corporation)
R0 FltMgr; C:\WINNT\System32\DRIVERS\fltMgr.sys [124800 2004-08-03] (Microsoft Corporation)
U1 Fs_Rec; C:\WINNT\system32\Drivers\Fs_Rec.sys [7936 2002-08-29] (Microsoft Corporation)
R0 Ftdisk; C:\WINNT\System32\DRIVERS\ftdisk.sys [125056 2002-08-29] (Microsoft Corporation)
R3 GEARAspiWDM; C:\WINNT\System32\DRIVERS\GEARAspiWDM.sys [23400 2009-03-19] (GEAR Software Inc.)
R3 Gpc; C:\WINNT\System32\DRIVERS\msgpc.sys [35072 2004-08-03] (Microsoft Corporation)
R3 HDAudBus; C:\WINNT\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows ® Server 2003 DDK provider) [File not signed]
S3 HidUsb; C:\WINNT\System32\DRIVERS\hidusb.sys [9600 2001-08-17] (Microsoft Corporation)
R3 HSF_DPV; C:\WINNT\System32\DRIVERS\hsx_dpv.sys [936448 2005-12-06] (Conexant Systems, Inc.)
R3 HSXHWAZL; C:\WINNT\System32\DRIVERS\hsxhwazl.sys [192512 2005-12-06] (Conexant Systems, Inc.)
R3 HTTP; C:\WINNT\System32\Drivers\HTTP.sys [263552 2009-10-20] (Microsoft Corporation)
R1 i8042prt; C:\WINNT\System32\DRIVERS\i8042prt.sys [52736 2004-08-04] (Microsoft Corporation)
R3 ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [1173468 2006-09-15] (Intel Corporation) [File not signed]
R0 iaStor; C:\WINNT\System32\drivers\iaStor.sys [874240 2005-10-12] (Intel Corporation)
R2 ibmfilter; C:\WINNT\system32\drivers\ibmfilter.sys [63616 2005-04-27] (IBM) [File not signed]
R3 IBMPMDRV; C:\WINNT\System32\DRIVERS\ibmpmdrv.sys [10112 2005-11-11] (Lenovo.)
R1 Imapi; C:\WINNT\System32\DRIVERS\imapi.sys [41856 2004-08-04] (Microsoft Corporation)
R0 IntelIde; C:\WINNT\System32\DRIVERS\intelide.sys [5504 2004-08-03] (Microsoft Corporation)
R1 intelppm; C:\WINNT\System32\DRIVERS\intelppm.sys [36096 2004-08-04] (Microsoft Corporation)
S3 Ip6Fw; C:\WINNT\System32\DRIVERS\Ip6Fw.sys [29056 2004-08-03] (Microsoft Corporation)
R2 iPassP; C:\WINNT\System32\DRIVERS\iPassP.sys [21419 2009-04-25] (Meetinghouse Data Communications) [File not signed]
S3 IpFilterDriver; C:\WINNT\System32\DRIVERS\ipfltdrv.sys [32896 2002-08-29] (Microsoft Corporation)
S3 IpInIp; C:\WINNT\System32\DRIVERS\ipinip.sys [20992 2004-08-03] (Microsoft Corporation)
R3 IpNat; C:\WINNT\System32\DRIVERS\ipnat.sys [134912 2004-08-03] (Microsoft Corporation)
R1 IPSec; C:\WINNT\System32\DRIVERS\ipsec.sys [74752 2004-08-03] (Microsoft Corporation)
S3 IPSECEXT; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155216 2006-05-09] (Nortel Networks NA, Inc.) [File not signed]
R3 IPSECSHM; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155216 2006-05-09] (Nortel Networks NA, Inc.) [File not signed]
R2 irda; C:\WINNT\System32\DRIVERS\irda.sys [87424 2004-08-03] (Microsoft Corporation)
R3 IRENUM; C:\WINNT\System32\DRIVERS\irenum.sys [11264 2004-08-03] (Microsoft Corporation)
R0 isapnp; C:\WINNT\System32\DRIVERS\isapnp.sys [35840 2002-08-29] (Microsoft Corporation)
R1 Kbdclass; C:\WINNT\System32\DRIVERS\kbdclass.sys [24576 2004-08-04] (Microsoft Corporation)
S1 kbdhid; C:\WINNT\System32\DRIVERS\kbdhid.sys [14848 2004-08-03] (Microsoft Corporation)
R3 kmixer; C:\WINNT\System32\drivers\kmixer.sys [171776 2004-08-03] (Microsoft Corporation)
R0 KSecDD; C:\WINNT\system32\Drivers\KSecDD.sys [92544 2009-06-22] (Microsoft Corporation)
R2 mdmxsdk; C:\WINNT\System32\DRIVERS\mdmxsdk.sys [12544 2005-10-05] (Conexant)
R3 mfeapfk; C:\WINNT\System32\drivers\mfeapfk.sys [64168 2007-10-16] (McAfee, Inc.)
R3 mfeavfk; C:\WINNT\System32\drivers\mfeavfk.sys [72680 2007-10-16] (McAfee, Inc.)
R3 mfebopk; C:\WINNT\System32\drivers\mfebopk.sys [33960 2007-10-16] (McAfee, Inc.)
R3 mfehidk; C:\WINNT\System32\drivers\mfehidk.sys [171272 2007-10-16] (McAfee, Inc.)
R1 mferkdk; C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [31784 2007-10-16] (McAfee, Inc.)
R1 mfetdik; C:\WINNT\System32\drivers\mfetdik.sys [51944 2007-10-16] (McAfee, Inc.)
R1 mnmdd; C:\WINNT\system32\Drivers\mnmdd.sys [4224 2002-08-29] (Microsoft Corporation)
R3 Modem; C:\WINNT\system32\Drivers\Modem.sys [30080 2004-08-04] (Microsoft Corporation)
R1 Mouclass; C:\WINNT\System32\DRIVERS\mouclass.sys [23040 2004-08-04] (Microsoft Corporation)
S3 mouhid; C:\WINNT\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation)
R0 MountMgr; C:\WINNT\system32\Drivers\MountMgr.sys [42240 2004-08-03] (Microsoft Corporation)
R3 MRxDAV; C:\WINNT\System32\DRIVERS\mrxdav.sys [179584 2007-12-18] (Microsoft Corporation)
R1 MRxSmb; C:\WINNT\System32\DRIVERS\mrxsmb.sys [454016 2010-02-24] (Microsoft Corporation)
R1 Msfs; C:\WINNT\system32\Drivers\Msfs.sys [19072 2004-08-03] (Microsoft Corporation)
S3 MSKSSRV; C:\WINNT\System32\drivers\MSKSSRV.sys [7552 2004-08-03] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINNT\System32\drivers\MSPCLOCK.sys [5376 2004-08-03] (Microsoft Corporation)
S3 MSPQM; C:\WINNT\System32\drivers\MSPQM.sys [4992 2004-08-03] (Microsoft Corporation)
R3 mssmbios; C:\WINNT\System32\DRIVERS\mssmbios.sys [15488 2004-08-04] (Microsoft Corporation)
R0 Mup; C:\WINNT\system32\Drivers\Mup.sys [107904 2004-08-03] (Microsoft Corporation)
R0 NDIS; C:\WINNT\system32\Drivers\NDIS.sys [182912 2004-08-03] (Microsoft Corporation)
R3 NdisTapi; C:\WINNT\System32\DRIVERS\ndistapi.sys [9600 2002-08-29] (Microsoft Corporation)
R3 Ndisuio; C:\WINNT\System32\DRIVERS\ndisuio.sys [14592 2005-04-19] (Microsoft Corporation)
R3 NdisWan; C:\WINNT\System32\DRIVERS\ndiswan.sys [91776 2004-08-03] (Microsoft Corporation)
R3 NDProxy; C:\WINNT\system32\Drivers\NDProxy.sys [38016 2002-08-29] (Microsoft Corporation)
R1 NetBIOS; C:\WINNT\System32\DRIVERS\netbios.sys [34560 2004-08-03] (Microsoft Corporation)
R1 NetBT; C:\WINNT\System32\DRIVERS\netbt.sys [162816 2004-08-03] (Microsoft Corporation)
R3 NETw3x32; C:\WINNT\System32\DRIVERS\NETw3x32.sys [1709696 2006-09-27] (Intel® Corporation)
R1 Npfs; C:\WINNT\system32\Drivers\Npfs.sys [30848 2004-08-03] (Microsoft Corporation)
R3 NSCIRDA; C:\WINNT\System32\DRIVERS\nscirda.sys [28672 2004-08-03] (National Semiconductor Corporation)
R4 Ntfs; C:\WINNT\system32\Drivers\Ntfs.sys [574592 2004-08-03] (Microsoft Corporation)
R1 Null; C:\WINNT\system32\Drivers\Null.sys [2944 2002-08-29] (Microsoft Corporation)
S3 NwlnkFlt; C:\WINNT\System32\DRIVERS\nwlnkflt.sys [12416 2002-08-29] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINNT\System32\DRIVERS\nwlnkfwd.sys [32512 2002-08-29] (Microsoft Corporation)
S3 Parport; C:\WINNT\System32\DRIVERS\parport.sys [80128 2004-08-04] (Microsoft Corporation)
R0 PartMgr; C:\WINNT\system32\Drivers\PartMgr.sys [18688 2002-08-29] (Microsoft Corporation)
S4 ParVdm; C:\WINNT\system32\Drivers\ParVdm.sys [6784 2002-08-29] (Microsoft Corporation)
R0 PCI; C:\WINNT\System32\DRIVERS\pci.sys [68224 2004-08-03] (Microsoft Corporation)
R0 PCIIde; C:\WINNT\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation)
R0 Pcmcia; C:\WINNT\System32\DRIVERS\pcmcia.sys [119936 2004-08-04] (Microsoft Corporation)
R3 PptpMiniport; C:\WINNT\System32\DRIVERS\raspptp.sys [48384 2004-08-03] (Microsoft Corporation)
S3 prepdrvr; C:\WINNT\system32\CCM\prepdrv.sys [20704 2006-02-09] (Microsoft Corporation)
S4 psadd; C:\WINNT\system32\Drivers\psadd.sys [13184 2007-03-20] (IBM Corporation) [File not signed]
R3 PSched; C:\WINNT\System32\DRIVERS\psched.sys [69120 2004-08-03] (Microsoft Corporation)
R3 Ptilink; C:\WINNT\System32\DRIVERS\ptilink.sys [17792 2002-08-29] (Parallel Technologies, Inc.)
R0 PxHelp20; C:\WINNT\System32\Drivers\PxHelp20.sys [20576 2007-03-20] (Sonic Solutions) [File not signed]
R1 RasAcd; C:\WINNT\System32\DRIVERS\rasacd.sys [8832 2002-08-29] (Microsoft Corporation)
R3 Rasirda; C:\WINNT\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 Rasl2tp; C:\WINNT\System32\DRIVERS\rasl2tp.sys [51328 2004-08-03] (Microsoft Corporation)
R3 RasPppoe; C:\WINNT\System32\DRIVERS\raspppoe.sys [41472 2004-08-03] (Microsoft Corporation)
R3 Raspti; C:\WINNT\System32\DRIVERS\raspti.sys [16512 2002-08-29] (Microsoft Corporation)
R1 Rdbss; C:\WINNT\System32\DRIVERS\rdbss.sys [174592 2006-05-05] (Microsoft Corporation)
R1 RDPCDD; C:\WINNT\System32\DRIVERS\RDPCDD.sys [4224 2002-08-29] (Microsoft Corporation)
R3 rdpdr; C:\WINNT\System32\DRIVERS\rdpdr.sys [196864 2004-08-03] (Microsoft Corporation)
S3 RDPWD; C:\WINNT\system32\Drivers\RDPWD.sys [139528 2005-06-10] (Microsoft Corporation)
R1 redbook; C:\WINNT\System32\DRIVERS\redbook.sys [57472 2004-08-03] (Microsoft Corporation)
S3 Secdrv; C:\WINNT\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 serenum; C:\WINNT\System32\DRIVERS\serenum.sys [15488 2004-08-04] (Microsoft Corporation)
S3 Serial; C:\WINNT\System32\DRIVERS\serial.sys [64896 2004-08-04] (Microsoft Corporation)
S1 Sfloppy; C:\WINNT\system32\Drivers\Sfloppy.sys [11392 2004-08-04] (Microsoft Corporation)
R1 ShockMgr; C:\WINNT\system32\Drivers\ShockMgr.sys [4736 2005-06-20] (Lenovo.) [File not signed]
R0 Shockprf; C:\WINNT\system32\Drivers\Shockprf.sys [85760 2005-11-30] (Lenovo) [File not signed]
R1 Smapint; C:\WINNT\System32\drivers\Smapint.sys [14848 2005-11-30] (Microsoft Corporation) [File not signed]
S3 splitter; C:\WINNT\System32\drivers\splitter.sys [6400 2004-08-03] (Microsoft Corporation)
R0 sr; C:\WINNT\System32\DRIVERS\sr.sys [73472 2004-08-03] (Microsoft Corporation)
R3 Srv; C:\WINNT\System32\DRIVERS\srv.sys [352640 2009-12-31] (Microsoft Corporation)
R3 swenum; C:\WINNT\System32\DRIVERS\swenum.sys [4352 2004-08-04] (Microsoft Corporation)
S3 swmidi; C:\WINNT\System32\drivers\swmidi.sys [54272 2001-08-17] (Microsoft Corporation)
R0 Symmpi; C:\WINNT\System32\DRIVERS\symmpi.sys [99328 2007-03-20] (LSI Logic) [File not signed]
R3 SynTP; C:\WINNT\System32\DRIVERS\SynTP.sys [177664 2005-09-15] (Synaptics, Inc.)
R3 sysaudio; C:\WINNT\System32\drivers\sysaudio.sys [60800 2004-08-03] (Microsoft Corporation)
R1 Tcpip; C:\WINNT\System32\DRIVERS\tcpip.sys [360320 2008-06-20] (Microsoft Corporation)
S3 TcUsb; C:\WINNT\System32\Drivers\tcusb.sys [24832 2004-11-04] (UPEK Inc.)
S3 TDPIPE; C:\WINNT\system32\Drivers\TDPIPE.sys [12040 2004-08-04] (Microsoft Corporation)
R1 TDSMAPI; C:\WINNT\System32\drivers\TDSMAPI.SYS [9343 2005-11-30] () [File not signed]
S3 TDTCP; C:\WINNT\system32\Drivers\TDTCP.sys [21896 2004-08-04] (Microsoft Corporation)
R1 TermDD; C:\WINNT\System32\DRIVERS\termdd.sys [40840 2004-08-04] (Microsoft Corporation)
S3 tpflhlp; c:\drivers\t60\bios\tpflhlp.sys [13360 2007-08-09] (Lenovo Group Limited)
R1 TPHKDRV; C:\WINNT\system32\Drivers\TPHKDRV.sys [17699 2006-02-01] (IBM Corporation) [File not signed]
R1 TPPWRIF; C:\WINNT\System32\drivers\Tppwrif.sys [4442 2005-12-07] () [File not signed]
S4 Udfs; C:\WINNT\system32\Drivers\Udfs.sys [66176 2004-08-03] (Microsoft Corporation)
R3 Update; C:\WINNT\System32\DRIVERS\update.sys [209408 2004-08-03] (Microsoft Corporation)
S3 USBAAPL; C:\WINNT\System32\Drivers\usbaapl.sys [39424 2009-06-05] (Apple, Inc.)
S3 usbaudio; C:\WINNT\System32\drivers\usbaudio.sys [59264 2004-08-03] (Microsoft Corporation)
S3 usbccgp; C:\WINNT\System32\DRIVERS\usbccgp.sys [31616 2004-08-03] (Microsoft Corporation)
R3 usbehci; C:\WINNT\System32\DRIVERS\usbehci.sys [26624 2004-08-03] (Microsoft Corporation)
R3 usbhub; C:\WINNT\System32\DRIVERS\usbhub.sys [57600 2004-08-03] (Microsoft Corporation)
S3 usbscan; C:\WINNT\System32\DRIVERS\usbscan.sys [15104 2004-08-03] (Microsoft Corporation)
S3 USBSTOR; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [26496 2004-08-03] (Microsoft Corporation)
R3 usbuhci; C:\WINNT\System32\DRIVERS\usbuhci.sys [20480 2004-08-04] (Microsoft Corporation)
R1 VgaSave; C:\WINNT\System32\drivers\vga.sys [20992 2004-08-03] (Microsoft Corporation)
R0 VolSnap; C:\WINNT\system32\Drivers\VolSnap.sys [52352 2004-08-03] (Microsoft Corporation)
S3 w39n51; C:\WINNT\System32\DRIVERS\w39n51.sys [1428096 2005-12-05] (Intel® Corporation)
R3 Wanarp; C:\WINNT\System32\DRIVERS\wanarp.sys [34560 2004-08-03] (Microsoft Corporation)
R3 wdmaud; C:\WINNT\System32\drivers\wdmaud.sys [82944 2004-08-03] (Microsoft Corporation)
R3 winachsf; C:\WINNT\System32\DRIVERS\hsx_cnxt.sys [670208 2005-12-06] (Conexant Systems, Inc.)
R1 WS2IFSL; C:\WINNT\System32\drivers\ws2ifsl.sys [12032 2002-08-29] (Microsoft Corporation)
S3 WudfPf; C:\WINNT\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation)
S3 WudfRd; C:\WINNT\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation)
U1 RCHelp; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-25 14:08 - 2014-09-25 14:09 - 00048550 _____ () d:\data\rainmaker\Desktop\FRST.txt
2014-09-25 14:08 - 2014-09-25 14:09 - 00000000 ____D () C:\FRST
2014-09-25 14:08 - 2014-09-25 14:07 - 01100800 _____ (Farbar) d:\data\rainmaker\Desktop\FRST.exe
2014-09-25 14:02 - 2014-09-25 14:02 - 00000000 ____D () C:\Program Files\TAkeuTheCoUpOOn
2014-09-25 14:02 - 2014-09-25 14:02 - 00000000 ____D () C:\Program Files\FFindBeestDoeeall
2014-09-24 13:40 - 2014-09-24 13:40 - 00000000 ____D () d:\data\All Users\Application Data\Browser AdBlocker
2014-09-24 13:16 - 2014-09-25 14:04 - 00000000 ____D () d:\data\All Users\Application Data\TAkeuTheCoUpOOn
2014-09-19 14:00 - 2014-09-25 14:04 - 00000000 ____D () d:\data\All Users\Application Data\FFindBeestDoeeall
2014-09-09 21:40 - 2014-09-09 21:40 - 00000000 ____D () d:\data\All Users\Application Data\ISavEr
2014-08-28 17:27 - 2014-08-28 17:27 - 00000000 ____D () d:\data\NetworkService\Application Data\Yahoo!
2014-08-26 15:50 - 2014-08-26 15:50 - 00000775 _____ () d:\data\rainmaker\Application Data\Explorer.EXE_log.txt
2014-08-26 15:41 - 2014-08-26 15:41 - 00000000 ____D () d:\data\All Users\Application Data\Search-NeewTab
2014-08-26 15:41 - 2014-08-26 15:41 - 00000000 ____D () C:\Program Files\Search-NeewTab
2014-08-26 15:40 - 2014-09-25 14:04 - 00000564 ____H () C:\WINNT\Tasks\SW-Booster-S-787344154.job
2014-08-26 15:40 - 2014-08-26 16:05 - 00000827 _____ () d:\data\rainmaker\Application Data\LiveSupport.exe_log.txt
2014-08-26 15:40 - 2014-08-26 16:05 - 00000082 _____ () d:\data\rainmaker\Application Data\regsvr32.exe_log.txt
2014-08-26 15:40 - 2014-08-26 15:40 - 00000000 ____D () d:\data\All Users\Application Data\VenusApp Software
2014-08-26 15:40 - 2014-08-26 15:40 - 00000000 ____D () C:\Program Files\SW-Booster
2014-08-26 15:39 - 2014-09-25 14:04 - 00000000 ____D () d:\data\All Users\Application Data\Adblocker
2014-08-26 15:39 - 2014-08-26 15:39 - 00000000 ____D () C:\Program Files\Adblocker
2014-08-26 15:38 - 2014-09-25 14:02 - 00000000 ____D () d:\data\All Users\Application Data\3eda283a8b7b0d3d
2014-08-26 15:38 - 2014-09-25 13:53 - 00000000 ____D () d:\data\All Users\Application Data\pricecHop
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () C:\Program Files\pricecHop
2014-08-26 15:37 - 2014-08-26 15:40 - 00000000 ____D () d:\data\All Users\Application Data\InstallMate
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-25 14:09 - 2014-09-25 14:08 - 00048550 _____ () d:\data\rainmaker\Desktop\FRST.txt
2014-09-25 14:09 - 2014-09-25 14:08 - 00000000 ____D () C:\FRST
2014-09-25 14:09 - 2014-06-21 10:36 - 00000000 ____D () d:\data\rainmaker\Local Settings\temp
2014-09-25 14:09 - 2014-06-21 10:36 - 00000000 ____D () C:\WINNT\Temp
2014-09-25 14:08 - 2011-09-03 12:52 - 00001024 ____H () d:\data\rainmaker\ntuser.dat.LOG
2014-09-25 14:08 - 2011-09-03 12:52 - 00000000 ____D () d:\data\rainmaker\Desktop
2014-09-25 14:07 - 2014-09-25 14:08 - 01100800 _____ (Farbar) d:\data\rainmaker\Desktop\FRST.exe
2014-09-25 14:07 - 2011-09-04 14:55 - 00000000 ____D () d:\data\rainmaker\My Documents\Downloads
2014-09-25 14:07 - 2006-10-18 12:00 - 01667496 _____ () C:\WINNT\WindowsUpdate.log
2014-09-25 14:06 - 2007-03-20 16:43 - 00001024 ____H () d:\data\NetworkService\ntuser.dat.LOG
2014-09-25 14:06 - 2007-03-20 16:43 - 00001024 ____H () d:\data\LocalService\ntuser.dat.LOG
2014-09-25 14:05 - 2006-10-18 07:58 - 00000159 _____ () C:\WINNT\wiadebug.log
2014-09-25 14:04 - 2014-09-24 13:16 - 00000000 ____D () d:\data\All Users\Application Data\TAkeuTheCoUpOOn
2014-09-25 14:04 - 2014-09-19 14:00 - 00000000 ____D () d:\data\All Users\Application Data\FFindBeestDoeeall
2014-09-25 14:04 - 2014-08-26 15:40 - 00000564 ____H () C:\WINNT\Tasks\SW-Booster-S-787344154.job
2014-09-25 14:04 - 2014-08-26 15:39 - 00000000 ____D () d:\data\All Users\Application Data\Adblocker
2014-09-25 14:04 - 2014-06-18 12:55 - 00000880 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 14:04 - 2011-09-03 12:52 - 00000062 ___SH () d:\data\rainmaker\Local Settings\desktop.ini
2014-09-25 14:04 - 2007-03-20 16:43 - 00000062 ___SH () d:\data\NetworkService\Local Settings\desktop.ini
2014-09-25 14:04 - 2007-03-20 16:43 - 00000062 ___SH () d:\data\LocalService\Local Settings\desktop.ini
2014-09-25 14:04 - 2007-03-20 16:43 - 00000006 ____H () C:\WINNT\Tasks\SA.DAT
2014-09-25 14:04 - 2006-10-18 07:58 - 00000049 _____ () C:\WINNT\wiaservc.log
2014-09-25 14:03 - 2012-12-23 21:48 - 00000278 ___SH () d:\data\rainmaker\ntuser.ini
2014-09-25 14:03 - 2011-09-03 12:52 - 11010048 ____H () d:\data\rainmaker\NTUSER.DAT
2014-09-25 14:03 - 2007-03-20 16:43 - 00262144 ____H () d:\data\NetworkService\NTUSER.DAT
2014-09-25 14:03 - 2007-03-20 16:43 - 00262144 ____H () d:\data\LocalService\NTUSER.DAT
2014-09-25 14:03 - 2007-03-20 16:43 - 00032512 _____ () C:\WINNT\SchedLgU.Txt
2014-09-25 14:02 - 2014-09-25 14:02 - 00000000 ____D () C:\Program Files\TAkeuTheCoUpOOn
2014-09-25 14:02 - 2014-09-25 14:02 - 00000000 ____D () C:\Program Files\FFindBeestDoeeall
2014-09-25 14:02 - 2014-08-26 15:38 - 00000000 ____D () d:\data\All Users\Application Data\3eda283a8b7b0d3d
2014-09-25 14:02 - 2007-09-01 04:06 - 00010520 _____ () C:\setaid2.log
2014-09-25 14:02 - 2006-10-18 07:54 - 00000000 ____D () C:\WINNT
2014-09-25 14:01 - 2011-09-03 12:52 - 00000000 ____D () d:\data\rainmaker\Start Menu\Programs
2014-09-25 14:00 - 2014-06-18 12:55 - 00000884 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 13:59 - 2011-09-03 12:52 - 00000000 ___HD () d:\data\rainmaker\Recent
2014-09-25 13:57 - 2013-09-25 13:27 - 00020309 _____ () d:\data\rainmaker\Desktop\p1647062750-2.jpg
2014-09-25 13:53 - 2014-08-26 15:38 - 00000000 ____D () d:\data\All Users\Application Data\pricecHop
2014-09-25 13:51 - 2006-10-18 07:56 - 00000000 ____D () d:\data\All Users\Start Menu\Programs
2014-09-25 13:51 - 2006-10-18 07:56 - 00000000 ____D () d:\data\All Users\Desktop
2014-09-25 13:50 - 2007-08-31 14:17 - 02336751 _____ () C:\engine.log
2014-09-25 13:48 - 2007-03-20 16:43 - 00000000 ____D () d:\data\NetworkService\Local Settings\Temp
2014-09-24 22:04 - 2006-10-18 07:56 - 00146808 _____ () C:\WINNT\system32\FNTCACHE.DAT
2014-09-24 21:47 - 2012-04-14 14:35 - 00000826 _____ () C:\WINNT\Tasks\Adobe Flash Player Updater.job
2014-09-24 15:08 - 2011-09-03 12:52 - 00000000 ____D () d:\data\rainmaker
2014-09-24 14:12 - 2013-04-02 17:26 - 00008896 _____ () C:\WINNT\system32\TPAPSLOG.LOG
2014-09-24 13:40 - 2014-09-24 13:40 - 00000000 ____D () d:\data\All Users\Application Data\Browser AdBlocker
2014-09-24 13:40 - 2006-10-18 07:56 - 00000000 __RHD () d:\data\All Users\Application Data
2014-09-24 13:01 - 2007-09-01 04:07 - 00000000 __SHD () C:\WINNT\CSC
2014-09-23 16:57 - 2008-06-16 13:21 - 00000000 ____D () C:\Program Files\Google
2014-09-23 16:44 - 2006-10-18 11:51 - 00002206 _____ () C:\WINNT\system32\wpa.dbl
2014-09-19 14:38 - 2014-06-21 03:03 - 00004205 _____ () C:\WINNT\setupapi.log
2014-09-09 21:40 - 2014-09-09 21:40 - 00000000 ____D () d:\data\All Users\Application Data\ISavEr
2014-09-09 21:12 - 2009-04-28 03:00 - 00000000 ____D () C:\Quarantine
2014-08-28 21:41 - 2011-08-30 08:29 - 00001024 ____H () d:\data\Admin\ntuser.dat.LOG
2014-08-28 21:41 - 2009-09-21 09:36 - 00001024 ____H () d:\data\administrator.3YFK943Z\ntuser.dat.LOG
2014-08-28 21:41 - 2009-06-26 18:24 - 00001024 ____H () d:\data\tpritcha\ntuser.dat.LOG
2014-08-28 21:41 - 2008-12-02 19:44 - 00001024 ____H () d:\data\stozin\ntuser.dat.LOG
2014-08-28 21:41 - 2008-05-08 00:39 - 00001024 ____H () d:\data\sserebre\ntuser.dat.LOG
2014-08-28 21:41 - 2007-09-01 04:07 - 00001024 ____H () d:\data\wksbuild\ntuser.dat.LOG
2014-08-28 21:41 - 2007-08-31 14:20 - 00001024 ____H () d:\data\tmaloof\ntuser.dat.LOG
2014-08-28 21:41 - 2007-03-20 16:44 - 00001024 ____H () d:\data\Administrator\ntuser.dat.LOG
2014-08-28 17:27 - 2014-08-28 17:27 - 00000000 ____D () d:\data\NetworkService\Application Data\Yahoo!
2014-08-28 17:27 - 2009-06-17 14:10 - 00000284 _____ () C:\WINNT\Tasks\AppleSoftwareUpdate.job
2014-08-28 17:27 - 2007-03-20 16:43 - 00000000 ____D () d:\data\NetworkService\Application Data
2014-08-28 16:39 - 2009-10-26 14:15 - 00001324 _____ () C:\WINNT\system32\d3d9caps.dat
2014-08-26 16:07 - 2011-09-03 12:52 - 00000000 ___HD () d:\data\rainmaker\Application Data
2014-08-26 16:05 - 2014-08-26 15:40 - 00000827 _____ () d:\data\rainmaker\Application Data\LiveSupport.exe_log.txt
2014-08-26 16:05 - 2014-08-26 15:40 - 00000082 _____ () d:\data\rainmaker\Application Data\regsvr32.exe_log.txt
2014-08-26 16:05 - 2011-09-03 12:52 - 00000000 __SHD () d:\data\rainmaker\Cookies
2014-08-26 15:50 - 2014-08-26 15:50 - 00000775 _____ () d:\data\rainmaker\Application Data\Explorer.EXE_log.txt
2014-08-26 15:41 - 2014-08-26 15:41 - 00000000 ____D () d:\data\All Users\Application Data\Search-NeewTab
2014-08-26 15:41 - 2014-08-26 15:41 - 00000000 ____D () C:\Program Files\Search-NeewTab
2014-08-26 15:41 - 2014-06-08 13:21 - 00000000 ____D () d:\data\rainmaker\AppData\LocalLow
2014-08-26 15:40 - 2014-08-26 15:40 - 00000000 ____D () d:\data\All Users\Application Data\VenusApp Software
2014-08-26 15:40 - 2014-08-26 15:40 - 00000000 ____D () C:\Program Files\SW-Booster
2014-08-26 15:40 - 2014-08-26 15:37 - 00000000 ____D () d:\data\All Users\Application Data\InstallMate
2014-08-26 15:39 - 2014-08-26 15:39 - 00000000 ____D () C:\Program Files\Adblocker
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () C:\Program Files\pricecHop
2014-08-26 15:38 - 2014-06-18 13:30 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-06-18 12:55 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Google
2014-08-26 15:38 - 2012-07-03 08:22 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Google
2014-08-26 15:38 - 2011-09-03 12:52 - 00000000 ___HD () d:\data\rainmaker\Local Settings\Application Data
2014-08-26 15:38 - 2011-08-30 08:29 - 00000000 ___HD () d:\data\Admin\Local Settings\Application Data
2014-08-26 15:38 - 2009-09-21 09:36 - 00000000 ___HD () d:\data\administrator.3YFK943Z\Local Settings\Application Data
2014-08-26 15:38 - 2007-03-20 17:11 - 00000000 ___HD () C:\WINNT\system32\GroupPolicy
2014-08-26 15:38 - 2007-03-20 16:44 - 00000000 ___HD () d:\data\Administrator\Local Settings\Application Data
 
Some content of TEMP:
====================
d:\data\administrator.3YFK943Z\Local Settings\temp\Quarantine.exe
d:\data\rainmaker\Local Settings\temp\bpuninstall.exe
d:\data\rainmaker\Local Settings\temp\LiveSupport_setup.exe
d:\data\rainmaker\Local Settings\temp\optprosetup.exe
d:\data\rainmaker\Local Settings\temp\Yahoo Messenger Password Hacker.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINNT\explorer.exe => File is digitally signed
C:\WINNT\system32\winlogon.exe => File is digitally signed
C:\WINNT\system32\svchost.exe => File is digitally signed
C:\WINNT\system32\services.exe => File is digitally signed
C:\WINNT\system32\User32.dll => File is digitally signed
C:\WINNT\system32\userinit.exe => File is digitally signed
C:\WINNT\system32\rpcss.dll => File is digitally signed
C:\WINNT\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-09-2014 01
Ran by rainmaker at 2014-09-25 14:10:23
Running from d:\data\rainmaker\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4C06 - VPN 5.01 (HKLM\...\{C5D854EC-B8C9-4DF6-BE66-EBD66090DE4E}) (Version: 1.0.970 - RBC - 4C06)
6F02 - Windows Update Agent 2.0 x32 (HKLM\...\{69BD5ED9-F72C-4A70-B00D-DA348E710B0D}) (Version: 5.8.0.2694 - RBC - 6F02)
6F02 - Windows Update Agent 3.0 (HKLM\...\{A1E4084A-D61E-487B-83C8-53DBD5A95E60}) (Version: 3.0.1047 - RBC - 6F02)
6F90 - MSI Team Tools  (HKLM\...\{AC92E21F-481A-439E-A364-935790374469}) (Version: 1.0.1010 - RBC - 6F90)
6FGL - CorporateBranding - FONTS Only (HKLM\...\{C791C4C2-3227-479D-B586-B226A509EBF2}) (Version: 2.01.00 - RBC COE)
6N85 - MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - RBC - 6N85)
6N89 - Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - RBC - 6N89 (Adobe Systems, Inc.))
6N95 - J2SE Runtime Environment 5.0 Update 11 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150110}) (Version: 1.5.0.110 - RBC - 6N95 (Sun Microsystems, Inc.))
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version:  - )
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Reader 8.1.7 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.7 - RBC - 5D01 (Adobe Systems Incorporated))
AOL Toolbar (HKCU\...\AOL Toolbar) (Version:  - )
Apple Mobile Device Support (HKLM\...\{8355F970-601D-442D-A79B-1D7DB4F24CAD}) (Version: 2.5.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Bitcasa version 1.1.6.18 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 1.1.6.18 - Bitcasa Inc.)
Bloomberg DDE Server (HKLM\...\Bloomberg DDE Server) (Version:  - )
Bloomberg Excel Tools (HKLM\...\Bloomberg Excel Tools) (Version:  - )
Bloomberg Keyboard v8.5 (HKLM\...\Bloomberg Keyboard v8.5) (Version: v8.5 - Bloomberg L.P.)
Bloomberg PFM Upload Tool for Microsoft Excel (HKLM\...\Bloomberg PFM Upload Tool for Microsoft Excel) (Version:  - )
Bloomberg Report Viewer (CR) (HKLM\...\Bloomberg Report Viewer_is1) (Version: 1.0 - Bloomberg L.P.)
Bloomberg SFD Data Dictionary (HKLM\...\Bloomberg SFD Data Dictionary) (Version:  - )
Bloomberg, V.09.07.07 (HKLM\...\Bloomberg, V.09.07.07) (Version:  - )
Borland Database Engine (HKLM\...\{7719052E-B34A-4805-9B6E-E4BC2FCB0CC0}) (Version: 5.2 - LoanPerformance)
Client for Microsoft Office SharePoint Portal Server 2003 (HKLM\...\{21B9D2F9-1CE7-4CDA-9D0D-28EB96565D25}) (Version: 11.0.5704.0 - Microsoft)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6215.1000 - Microsoft Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
IBM Rescue and Recovery with Rapid Restore (HKLM\...\{11783F13-C3A9-44A8-929B-21A476F65272}) (Version: 2.04.0182.011 - IBM)
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.141 - InterVideo Inc.)
iPassConnect (HKLM\...\{AB6FFA58-F491-11D3-8951-000000034735}) (Version:  - )
ISavEr (HKLM\...\{F1422DAA-0829-09A1-7536-73936CAB8FFA}) (Version:  - Isavver) <==== ATTENTION
iTunes (HKLM\...\{5D601655-6D54-4384-B52C-17EC5385FBBD}) (Version: 8.2.0.23 - Apple Inc.)
Liquid XML Studio 2010 (HKLM\...\Liquid XML Studio 2010) (Version: 8.0.6.1970 - Liquid Technologies Limited)
Liquid XML Studio 2010 (Version: 8.0.6.1970 - Liquid Technologies Limited) Hidden
LoanPerformance RiskModel 3.1.6 (HKLM\...\{A58D887D-A71D-4C08-A21B-30585EA4CB48}) (Version: 3.1.6 - LoanPerformance)
LoanPerformance RiskModel 4.0 (HKLM\...\{70B2220F-2DB7-4A20-AA83-2ABC7087487B}) (Version: 4.0.3 - LoanPerformance)
LoanPerformance RiskModel 4.0 (HKLM\...\{CA44D7AD-8EB6-4F35-9CC5-59079CAD7113}) (Version: 4.0.3 - LoanPerformance)
McAfee AntiSpyware Enterprise Module (HKLM\...\McAfee Anti-Spyware Enterprise Module) (Version: 8.5.0.163 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM\...\{35C03C04-3F1F-42C2-A989-A757EE691F65}) (Version: 8.6.0 - McAfee, Inc.)
Microsoft .NET Framework (English) (Version: 1.0.3705 - Microsoft) Hidden
Microsoft .NET Framework (English) v1.0.3705 (HKLM\...\Microsoft .NET Framework Full v1.0.3705 (1033)) (Version:  - )
Microsoft .NET Framework 1.0 Hotfix (KB891864) (HKLM\...\M891864) (Version:  - )
Microsoft .NET Framework 1.0 Hotfix (KB928367) (HKLM\...\M928367) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Hotfix (KB891865) (HKLM\...\M891865) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB953297) (HKLM\...\M953297) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft External Out of Office Assistant (HKLM\...\externaloof) (Version:  - )
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (HKLM\...\VISPROR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio Viewer 2003 (English) (HKLM\...\{90520409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.3709.5614 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 2.0.30523.8 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{2243F21A-E132-44F7-BA13-024D0845C815}) (Version: 8.05.1704 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.00.1399.06 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.00.1399.06 - Microsoft Corporation) Hidden
Microsoft SQL Server Management Studio Express (HKLM\...\{A4512736-8D63-4298-9271-5329931FA46B}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{BF251EAF-8697-4E89-BF09-C998F97BBC40}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1CBE3804-20DF-48DA-B048-895C206E80A5}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
NK04 - VirusScan (HKLM\...\{CB8BC782-6143-423F-8458-BEA64FB868E5}) (Version: 1.1.1020 - RBC - NK04)
Nortel Networks TunnelGuard (HKLM\...\{5650A422-0789-473F-B2C7-6C3D10CC9FFB}) (Version: 2.0.0.0 - Nortel Networks)
QuickTime (HKLM\...\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}) (Version: 7.62.14.0 - Apple Inc.)
Remote Access VPN Client (HKLM\...\{EF964A78-078C-11D1-B7A7-0000C0134CE6}) (Version:  - )
Remove Hidden Data Tool (HKLM\...\{90F80409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6058.0 - Microsoft Corporation)
Safari (HKLM\...\{C5C649A8-1D21-4C83-9B08-7B3752E580F4}) (Version: 4.30.17.0 - Apple Inc.)
Search-NeewTab (HKLM\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version: 4.1.0.1540 - Search-NewTab) <==== ATTENTION
SMS Advanced Client (Version: 2.50.4160.2000 - Microsoft Corporation) Hidden
Snapshot Viewer (HKLM\...\{880D04DD-660B-4F4F-940A-F4DB6C95DE35}) (Version: 1.0.850 - RBC - 6N02)
Sothink Flash Downloader for Browser (HKLM\...\{888DEFB8-CFCE-43FE-A7C8-9B18C4450719}_is1) (Version:  - SourceTec Software Co., LTD)
Sothink SWF Catcher (HKLM\...\{49273419-5179-4866-9F71-5CF346F302CF}_is1) (Version: 2.6 - SourceTec Software Co., LTD)
Sothink SWF Decompiler (HKLM\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.3 - SourceTec Software Co., LTD)
Sothink SWF Editor (HKLM\...\{0BF1DE3D-31B9-417F-A915-4BCC5AAEE3CD}_is1) (Version: 1.3 - SourceTec Software Co., LTD)
SW-Booster (HKLM\...\S-787344154) (Version: 2.0.0.1591 - PremiumSoft) <==== ATTENTION
SW-Sustainer 1.80 (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c67abfdb}) (Version:  - Certified Publisher) <==== ATTENTION
TextPad 5 (HKLM\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.3.1 - Helios)
ThinkPad Configuration (HKLM\...\{FC081D4D-DF1B-4CF1-B530-027E4118D846}) (Version: 1.51 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 1.16 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.33 - )
ThinkPad Power Manager (HKLM\...\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}) (Version: 1.12 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 7.5.17.18 - )
ThinkPad UltraNav Wizard (HKLM\...\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}) (Version: 3.03 - )
ThinkVantage Active Protection System (HKLM\...\{72806716-7088-41B2-8FA6-717A2A164DAB}) (Version: 1.40 - )
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB908531) (HKLM\...\KB908531) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB911280) (HKLM\...\KB911280) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB925720) (HKLM\...\KB925720) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB927891) (HKLM\...\KB927891) (Version: 3 - Microsoft Corporation)
Update for Windows XP (KB931836) (HKLM\...\KB931836) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB932823-v3) (HKLM\...\KB932823-v3) (Version: 3 - Microsoft Corporation)
Update for Windows XP (KB946627) (HKLM\...\KB946627) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB978207) (HKLM\...\KB978207) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version:  - WebEx Communications, Inc)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Media Player Enterprise Deployment (Version: 10.0.0.3802 - Microsoft Corporation) Hidden
Windows XP Hotfix - KB873333 (HKLM\...\KB873333) (Version: 20050114.005213 - Microsoft Corporation)
Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation)
Windows XP Hotfix - KB883667 (HKLM\...\KB883667) (Version: 20040812.104354 - Microsoft Corporation)
Windows XP Hotfix - KB885250 (HKLM\...\KB885250) (Version: 20050118.202711 - Microsoft Corporation)
Windows XP Hotfix - KB885453 (HKLM\...\KB885453) (Version: 20040924.183555 - Microsoft Corporation)
Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation)
Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation)
Windows XP Hotfix - KB888113 (HKLM\...\KB888113) (Version: 20041116.131036 - Microsoft Corporation)
Windows XP Hotfix - KB888302 (HKLM\...\KB888302) (Version: 20041207.111426 - Microsoft Corporation)
Windows XP Hotfix - KB890047 (HKLM\...\KB890047) (Version: 20041221.124506 - Microsoft Corporation)
Windows XP Hotfix - KB890175 (HKLM\...\KB890175) (Version: 20041201.233338 - Microsoft Corporation)
Windows XP Hotfix - KB890859 (HKLM\...\KB890859) (Version: 1 - Microsoft Corporation)
Windows XP Hotfix - KB891781 (HKLM\...\KB891781) (Version: 20050110.165439 - Microsoft Corporation)
Windows XP Hotfix - KB893066 (HKLM\...\KB893066) (Version: 1 - Microsoft Corporation)
Windows XP Hotfix - KB893086 (HKLM\...\KB893086) (Version: 1 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip v9.0 (HKLM\...\{B233F2BB-F1D0-460F-88E0-5C19C9132B1A}) (Version: 9.0.930 - RBC - KC10)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
YES1 - Sygate Personal Firewall   (HKLM\...\{AD93A3B7-3AE5-4A99-B9DD-236075A747BE}) (Version: 1.0.970 - RBC)
YKG1 - Centra Client (HKLM\...\{5FC0907C-69A4-4DED-95C8-54F58784C8E7}) (Version: 1.0.970 - RBC - YKG1)
YKJ2 - Central Configuration Utility (HKLM\...\{95AACF74-B3F5-463B-85D8-D2B76339E735}) (Version: 1.0.1010 - RBC - YKJ2)
YLM2 - RBC Enterprise Library (HKLM\...\{4D95051A-A4EE-4EC9-816C-6461A09BF79D}) (Version: 1.0.930 - RBC - YLM2)
YLM7 - RBC Enterprise Library 2.0 (HKLM\...\{71F5D26D-4836-4124-85AE-48D3DB450DB9}) (Version: 1.0.970 - RBC - YLM7)
YND1 - Symantec Enterprise Vault Outlook Add-In (HKLM\...\{68E9F885-3B73-4884-A598-31FC2C7F8E63}) (Version: 7.5.1250 - RBC - YND1 (Symantec Corporation))
YNX3 - Desktop/Laptop Cisco Wireless Drivers (HKLM\...\{D3E95890-DE97-4A4C-89DC-6056A62619AE}) (Version: 1.0.980 - RBC - YNX3)
YNX4 - Intel Wireless Drivers (HKLM\...\{1B0FAEF9-0E29-41AB-BDBF-E443DB5DE609}) (Version: 1.0.1010 - RBC - YNX4)
YRU4 - Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4693 - )
YSOG - T60 BIOS Code (HKLM\...\{FDB42124-1AAA-42E4-B6D5-46652BF58150}) (Version: 1.0.1010 - RBC - YSOG)
YSOK - CMOS Files (HKLM\...\{96434172-9754-4BC9-A317-10E69F1349FC}) (Version: 1.0.980 - RBC - YSOK)
Zinio Reader 4 (HKLM\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.2.3972 - Zinio LLC)
Zinio Reader 4 (Version: 4.2.3972 - Zinio LLC) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll No File
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-10-18 11:49 - 2014-06-21 08:27 - 00000098 ____A C:\WINNT\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINNT\Tasks\Adobe Flash Player Updater.job => C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINNT\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINNT\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINNT\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINNT\Tasks\SW-Booster-S-787344154.job => d:\data\all users\application data\venusapp software\sw-booster\SW-Booster.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2007-09-01 02:55 - 2006-02-01 16:09 - 00024576 ____N () C:\WINNT\system32\tphklock.dll
2007-09-01 02:55 - 2005-11-11 02:33 - 00073782 ____N () C:\WINNT\system32\ibmpmsvc.exe
2014-08-26 15:40 - 2014-08-26 15:40 - 04296192 _____ () c:\Program Files\SW-Booster\Assistant.dll
2014-08-26 15:40 - 2014-08-26 15:40 - 00174928 _____ () c:\Program Files\SW-Booster\AssistantSvc.dll
2005-10-06 23:18 - 2005-10-06 23:18 - 00385024 ____N () C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
2009-04-25 11:37 - 2007-12-14 15:06 - 00120128 _____ () C:\Program Files\Network Associates\Common Framework\naXML2_71.dll
2009-04-25 11:37 - 2007-12-14 15:06 - 00156992 _____ () C:\Program Files\Network Associates\Common Framework\naisign2.DLL
2006-11-30 08:50 - 2006-11-30 08:50 - 00149080 _____ () C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 01159289 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\client\jvm.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00028787 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\hpi.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00057449 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\verify.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00102511 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\java.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00053360 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\zip.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00057451 ____R () C:\Program Files\Nortel Networks\TunnelGuard\jre\bin\net.dll
2005-09-06 16:50 - 2005-09-06 16:50 - 00077824 ____N () C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIcon.DLL
2014-06-18 16:36 - 2014-02-21 13:16 - 00265216 _____ () C:\Program Files\Bitcasa\ExplorerMenu.dll
2014-06-18 16:36 - 2014-02-21 13:06 - 02064896 _____ () C:\Program Files\Bitcasa\bitcasaui.dll
2007-09-01 03:59 - 2005-12-07 02:12 - 00036864 ____N () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
2007-09-01 03:59 - 2005-12-07 02:12 - 00073728 ____N () C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
2011-08-30 20:54 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2014-08-26 15:40 - 2014-08-26 15:40 - 01082880 _____ () d:\data\all users\application data\venusapp software\sw-booster\SW-Booster.exe
2007-09-01 02:55 - 2006-02-01 16:09 - 00094208 ____N () C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
2007-09-01 02:55 - 2006-02-01 16:09 - 00077824 ____N () C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
2009-04-25 19:16 - 2006-11-06 14:00 - 00651264 _____ () C:\Program Files\iPass\iPassConnect\LIBEAY32.dll
2006-10-18 11:48 - 2004-08-04 00:56 - 00059904 ____N () C:\WINNT\system32\devenum.dll
2006-10-18 11:50 - 2004-08-04 00:56 - 00014336 ____N () C:\WINNT\system32\msdmo.dll
2011-08-30 08:46 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2014-06-18 13:02 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-18 13:02 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-18 13:02 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-21 21:43 - 2014-07-08 08:18 - 14663856 _____ () d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Could not list accounts.
Could not list accounts. Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/25/2014 02:05:34 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.
 
Error: (09/25/2014 02:05:27 PM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
 
Error: (09/25/2014 02:05:20 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 17190) (User: )
Description: FallBack certificate initialization failed with error code: 1.
 
Error: (09/25/2014 02:05:04 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: WinMgmt could not initialize the core parts.  This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.
 
Error: (09/25/2014 02:04:32 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
 
Error: (09/25/2014 01:55:12 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.
 
Error: (09/25/2014 01:54:53 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 17190) (User: )
Description: FallBack certificate initialization failed with error code: 1.
 
Error: (09/25/2014 01:54:43 PM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
 
Error: (09/25/2014 01:54:42 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: WinMgmt could not initialize the core parts.  This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.
 
Error: (09/25/2014 01:54:10 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
 
 
System errors:
=============
Error: (09/25/2014 02:08:51 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.
 
Error: (09/25/2014 02:05:06 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.
 
Error: (09/25/2014 02:05:02 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.6 for the Network Card with network address 001B773DA319 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (09/25/2014 02:04:48 PM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0) disappeared from the system without first being prepared for removal.
 
Error: (09/25/2014 02:04:32 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain OAK due to the following: 
%%1311.
 
Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.
 
Error: (09/25/2014 01:54:23 PM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0) disappeared from the system without first being prepared for removal.
 
Error: (09/25/2014 01:54:10 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain OAK due to the following: 
%%1311.
 
Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.
 
Error: (09/25/2014 01:47:52 PM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0) disappeared from the system without first being prepared for removal.
 
Error: (09/25/2014 01:47:36 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain OAK due to the following: 
%%1311.
 
Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.
 
Error: (09/24/2014 10:33:33 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906).
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ Duo CPU T2400 @ 1.83GHz
Percentage of memory in use: 68%
Total physical RAM: 1526.36 MB
Available physical RAM: 476.54 MB
Total Pagefile: 4225.84 MB
Available Pagefile: 3092.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.82 MB
 
==================== Drives ================================
 
Drive c: (COE) (Fixed) (Total:60.45 GB) (Free:21.87 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (DATA) (Fixed) (Total:32.7 GB) (Free:6.11 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 93.2 GB) (Disk ID: DAEEECAE)
Partition 1: (Active) - (Size=60.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=32.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#9
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

FRST.gif Fix with Farbar Recovery Scan Tool



icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    
    () D:\data\All Users\Application Data\VenusApp Software\SW-Booster\SW-Booster.exe
    
    HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
    
    HKLM\...\Winlogon: [UIHost] logonui.exe [x ] ()
    
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    
    SearchScopes: HKLM - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fly...616&lg=EN&cc=US
    
    SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fly...616&lg=EN&cc=US
    
    SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fly...616&lg=EN&cc=US
    
    SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fly...616&lg=EN&cc=US
    
    BHO: Search-NeewTab -> {1D2F45C0-E723-C694-063B-A958023E9A1B} -> C:\Program Files\Search-NeewTab\0trWpx5X.dll ()
    
    BHO: ISavEr -> {48A88D8E-873A-2452-ACF4-2FD4456C5CD2} -> d:\data\All Users\Application Data\ISavEr\HqIxdafdhd.dll ()
    
    FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
    
    FF Keyword.URL: hxxp://websearch.flyandsearch.info/?pid=724&r=2014/08/26&hid=5238787093181005616&lg=EN&cc=US&l=1&q=
    
    FF SearchPlugin: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\WebSearch.xml
    
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/
    
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/
    
    FF Homepage: hxxp://search.easylifeapp.com/
    
    FF SearchEngineOrder.1: WebSearch
    
    FF DefaultSearchEngine: WebSearch
    
    FF SelectedSearchEngine: WebSearch
    
    CHR HomePage: Default -> hxxp://search.easylifeapp.com/
    
    CHR StartupUrls: Default -> "hxxp://search.easylifeapp.com/"
    
    CHR DefaultSearchKeyword: Default -> websearch
    
    CHR DefaultSearchProvider: Default -> WebSearch
    
    CHR DefaultSearchURL: Default -> http://websearch.fly...616&lg=EN&cc=US
    
    CHR DefaultSuggestURL: Default -> http://localhost
    
    FF Keyword.URL: hxxp://websearch.flyandsearch.info/?pid=724&r=2014/08/26&hid=5238787093181005616&lg=EN&cc=US&l=1&q=
    
    FF SearchPlugin: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\WebSearch.xml
    
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    
    R2 c67abfdb; c:\Program Files\SW-Booster\AssistantSvc.dll [174928 2014-08-26] () [File not signed]
    
    c:\Program Files\SW-Booster\AssistantSvc.dll
    
    2014-09-25 14:02 - 2014-09-25 14:02 - 00000000 ____D () C:\Program Files\TAkeuTheCoUpOOn
    
    2014-09-25 14:02 - 2014-09-25 14:02 - 00000000 ____D () C:\Program Files\FFindBeestDoeeall
    
    2014-09-24 13:40 - 2014-09-24 13:40 - 00000000 ____D () d:\data\All Users\Application Data\Browser AdBlocker
    
    2014-09-24 13:16 - 2014-09-25 14:04 - 00000000 ____D () d:\data\All Users\Application Data\TAkeuTheCoUpOOn
    
    2014-09-19 14:00 - 2014-09-25 14:04 - 00000000 ____D () d:\data\All Users\Application Data\FFindBeestDoeeall
    
    2014-09-09 21:40 - 2014-09-09 21:40 - 00000000 ____D () d:\data\All Users\Application Data\ISavEr
    
    2014-08-26 15:50 - 2014-08-26 15:50 - 00000775 _____ () d:\data\rainmaker\Application Data\Explorer.EXE_log.txt
    
    2014-08-26 15:41 - 2014-08-26 15:41 - 00000000 ____D () d:\data\All Users\Application Data\Search-NeewTab
    
    2014-08-26 15:41 - 2014-08-26 15:41 - 00000000 ____D () C:\Program Files\Search-NeewTab
    
    2014-08-26 15:40 - 2014-09-25 14:04 - 00000564 ____H () C:\WINNT\Tasks\SW-Booster-S-787344154.job
    
    2014-08-26 15:40 - 2014-08-26 16:05 - 00000827 _____ () d:\data\rainmaker\Application Data\LiveSupport.exe_log.txt
    
    2014-08-26 15:40 - 2014-08-26 16:05 - 00000082 _____ () d:\data\rainmaker\Application Data\regsvr32.exe_log.txt
    
    2014-08-26 15:40 - 2014-08-26 15:40 - 00000000 ____D () d:\data\All Users\Application Data\VenusApp Software
    
    2014-08-26 15:40 - 2014-08-26 15:40 - 00000000 ____D () C:\Program Files\SW-Booster
    
    2014-08-26 15:39 - 2014-09-25 14:04 - 00000000 ____D () d:\data\All Users\Application Data\Adblocker
    
    2014-08-26 15:39 - 2014-08-26 15:39 - 00000000 ____D () C:\Program Files\Adblocker
    
    2014-08-26 15:38 - 2014-09-25 14:02 - 00000000 ____D () d:\data\All Users\Application Data\3eda283a8b7b0d3d
    
    2014-08-26 15:38 - 2014-09-25 13:53 - 00000000 ____D () d:\data\All Users\Application Data\pricecHop
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Torch
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Google
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Comodo
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Chromatic Browser
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Torch
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Comodo
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Chromatic Browser
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Torch
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Google
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Comodo
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Chromatic Browser
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Torch
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Google
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Comodo
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Chromatic Browser
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Torch
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Google
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Comodo
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Chromatic Browser
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Torch
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Google
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Comodo
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Chromatic Browser
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Torch
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Comodo
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Chromatic Browser
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Torch
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Comodo
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Chromatic Browser
    
    2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () C:\Program Files\pricecHop
    
    2014-08-26 15:37 - 2014-08-26 15:40 - 00000000 ____D () d:\data\All Users\Application Data\InstallMate
    
    EmptyTemp:
    
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!


  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 

 

adwcleaner_new.png Scan with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.
 
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.
 
Please include the contents of that file in your reply.
 
JRTbythisisu.png Fix with Junkware Removal Tool
 
Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
 
Please include the contents of that file in your reply.
 
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.



  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    
    process;
    
    services-list;
    
    systemspecs;
    
    startupall;
    
    skipfix-iedefaults;
    
    firefoxlook;
    
    chromelook;
    
    filesrcm;
    
    installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

 


  • 0

#10
amanda222

amanda222

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

thanks.  I am traveling for work, but will perform these fixes this weekend.  Please keep this thread open.  thanks


  • 0

Advertisements


#11
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

No problem :)


  • 0

#12
amanda222

amanda222

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

OK ran all the items you included.  Below are the logs.  For reference, still getting the pop-ups like before.  Please advise.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-09-2014
Ran by rainmaker at 2014-09-27 14:17:16 Run:1
Running from d:\data\rainmaker\Desktop
Loaded Profile: rainmaker (Available profiles: administrator & rainmaker & Admin & rbcadmin)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
() D:\data\All Users\Application Data\VenusApp Software\SW-Booster\SW-Booster.exe HKLM\...\Winlogon: [Shell] Explorer.exe [x ] () HKLM\...\Winlogon: [UIHost] logonui.exe [x ] () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION SearchScopes: HKLM - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fly...616&lg=EN&cc=US SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fly...616&lg=EN&cc=US SearchScopes: HKCU - Defaul
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
 
==== End of Fixlog 
 
 
 
 
# AdwCleaner v3.310 - Report created 27/09/2014 at 15:05:05
# Updated 12/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : rainmaker - 3YFK943Z
# Running from : D:\data\rainmaker\Desktop\adwcleaner_3.310.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : c67abfdb
 
***** [ Files / Folders ] *****
 
Folder Deleted : d:\data\All Users\Application Data\Adblocker
Folder Deleted : d:\data\All Users\Application Data\Isaver
Folder Deleted : d:\data\All Users\Application Data\pastaleads
Folder Deleted : d:\data\All Users\Application Data\Browser AdBlocker
Folder Deleted : d:\data\All Users\Application Data\FFindBeestDoeeall
Folder Deleted : d:\data\All Users\Application Data\pricecHop
Folder Deleted : d:\data\All Users\Application Data\Search-NeewTab
Folder Deleted : d:\data\All Users\Application Data\TAkeuTheCoUpOOn
Folder Deleted : C:\Program Files\Adblocker
[!] Folder Deleted : C:\Program Files\sw-booster
Folder Deleted : C:\Program Files\FFindBeestDoeeall
Folder Deleted : C:\Program Files\pricecHop
Folder Deleted : C:\Program Files\Search-NeewTab
Folder Deleted : C:\Program Files\TAkeuTheCoUpOOn
Folder Deleted : d:\data\Admin\Local Settings\Application Data\Chromatic Browser
Folder Deleted : d:\data\Admin\Local Settings\Application Data\torch
Folder Deleted : d:\data\Administrator\Local Settings\Application Data\Chromatic Browser
Folder Deleted : d:\data\Administrator\Local Settings\Application Data\torch
Folder Deleted : d:\data\administrator.3YFK943Z\Local Settings\Application Data\Chromatic Browser
Folder Deleted : d:\data\administrator.3YFK943Z\Local Settings\Application Data\torch
Folder Deleted : d:\data\ASPNET\Local Settings\Application Data\Chromatic Browser
Folder Deleted : d:\data\ASPNET\Local Settings\Application Data\torch
Folder Deleted : d:\data\Guest\Local Settings\Application Data\Chromatic Browser
Folder Deleted : d:\data\Guest\Local Settings\Application Data\torch
Folder Deleted : d:\data\HelpAssistant\Local Settings\Application Data\Chromatic Browser
Folder Deleted : d:\data\HelpAssistant\Local Settings\Application Data\torch
Folder Deleted : d:\data\rainmaker\Local Settings\Application Data\Chromatic Browser
Folder Deleted : d:\data\rainmaker\Local Settings\Application Data\torch
Folder Deleted : d:\data\rainmaker\Application Data\key-find
Folder Deleted : d:\data\rainmaker\My Documents\Optimizer Pro
Folder Deleted : d:\data\rbc_troppus\Local Settings\Application Data\Chromatic Browser
Folder Deleted : d:\data\rbc_troppus\Local Settings\Application Data\torch
[!] Folder Deleted : d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\rbc_troppus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\rbc_troppus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\rbc_troppus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\rbc_troppus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\rbc_troppus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\rbc_troppus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\rbc_troppus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\rbc_troppus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\rbc_troppus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\rbc_troppus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\rbc_troppus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\rbc_troppus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\rbc_troppus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alioefkolglbfadbpppinabakdenhbnh
[!] Folder Deleted : d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
[!] Folder Deleted : d:\data\rbc_troppus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnbgbfbcpejlhmdeppoadnfciigbofp
File Deleted : C:\WINNT\system32\config\pastalea.evt
File Deleted : d:\data\rainmaker\Application Data\Explorer.EXE_log.txt
File Deleted : d:\data\rainmaker\Application Data\LiveSupport.exe_log.txt
File Deleted : d:\data\rainmaker\Application Data\regsvr32.exe_log.txt
File Deleted : d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\WebSearch.xml
File Deleted : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_static.livelyrics00.live-lyrics.com_0.localstorage
File Deleted : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_static.livelyrics00.live-lyrics.com_0.localstorage-journal
File Deleted : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : SW-Booster-S-787344154
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Optimizer Pro v3.2
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [FLV Player]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [livesupport]
Key Deleted : HKLM\SOFTWARE\Classes\Search-NewTab.Search-NewTab
Key Deleted : HKLM\SOFTWARE\Classes\Search-NewTab.Search-NewTab.2.1
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-787344154
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c67abfdb}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1D2F45C0-E723-C694-063B-A958023E9A1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9d91ea96-d5d8-42bf-a426-0f7a7a0cb266}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{d952ea12-cc2f-46b5-88e7-4179eb3ca828}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D2F45C0-E723-C694-063B-A958023E9A1B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1420D09-ACC8-4EFD-9965-E7AE3C5B977C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D2F45C0-E723-C694-063B-A958023E9A1B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E1420D09-ACC8-4EFD-9965-E7AE3C5B977C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D2F45C0-E723-C694-063B-A958023E9A1B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D2F45C0-E723-C694-063B-A958023E9A1B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9d91ea96-d5d8-42bf-a426-0f7a7a0cb266}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d952ea12-cc2f-46b5-88e7-4179eb3ca828}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Re_Markit
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\suprasavings
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\SW-Booster
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\sw-boo~1\assist~1.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : d:\data\Admin\Application Data\Mozilla\Firefox\Profiles\ilojflhm.default\prefs.js ]
 
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.easylifeapp.com/");
 
[ File : d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\prefs.js ]
 
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.easylifeapp.com/");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.flyandsearch.info/?pid=724&r=2014/08/26&hid=5238787093181005616&lg=EN&cc=US&l=1&q=");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.flyandsearch.info/?pid=724&r=2014/08/26&hid=5238787093181005616&lg=EN&cc=US&l=1&q=");
 
-\\ Google Chrome v35.0.1916.153
 
[ File : d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Startup_urls] : hxxp://search.easylifeapp.com/
Deleted [Homepage] : hxxp://search.easylifeapp.com/
Deleted [Extension] : alioefkolglbfadbpppinabakdenhbnh
Deleted [Extension] : pdnbgbfbcpejlhmdeppoadnfciigbofp
 
[ File : d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Startup_urls] : hxxp://search.easylifeapp.com/
Deleted [Homepage] : hxxp://search.easylifeapp.com/
Deleted [Extension] : alioefkolglbfadbpppinabakdenhbnh
Deleted [Extension] : pdnbgbfbcpejlhmdeppoadnfciigbofp
 
[ File : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3326225&octid=EB_ORIGINAL_CTID&ISID=MF3D7D2C6-B59E-4507-9F7F-187D17A8F50D&SearchSource=58&CUI=&UM=2&UP=SPDF2A3D68-E727-44D2-8D9C-8AE5765767A1&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://websearch.flyandsearch.info/?l=1&q={searchTerms}&pid=724&r=2014/08/26&hid=5238787093181005616&lg=EN&cc=US
Deleted [Startup_urls] : hxxp://search.easylifeapp.com/
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
AdwCleaner[R0].txt - [12898 octets] - [14/01/2014 13:44:38]
AdwCleaner[R1].txt - [22179 octets] - [23/03/2014 22:17:10]
AdwCleaner[R2].txt - [6971 octets] - [25/03/2014 21:05:38]
AdwCleaner[R3].txt - [2535 octets] - [21/06/2014 08:33:59]
AdwCleaner[R4].txt - [27360 octets] - [27/09/2014 14:24:57]
AdwCleaner[S0].txt - [13294 octets] - [14/01/2014 13:46:37]
AdwCleaner[S1].txt - [6005 octets] - [25/03/2014 21:07:22]
AdwCleaner[S2].txt - [2638 octets] - [21/06/2014 08:44:53]
AdwCleaner[S3].txt - [27421 octets] - [27/09/2014 15:05:06]
 
########## EOF - d:\AdwCleaner\AdwCleaner[S3].txt - [27482 octets] ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.3 (09.27.2014:1)
OS: Microsoft Windows XP x86
Ran by rainmaker on 2014/09/27 at 15:12:40.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A88D8E-873A-2452-ACF4-2FD4456C5CD2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{48A88D8E-873A-2452-ACF4-2FD4456C5CD2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{48A88D8E-873A-2452-ACF4-2FD4456C5CD2}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] d:\data\rainmaker\Application Data\mozilla\firefox\profiles\0gqxbqod.default\extensions\staged
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014/09/27 at 15:17:39.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
Zoek.exe v5.0.0.0 Updated 27-09-2014
Tool run by rainmaker on 2014/09/27 at 15:22:15.25.
 
Running in: Normal Mode Internet Access Detected
Launched: d:\data\rainmaker\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
d:\zoek-results2014-06-21-193321.log 13309 bytes
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ieframe.dll,-12512  Url="http://www.bing.com/...s}&FORM=IE8SRC"
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=228 folders=64 3911913 bytes)
 
==== EOF on 2014/09/27 at 15:24:22.75 ======================
 
 
 
 
 
 
 
 

 


  • 0

#13
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

This is looking much better. :) How is the computer working now?


  • 0

#14
amanda222

amanda222

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Hi.  I am still getting redirects within Chrome when I go to click on a link or button, another tab pops open directing to a fake computer speed test or computer scan page, etc

Here are some examples

http://support.isupportcorp.com/

http://tuneuppro.com...02CMKJUzzEVA6KN

http://t.cttsrv.com/...S5jZ2k_anM9MQ~~

 

 

When these occur, the PC seems to bog down and lock up.  


  • 0

#15
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Let try running the fix again as only part of it worked. I'm going to have you do it differently this time. I will provide the file and you download it and run it, etc.

 

FRST.gif Fix with Farbar Recovery Scan Tool



icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Attached File  fixlist.txt   8.79KB   57 downloads

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply. Also give Chrome a try and see if I cleaned up everything this time :)

 

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP