Ok, here are the logs
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-09-2014 01
Ran by rainmaker (administrator) on 3YFK943Z on 25-09-2014 14:08:33
Running from d:\data\rainmaker\Desktop
Loaded Profile: rainmaker (Available profiles: administrator & rainmaker & Admin & rbcadmin)
Platform: Microsoft Windows XP Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINNT\system32\smss.exe
(Microsoft Corporation) C:\WINNT\system32\winlogon.exe
(Microsoft Corporation) C:\WINNT\system32\services.exe
(Microsoft Corporation) C:\WINNT\system32\lsass.exe
() C:\WINNT\system32\ibmpmsvc.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\spoolsv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\WINNT\system32\rundll32.exe
(DameWare Development LLC) C:\WINNT\system32\DWRCS.EXE
() C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\WINNT\system32\msiexec.exe
(DameWare Development) C:\WINNT\system32\DWRCST.EXE
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Lenovo.) C:\WINNT\system32\TPHDEXLG.exe
(Alexandria Software Consulting) C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
(Microsoft Corporation) C:\WINNT\explorer.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
() D:\data\All Users\Application Data\VenusApp Software\SW-Booster\SW-Booster.exe
(IBM Corp.) C:\IBMTOOLS\utils\ibmprc.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
(Intel Corporation) C:\WINNT\system32\igfxtray.exe
(Intel Corporation) C:\WINNT\system32\hkcmd.exe
(Intel Corporation) C:\WINNT\system32\igfxpers.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\Mctray.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\WINNT\system32\rundll32.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo, Ltd. and IBM Corporation.) C:\WINNT\system32\TpShocks.exe
() C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
() C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
(Microsoft Corporation) C:\WINNT\system32\ctfmon.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
(Nortel Networks) C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
(Microsoft Corporation) C:\WINNT\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINNT\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\PBUpdate.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IBMPRC] => C:\IBMTOOLS\UTILS\ibmprc.exe [90112 2005-04-27] (IBM Corp.)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\Network Associates\Common Framework\UdaterUI.exe [136512 2007-12-14] (McAfee, Inc.)
HKLM\...\Run: [igfxtray] => C:\WINNT\system32\igfxtray.exe [94208 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINNT\system32\hkcmd.exe [77824 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINNT\system32\igfxpers.exe [118784 2006-09-15] (Intel Corporation)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-12-15] (Analog Devices, Inc.)
HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [BLOG] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [110592 2005-09-15] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [512000 2005-09-15] (Synaptics, Inc.)
HKLM\...\Run: [TpShocks] => C:\WINNT\system32\TpShocks.exe [106496 2005-11-07] (Lenovo, Ltd. and IBM Corporation.)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [94208 2006-02-01] ()
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [111952 2007-10-16] (McAfee, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2009-05-26] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [292136 2009-06-05] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\BitcasaBoot.exe "C:\Program Files\Bitcasa\Bitcasa.exe" /startup
HKLM\...\Winlogon: [Userinit] C:\WINNT\system32\userinit.exe,
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [UIHost] logonui.exe [x ] ()
Winlogon\Notify\crypt32chain: C:\WINNT\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINNT\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINNT\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINNT\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINNT\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINNT\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\tpfnf2: C:\WINNT\system32\notifyf2.dll ()
Winlogon\Notify\tphotkey: C:\WINNT\system32\tphklock.dll ()
Winlogon\Notify\wlballoon: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [ctfmon.exe] => C:\WINNT\system32\ctfmon.exe [15360 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [FLV Player] => D:\data\rainmaker\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [LiveSupport] => "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434528 2006-10-26] (Microsoft Corporation)
AppInit_DLLs: c:\progra~1\sw-boo~1\assist~1.dll => c:\Program Files\SW-Booster\Assistant.dll [4296192 2014-08-26] ()
Startup: d:\data\All Users\Start Menu\Programs\Startup\TunnelGuard Tray Monitor.lnk
ShortcutTarget: TunnelGuard Tray Monitor.lnk -> C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE (Nortel Networks)
SSODL: EldosMountNotificator-cbfs5 - {2FDAFB24-B169-4275-A542-BBBF7E571352} - C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 1EldosIconOverlay-cbfs5 -> {87AE300F-D62D-458A-B35A-B3B7B6F9EB65} => C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 2EldosIconOverlay-cbfs5 -> {F02BF715-CB7E-4DB6-AD09-227DB5FB4B29} => C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: BitcasaBadFileOverlay -> {EC168C82-5053-422A-BB08-3CD9ACA22E85} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: BitcasaIconOverlay -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: BitcasaMirrorOverlay -> {8C403C00-4544-4A53-879B-1949390CDE13} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: BitcasaNotMirrored -> {775CDDED-E6D2-4DD8-8C1F-158BEF44B62A} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: BitcasaProgressOverlay -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: EldosIconOverlay-cbfs5 -> {2A23874A-2B68-4C72-8A22-5B1FFADC5081} => C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: VirtualExpanderFile.1 -> {E4000AC4-5E5F-4956-807A-C5854405D64F} => C:\WINNT\system32\VirtualExpander\VEShellExt.dll (Sony Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Search-NeewTab -> {1D2F45C0-E723-C694-063B-A958023E9A1B} -> C:\Program Files\Search-NeewTab\0trWpx5X.dll ()
BHO: ISavEr -> {48A88D8E-873A-2452-ACF4-2FD4456C5CD2} -> d:\data\All Users\Application Data\ISavEr\HqIxdafdhd.dll ()
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\system32\shell32.dll [8460800 2008-07-03] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default
FF Homepage: hxxp://search.easylifeapp.com/
FF SearchEngineOrder.1: WebSearch
FF DefaultSearchEngine: WebSearch
FF SelectedSearchEngine: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF Keyword.URL: hxxp://websearch.flyandsearch.info/?pid=724&r=2014/08/26&hid=5238787093181005616&lg=EN&cc=US&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\WebSearch.xml
FF Extension: Firebug - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\
[email protected] [2012-12-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2008-11-05]
Chrome:
=======
CHR HomePage: Default -> hxxp://search.easylifeapp.com/
CHR StartupUrls: Default -> "hxxp://search.easylifeapp.com/"
CHR DefaultSearchKeyword: Default -> websearch
CHR DefaultSearchProvider: Default -> WebSearch
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoftî DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoftî DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Google Update) - d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - d:\data\rainmaker\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR CustomProfile: d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Mini Notepad) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apjhdoaiejppfmijnkopdcpjcngdlffj [2014-09-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-08]
CHR Extension: (Facepad for Facebook) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgaknhmchnjaphondjciheacngggiclo [2014-09-24]
CHR Extension: (YouTube Flags) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeammepjjllhpcfnkohocddkmdejjebc [2014-09-17]
CHR Extension: (Best Save) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifkgichhpmabepjkbkmfeclembjdbpml [2014-08-26]
CHR Extension: (Google Wallet) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-14]
CHR Extension: (Responsive Web Design Tester) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2014-09-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257696 2014-06-21] (Adobe Systems Incorporated)
S4 Alerter; C:\WINNT\system32\alrsvc.dll [17408 2004-08-04] (Microsoft Corporation)
R3 ALG; C:\WINNT\System32\alg.exe [44544 2004-08-04] (Microsoft Corporation)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.)
S3 AppMgmt; C:\WINNT\System32\appmgmts.dll [167936 2004-08-04] (Microsoft Corporation)
S3 aspnet_state; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
R2 AudioSrv; C:\WINNT\System32\audiosrv.dll [42496 2004-08-04] (Microsoft Corporation)
S3 BITS; C:\WINNT\system32\qmgr.dll [382464 2004-08-04] (Microsoft Corporation)
S2 Browser; C:\WINNT\System32\browser.dll [77312 2004-08-04] (Microsoft Corporation)
R2 c67abfdb; c:\Program Files\SW-Booster\AssistantSvc.dll [174928 2014-08-26] () [File not signed]
S2 CcmExec; C:\WINNT\system32\CCM\CcmExec.exe [578784 2006-02-09] (Microsoft Corporation)
S3 CiSvc; C:\WINNT\system32\cisvc.exe [5632 2004-08-04] (Microsoft Corporation)
S3 ClipSrv; C:\WINNT\system32\clipsrv.exe [33280 2004-08-04] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S3 COMSysApp; C:\WINNT\system32\dllhost.exe [5120 2004-08-04] (Microsoft Corporation)
R2 CryptSvc; C:\WINNT\System32\cryptsvc.dll [60416 2004-08-04] (Microsoft Corporation)
R2 DcomLaunch; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINNT\System32\dhcpcsvc.dll [111616 2006-05-19] (Microsoft Corporation)
S3 dmadmin; C:\WINNT\System32\dmadmin.exe [224768 2004-08-04] (Microsoft Corp., Veritas Software)
S3 dmserver; C:\WINNT\System32\dmserver.dll [23552 2004-08-04] (Microsoft Corp.)
R2 Dnscache; C:\WINNT\System32\dnsrslvr.dll [45568 2008-02-20] (Microsoft Corporation)
R2 DWMRCS; C:\WINNT\system32\DWRCS.EXE [222720 2007-07-25] (DameWare Development LLC) [File not signed]
R2 ERSvc; C:\WINNT\System32\ersvc.dll [23040 2004-08-04] (Microsoft Corporation)
R2 Eventlog; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINNT\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
S3 ExtranetAccess; C:\Program Files\Nexxia\Extranet_serv.exe [835584 2006-05-09] (Nortel Networks NA, Inc.) [File not signed]
S3 FastUserSwitchingCompatibility; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
R2 helpsvc; C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll [38912 2004-08-04] (Microsoft Corporation)
R2 HidServ; C:\WINNT\System32\hidserv.dll [21504 2004-08-04] (Microsoft Corporation)
S3 HTTPFilter; C:\WINNT\System32\w3ssl.dll [15872 2004-08-04] (Microsoft Corporation)
R2 IBM Rapid Restore Ultra Service; C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [385024 2005-10-06] () [File not signed]
R2 IBMPMSVC; C:\WINNT\system32\ibmpmsvc.exe [73782 2005-11-11] ()
S3 idsvc; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINNT\system32\imapi.exe [150016 2004-08-04] (Microsoft Corporation)
S3 iPassConnectEngine; C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe [1310720 2006-11-30] (iPass, Inc.) [File not signed]
R3 iPassPeriodicUpdateApp; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe [126976 2006-11-29] (iPass, Inc.) [File not signed]
R2 iPassPeriodicUpdateService; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe [86016 2006-11-29] (iPass, Inc.) [File not signed]
S4 Irmon; C:\WINNT\System32\irmon.dll [27136 2004-08-03] (Microsoft Corporation)
R2 lanmanserver; C:\WINNT\System32\srvsvc.dll [96768 2004-12-07] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINNT\System32\wkssvc.dll [134144 2009-06-10] (Microsoft Corporation)
R2 LmHosts; C:\WINNT\System32\lmhsvc.dll [13824 2004-08-04] (Microsoft Corporation)
R2 McAfeeFramework; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [103744 2007-12-14] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144704 2007-10-16] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54608 2007-10-16] (McAfee, Inc.)
S4 Messenger; C:\WINNT\System32\msgsvc.dll [33792 2004-08-04] (Microsoft Corporation)
S3 mnmsrvc; C:\WINNT\system32\mnmsrvc.exe [32768 2004-08-04] (Microsoft Corporation)
S3 MSDTC; C:\WINNT\system32\msdtc.exe [6144 2004-08-04] (Microsoft Corporation)
R2 MSIServer; C:\WINNT\System32\msiexec.exe [78848 2005-05-03] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
S4 NetDDE; C:\WINNT\system32\netdde.exe [111104 2004-08-04] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINNT\system32\netdde.exe [111104 2004-08-04] (Microsoft Corporation)
R2 Netlogon; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
R3 Netman; C:\WINNT\System32\netman.dll [197632 2005-08-22] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [132096 2008-07-29] (Microsoft Corporation)
R3 Nla; C:\WINNT\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 NtmsSvc; C:\WINNT\system32\ntmssvc.dll [435200 2004-08-04] (Microsoft Corporation)
R2 PlugPlay; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
S4 PolicyAgent; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 RasAuto; C:\WINNT\System32\rasauto.dll [89088 2004-08-04] (Microsoft Corporation)
R3 RasMan; C:\WINNT\System32\rasmans.dll [181248 2006-06-22] (Microsoft Corporation)
S3 RDSessMgr; C:\WINNT\system32\sessmgr.exe [140800 2004-08-04] (Microsoft Corporation)
S4 RemoteAccess; C:\WINNT\System32\mprdim.dll [49152 2002-08-29] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINNT\system32\regsvc.dll [59904 2004-08-04] (Microsoft Corporation)
S3 RpcLocator; C:\WINNT\system32\locator.exe [75264 2004-08-04] (Microsoft Corporation)
R2 RpcSs; C:\WINNT\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINNT\system32\rsvp.exe [132608 2002-08-29] (Microsoft Corporation)
R2 SamSs; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 SCardSvr; C:\WINNT\System32\SCardSvr.exe [95744 2004-08-04] (Microsoft Corporation)
R2 Schedule; C:\WINNT\system32\schedsvc.dll [190976 2004-08-04] (Microsoft Corporation)
R2 seclogon; C:\WINNT\System32\seclogon.dll [18944 2004-08-04] (Microsoft Corporation)
R2 SENS; C:\WINNT\system32\sens.dll [38912 2004-08-04] (Microsoft Corporation)
R2 SharedAccess; C:\WINNT\System32\ipnathlp.dll [331264 2004-08-04] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
R2 Spooler; C:\WINNT\system32\spoolsv.exe [57856 2005-06-10] (Microsoft Corporation)
R2 srservice; C:\WINNT\system32\srsvc.dll [170496 2004-08-04] (Microsoft Corporation)
R3 SSDPSRV; C:\WINNT\System32\ssdpsrv.dll [71680 2004-08-04] (Microsoft Corporation)
R2 stisvc; C:\WINNT\system32\wiaservc.dll [333824 2006-12-19] (Microsoft Corporation)
S3 SwPrv; C:\WINNT\system32\dllhost.exe [5120 2004-08-04] (Microsoft Corporation)
S3 SysmonLog; C:\WINNT\system32\smlogsvc.exe [89600 2004-08-04] (Microsoft Corporation)
R3 TapiSrv; C:\WINNT\System32\tapisrv.dll [249344 2005-07-08] (Microsoft Corporation)
R3 TermService; C:\WINNT\System32\termsrv.dll [295424 2004-08-04] (Microsoft Corporation)
R2 Themes; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
S3 TlntSvr; C:\WINNT\system32\tlntsvr.exe [73216 2004-08-04] (Microsoft Corporation)
R2 TPHDEXLGSVC; C:\WINNT\System32\TPHDEXLG.EXE [77824 2005-06-20] (Lenovo.) [File not signed]
R2 TrkWks; C:\WINNT\system32\trkwks.dll [90624 2004-08-04] (Microsoft Corporation)
R2 tunnelguardservice; c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe [53248 2005-09-06] (Alexandria Software Consulting) [File not signed]
S3 upnphost; C:\WINNT\System32\upnphost.dll [185344 2007-02-05] (Microsoft Corporation)
S3 UPS; C:\WINNT\System32\ups.exe [18432 2004-08-04] (Microsoft Corporation)
S3 VSS; C:\WINNT\System32\vssvc.exe [289792 2004-08-04] (Microsoft Corporation)
R2 W32Time; C:\WINNT\system32\w32time.dll [174592 2004-08-04] (Microsoft Corporation)
R2 WebClient; C:\WINNT\System32\webclnt.dll [68096 2006-01-03] (Microsoft Corporation)
R2 winmgmt; C:\WINNT\system32\wbem\WMIsvc.dll [144896 2004-08-04] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINNT\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
S3 Wmi; C:\WINNT\System32\advapi32.dll [617984 2009-02-09] (Microsoft Corporation)
S3 WmiApSrv; C:\WINNT\system32\wbem\wmiapsrv.exe [126464 2004-08-04] (Microsoft Corporation)
S2 wscsvc; C:\WINNT\system32\wscsvc.dll [81408 2004-08-04] (Microsoft Corporation)
R2 wuauserv; C:\WINNT\system32\wuauserv.dll [6656 2004-08-04] (Microsoft Corporation)
S3 WudfSvc; C:\WINNT\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
R2 WZCSVC; C:\WINNT\System32\wzcsvc.dll [474624 2005-04-20] (Microsoft Corporation)
S3 xmlprov; C:\WINNT\System32\xmlprov.dll [129536 2004-08-04] (Microsoft Corporation)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 magaService; c:\Program Files\Sygate\SSA\maga\maga.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 ACPI; C:\WINNT\System32\DRIVERS\ACPI.sys [187776 2004-08-04] (Microsoft Corporation)
R0 ACPIEC; C:\WINNT\System32\DRIVERS\ACPIEC.sys [11648 2002-08-29] (Microsoft Corporation)
R3 ADIHdAudAddService; C:\WINNT\System32\drivers\ADIHdAud.sys [173056 2005-12-15] (Analog Devices, Inc.)
R3 AEAudioService; C:\WINNT\System32\drivers\AEAudio.sys [152960 2005-12-15] (Andrea Electronics Corporation)
S3 aec; C:\WINNT\System32\drivers\aec.sys [142464 2004-08-03] (Microsoft Corporation)
R1 AFD; C:\WINNT\System32\drivers\afd.sys [138368 2008-08-14] (Microsoft Corporation)
R0 ANCSQ; C:\WINNT\System32\drivers\ANCSQ.sys [6912 2005-04-27] (IBM Corp.) [File not signed]
S3 AsyncMac; C:\WINNT\System32\DRIVERS\asyncmac.sys [14336 2004-08-03] (Microsoft Corporation)
R0 atapi; C:\WINNT\System32\DRIVERS\atapi.sys [95360 2004-08-03] (Microsoft Corporation)
S3 Atmarpc; C:\WINNT\System32\DRIVERS\atmarpc.sys [59904 2004-08-03] (Microsoft Corporation)
R3 atmeltpm; C:\WINNT\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.)
R3 audstub; C:\WINNT\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R1 Beep; C:\WINNT\system32\Drivers\Beep.sys [4224 2002-08-29] (Microsoft Corporation)
R1 cbfs5; C:\WINNT\system32\drivers\cbfs5.sys [346688 2013-11-25] (EldoS Corporation)
S4 cbidf2k; C:\WINNT\system32\Drivers\cbidf2k.sys [13952 2002-08-29] (Microsoft Corporation)
S1 Cdaudio; C:\WINNT\system32\Drivers\Cdaudio.sys [18688 2002-08-29] (Microsoft Corporation)
S4 Cdfs; C:\WINNT\system32\Drivers\Cdfs.sys [63744 2004-08-03] (Microsoft Corporation)
R1 Cdrom; C:\WINNT\System32\DRIVERS\cdrom.sys [49536 2004-08-04] (Microsoft Corporation)
R3 CmBatt; C:\WINNT\System32\DRIVERS\CmBatt.sys [14080 2004-08-03] (Microsoft Corporation)
R0 Compbatt; C:\WINNT\System32\DRIVERS\compbatt.sys [9344 2001-08-17] (Microsoft Corporation)
R0 Disk; C:\WINNT\System32\DRIVERS\disk.sys [36352 2004-08-04] (Microsoft Corporation)
S4 dmboot; C:\WINNT\System32\drivers\dmboot.sys [799744 2004-08-03] (Microsoft Corp., Veritas Software)
S4 dmio; C:\WINNT\System32\drivers\dmio.sys [153344 2004-08-03] (Microsoft Corp., Veritas Software)
S4 dmload; C:\WINNT\System32\drivers\dmload.sys [5888 2002-08-29] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINNT\System32\drivers\DMusic.sys [52864 2004-08-03] (Microsoft Corporation)
S3 drmkaud; C:\WINNT\System32\drivers\drmkaud.sys [2944 2004-08-03] (Microsoft Corporation)
R3 DwMirror; C:\WINNT\System32\DRIVERS\DamewareMini.sys [2944 2007-02-07] (DameWare Development, Inc.)
R1 dwvkbd; C:\WINNT\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
R3 e1express; C:\WINNT\System32\DRIVERS\e1e5132.sys [181760 2006-01-22] (Intel Corporation)
R3 Eacfilt; C:\WINNT\System32\DRIVERS\eacfilt.sys [24521 2006-05-09] (Nortel Networks) [File not signed]
R2 EGATHDRV; C:\WINNT\SYSTEM32\EGATHDRV.SYS [5427 2005-04-27] (IBM Corporation) [File not signed]
S4 Fastfat; C:\WINNT\system32\Drivers\Fastfat.sys [143360 2004-08-03] (Microsoft Corporation)
S1 Fdc; C:\WINNT\system32\Drivers\Fdc.sys [27392 2004-08-04] (Microsoft Corporation)
R1 Fips; C:\WINNT\system32\Drivers\Fips.sys [34944 2002-08-29] (Microsoft Corporation)
S3 FLMCKUSB; C:\WINNT\System32\Drivers\FLMckUSB.sys [69810 2004-12-15] (AuthenTec, Inc.)
S1 Flpydisk; C:\WINNT\system32\Drivers\Flpydisk.sys [20480 2004-08-04] (Microsoft Corporation)
R0 FltMgr; C:\WINNT\System32\DRIVERS\fltMgr.sys [124800 2004-08-03] (Microsoft Corporation)
U1 Fs_Rec; C:\WINNT\system32\Drivers\Fs_Rec.sys [7936 2002-08-29] (Microsoft Corporation)
R0 Ftdisk; C:\WINNT\System32\DRIVERS\ftdisk.sys [125056 2002-08-29] (Microsoft Corporation)
R3 GEARAspiWDM; C:\WINNT\System32\DRIVERS\GEARAspiWDM.sys [23400 2009-03-19] (GEAR Software Inc.)
R3 Gpc; C:\WINNT\System32\DRIVERS\msgpc.sys [35072 2004-08-03] (Microsoft Corporation)
R3 HDAudBus; C:\WINNT\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows ® Server 2003 DDK provider) [File not signed]
S3 HidUsb; C:\WINNT\System32\DRIVERS\hidusb.sys [9600 2001-08-17] (Microsoft Corporation)
R3 HSF_DPV; C:\WINNT\System32\DRIVERS\hsx_dpv.sys [936448 2005-12-06] (Conexant Systems, Inc.)
R3 HSXHWAZL; C:\WINNT\System32\DRIVERS\hsxhwazl.sys [192512 2005-12-06] (Conexant Systems, Inc.)
R3 HTTP; C:\WINNT\System32\Drivers\HTTP.sys [263552 2009-10-20] (Microsoft Corporation)
R1 i8042prt; C:\WINNT\System32\DRIVERS\i8042prt.sys [52736 2004-08-04] (Microsoft Corporation)
R3 ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [1173468 2006-09-15] (Intel Corporation) [File not signed]
R0 iaStor; C:\WINNT\System32\drivers\iaStor.sys [874240 2005-10-12] (Intel Corporation)
R2 ibmfilter; C:\WINNT\system32\drivers\ibmfilter.sys [63616 2005-04-27] (IBM) [File not signed]
R3 IBMPMDRV; C:\WINNT\System32\DRIVERS\ibmpmdrv.sys [10112 2005-11-11] (Lenovo.)
R1 Imapi; C:\WINNT\System32\DRIVERS\imapi.sys [41856 2004-08-04] (Microsoft Corporation)
R0 IntelIde; C:\WINNT\System32\DRIVERS\intelide.sys [5504 2004-08-03] (Microsoft Corporation)
R1 intelppm; C:\WINNT\System32\DRIVERS\intelppm.sys [36096 2004-08-04] (Microsoft Corporation)
S3 Ip6Fw; C:\WINNT\System32\DRIVERS\Ip6Fw.sys [29056 2004-08-03] (Microsoft Corporation)
R2 iPassP; C:\WINNT\System32\DRIVERS\iPassP.sys [21419 2009-04-25] (Meetinghouse Data Communications) [File not signed]
S3 IpFilterDriver; C:\WINNT\System32\DRIVERS\ipfltdrv.sys [32896 2002-08-29] (Microsoft Corporation)
S3 IpInIp; C:\WINNT\System32\DRIVERS\ipinip.sys [20992 2004-08-03] (Microsoft Corporation)
R3 IpNat; C:\WINNT\System32\DRIVERS\ipnat.sys [134912 2004-08-03] (Microsoft Corporation)
R1 IPSec; C:\WINNT\System32\DRIVERS\ipsec.sys [74752 2004-08-03] (Microsoft Corporation)
S3 IPSECEXT; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155216 2006-05-09] (Nortel Networks NA, Inc.) [File not signed]
R3 IPSECSHM; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155216 2006-05-09] (Nortel Networks NA, Inc.) [File not signed]
R2 irda; C:\WINNT\System32\DRIVERS\irda.sys [87424 2004-08-03] (Microsoft Corporation)
R3 IRENUM; C:\WINNT\System32\DRIVERS\irenum.sys [11264 2004-08-03] (Microsoft Corporation)
R0 isapnp; C:\WINNT\System32\DRIVERS\isapnp.sys [35840 2002-08-29] (Microsoft Corporation)
R1 Kbdclass; C:\WINNT\System32\DRIVERS\kbdclass.sys [24576 2004-08-04] (Microsoft Corporation)
S1 kbdhid; C:\WINNT\System32\DRIVERS\kbdhid.sys [14848 2004-08-03] (Microsoft Corporation)
R3 kmixer; C:\WINNT\System32\drivers\kmixer.sys [171776 2004-08-03] (Microsoft Corporation)
R0 KSecDD; C:\WINNT\system32\Drivers\KSecDD.sys [92544 2009-06-22] (Microsoft Corporation)
R2 mdmxsdk; C:\WINNT\System32\DRIVERS\mdmxsdk.sys [12544 2005-10-05] (Conexant)
R3 mfeapfk; C:\WINNT\System32\drivers\mfeapfk.sys [64168 2007-10-16] (McAfee, Inc.)
R3 mfeavfk; C:\WINNT\System32\drivers\mfeavfk.sys [72680 2007-10-16] (McAfee, Inc.)
R3 mfebopk; C:\WINNT\System32\drivers\mfebopk.sys [33960 2007-10-16] (McAfee, Inc.)
R3 mfehidk; C:\WINNT\System32\drivers\mfehidk.sys [171272 2007-10-16] (McAfee, Inc.)
R1 mferkdk; C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [31784 2007-10-16] (McAfee, Inc.)
R1 mfetdik; C:\WINNT\System32\drivers\mfetdik.sys [51944 2007-10-16] (McAfee, Inc.)
R1 mnmdd; C:\WINNT\system32\Drivers\mnmdd.sys [4224 2002-08-29] (Microsoft Corporation)
R3 Modem; C:\WINNT\system32\Drivers\Modem.sys [30080 2004-08-04] (Microsoft Corporation)
R1 Mouclass; C:\WINNT\System32\DRIVERS\mouclass.sys [23040 2004-08-04] (Microsoft Corporation)
S3 mouhid; C:\WINNT\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation)
R0 MountMgr; C:\WINNT\system32\Drivers\MountMgr.sys [42240 2004-08-03] (Microsoft Corporation)
R3 MRxDAV; C:\WINNT\System32\DRIVERS\mrxdav.sys [179584 2007-12-18] (Microsoft Corporation)
R1 MRxSmb; C:\WINNT\System32\DRIVERS\mrxsmb.sys [454016 2010-02-24] (Microsoft Corporation)
R1 Msfs; C:\WINNT\system32\Drivers\Msfs.sys [19072 2004-08-03] (Microsoft Corporation)
S3 MSKSSRV; C:\WINNT\System32\drivers\MSKSSRV.sys [7552 2004-08-03] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINNT\System32\drivers\MSPCLOCK.sys [5376 2004-08-03] (Microsoft Corporation)
S3 MSPQM; C:\WINNT\System32\drivers\MSPQM.sys [4992 2004-08-03] (Microsoft Corporation)
R3 mssmbios; C:\WINNT\System32\DRIVERS\mssmbios.sys [15488 2004-08-04] (Microsoft Corporation)
R0 Mup; C:\WINNT\system32\Drivers\Mup.sys [107904 2004-08-03] (Microsoft Corporation)
R0 NDIS; C:\WINNT\system32\Drivers\NDIS.sys [182912 2004-08-03] (Microsoft Corporation)
R3 NdisTapi; C:\WINNT\System32\DRIVERS\ndistapi.sys [9600 2002-08-29] (Microsoft Corporation)
R3 Ndisuio; C:\WINNT\System32\DRIVERS\ndisuio.sys [14592 2005-04-19] (Microsoft Corporation)
R3 NdisWan; C:\WINNT\System32\DRIVERS\ndiswan.sys [91776 2004-08-03] (Microsoft Corporation)
R3 NDProxy; C:\WINNT\system32\Drivers\NDProxy.sys [38016 2002-08-29] (Microsoft Corporation)
R1 NetBIOS; C:\WINNT\System32\DRIVERS\netbios.sys [34560 2004-08-03] (Microsoft Corporation)
R1 NetBT; C:\WINNT\System32\DRIVERS\netbt.sys [162816 2004-08-03] (Microsoft Corporation)
R3 NETw3x32; C:\WINNT\System32\DRIVERS\NETw3x32.sys [1709696 2006-09-27] (Intel® Corporation)
R1 Npfs; C:\WINNT\system32\Drivers\Npfs.sys [30848 2004-08-03] (Microsoft Corporation)
R3 NSCIRDA; C:\WINNT\System32\DRIVERS\nscirda.sys [28672 2004-08-03] (National Semiconductor Corporation)
R4 Ntfs; C:\WINNT\system32\Drivers\Ntfs.sys [574592 2004-08-03] (Microsoft Corporation)
R1 Null; C:\WINNT\system32\Drivers\Null.sys [2944 2002-08-29] (Microsoft Corporation)
S3 NwlnkFlt; C:\WINNT\System32\DRIVERS\nwlnkflt.sys [12416 2002-08-29] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINNT\System32\DRIVERS\nwlnkfwd.sys [32512 2002-08-29] (Microsoft Corporation)
S3 Parport; C:\WINNT\System32\DRIVERS\parport.sys [80128 2004-08-04] (Microsoft Corporation)
R0 PartMgr; C:\WINNT\system32\Drivers\PartMgr.sys [18688 2002-08-29] (Microsoft Corporation)
S4 ParVdm; C:\WINNT\system32\Drivers\ParVdm.sys [6784 2002-08-29] (Microsoft Corporation)
R0 PCI; C:\WINNT\System32\DRIVERS\pci.sys [68224 2004-08-03] (Microsoft Corporation)
R0 PCIIde; C:\WINNT\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation)
R0 Pcmcia; C:\WINNT\System32\DRIVERS\pcmcia.sys [119936 2004-08-04] (Microsoft Corporation)
R3 PptpMiniport; C:\WINNT\System32\DRIVERS\raspptp.sys [48384 2004-08-03] (Microsoft Corporation)
S3 prepdrvr; C:\WINNT\system32\CCM\prepdrv.sys [20704 2006-02-09] (Microsoft Corporation)
S4 psadd; C:\WINNT\system32\Drivers\psadd.sys [13184 2007-03-20] (IBM Corporation) [File not signed]
R3 PSched; C:\WINNT\System32\DRIVERS\psched.sys [69120 2004-08-03] (Microsoft Corporation)
R3 Ptilink; C:\WINNT\System32\DRIVERS\ptilink.sys [17792 2002-08-29] (Parallel Technologies, Inc.)
R0 PxHelp20; C:\WINNT\System32\Drivers\PxHelp20.sys [20576 2007-03-20] (Sonic Solutions) [File not signed]
R1 RasAcd; C:\WINNT\System32\DRIVERS\rasacd.sys [8832 2002-08-29] (Microsoft Corporation)
R3 Rasirda; C:\WINNT\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 Rasl2tp; C:\WINNT\System32\DRIVERS\rasl2tp.sys [51328 2004-08-03] (Microsoft Corporation)
R3 RasPppoe; C:\WINNT\System32\DRIVERS\raspppoe.sys [41472 2004-08-03] (Microsoft Corporation)
R3 Raspti; C:\WINNT\System32\DRIVERS\raspti.sys [16512 2002-08-29] (Microsoft Corporation)
R1 Rdbss; C:\WINNT\System32\DRIVERS\rdbss.sys [174592 2006-05-05] (Microsoft Corporation)
R1 RDPCDD; C:\WINNT\System32\DRIVERS\RDPCDD.sys [4224 2002-08-29] (Microsoft Corporation)
R3 rdpdr; C:\WINNT\System32\DRIVERS\rdpdr.sys [196864 2004-08-03] (Microsoft Corporation)
S3 RDPWD; C:\WINNT\system32\Drivers\RDPWD.sys [139528 2005-06-10] (Microsoft Corporation)
R1 redbook; C:\WINNT\System32\DRIVERS\redbook.sys [57472 2004-08-03] (Microsoft Corporation)
S3 Secdrv; C:\WINNT\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 serenum; C:\WINNT\System32\DRIVERS\serenum.sys [15488 2004-08-04] (Microsoft Corporation)
S3 Serial; C:\WINNT\System32\DRIVERS\serial.sys [64896 2004-08-04] (Microsoft Corporation)
S1 Sfloppy; C:\WINNT\system32\Drivers\Sfloppy.sys [11392 2004-08-04] (Microsoft Corporation)
R1 ShockMgr; C:\WINNT\system32\Drivers\ShockMgr.sys [4736 2005-06-20] (Lenovo.) [File not signed]
R0 Shockprf; C:\WINNT\system32\Drivers\Shockprf.sys [85760 2005-11-30] (Lenovo) [File not signed]
R1 Smapint; C:\WINNT\System32\drivers\Smapint.sys [14848 2005-11-30] (Microsoft Corporation) [File not signed]
S3 splitter; C:\WINNT\System32\drivers\splitter.sys [6400 2004-08-03] (Microsoft Corporation)
R0 sr; C:\WINNT\System32\DRIVERS\sr.sys [73472 2004-08-03] (Microsoft Corporation)
R3 Srv; C:\WINNT\System32\DRIVERS\srv.sys [352640 2009-12-31] (Microsoft Corporation)
R3 swenum; C:\WINNT\System32\DRIVERS\swenum.sys [4352 2004-08-04] (Microsoft Corporation)
S3 swmidi; C:\WINNT\System32\drivers\swmidi.sys [54272 2001-08-17] (Microsoft Corporation)
R0 Symmpi; C:\WINNT\System32\DRIVERS\symmpi.sys [99328 2007-03-20] (LSI Logic) [File not signed]
R3 SynTP; C:\WINNT\System32\DRIVERS\SynTP.sys [177664 2005-09-15] (Synaptics, Inc.)
R3 sysaudio; C:\WINNT\System32\drivers\sysaudio.sys [60800 2004-08-03] (Microsoft Corporation)
R1 Tcpip; C:\WINNT\System32\DRIVERS\tcpip.sys [360320 2008-06-20] (Microsoft Corporation)
S3 TcUsb; C:\WINNT\System32\Drivers\tcusb.sys [24832 2004-11-04] (UPEK Inc.)
S3 TDPIPE; C:\WINNT\system32\Drivers\TDPIPE.sys [12040 2004-08-04] (Microsoft Corporation)
R1 TDSMAPI; C:\WINNT\System32\drivers\TDSMAPI.SYS [9343 2005-11-30] () [File not signed]
S3 TDTCP; C:\WINNT\system32\Drivers\TDTCP.sys [21896 2004-08-04] (Microsoft Corporation)
R1 TermDD; C:\WINNT\System32\DRIVERS\termdd.sys [40840 2004-08-04] (Microsoft Corporation)
S3 tpflhlp; c:\drivers\t60\bios\tpflhlp.sys [13360 2007-08-09] (Lenovo Group Limited)
R1 TPHKDRV; C:\WINNT\system32\Drivers\TPHKDRV.sys [17699 2006-02-01] (IBM Corporation) [File not signed]
R1 TPPWRIF; C:\WINNT\System32\drivers\Tppwrif.sys [4442 2005-12-07] () [File not signed]
S4 Udfs; C:\WINNT\system32\Drivers\Udfs.sys [66176 2004-08-03] (Microsoft Corporation)
R3 Update; C:\WINNT\System32\DRIVERS\update.sys [209408 2004-08-03] (Microsoft Corporation)
S3 USBAAPL; C:\WINNT\System32\Drivers\usbaapl.sys [39424 2009-06-05] (Apple, Inc.)
S3 usbaudio; C:\WINNT\System32\drivers\usbaudio.sys [59264 2004-08-03] (Microsoft Corporation)
S3 usbccgp; C:\WINNT\System32\DRIVERS\usbccgp.sys [31616 2004-08-03] (Microsoft Corporation)
R3 usbehci; C:\WINNT\System32\DRIVERS\usbehci.sys [26624 2004-08-03] (Microsoft Corporation)
R3 usbhub; C:\WINNT\System32\DRIVERS\usbhub.sys [57600 2004-08-03] (Microsoft Corporation)
S3 usbscan; C:\WINNT\System32\DRIVERS\usbscan.sys [15104 2004-08-03] (Microsoft Corporation)
S3 USBSTOR; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [26496 2004-08-03] (Microsoft Corporation)
R3 usbuhci; C:\WINNT\System32\DRIVERS\usbuhci.sys [20480 2004-08-04] (Microsoft Corporation)
R1 VgaSave; C:\WINNT\System32\drivers\vga.sys [20992 2004-08-03] (Microsoft Corporation)
R0 VolSnap; C:\WINNT\system32\Drivers\VolSnap.sys [52352 2004-08-03] (Microsoft Corporation)
S3 w39n51; C:\WINNT\System32\DRIVERS\w39n51.sys [1428096 2005-12-05] (Intel® Corporation)
R3 Wanarp; C:\WINNT\System32\DRIVERS\wanarp.sys [34560 2004-08-03] (Microsoft Corporation)
R3 wdmaud; C:\WINNT\System32\drivers\wdmaud.sys [82944 2004-08-03] (Microsoft Corporation)
R3 winachsf; C:\WINNT\System32\DRIVERS\hsx_cnxt.sys [670208 2005-12-06] (Conexant Systems, Inc.)
R1 WS2IFSL; C:\WINNT\System32\drivers\ws2ifsl.sys [12032 2002-08-29] (Microsoft Corporation)
S3 WudfPf; C:\WINNT\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation)
S3 WudfRd; C:\WINNT\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation)
U1 RCHelp; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-25 14:08 - 2014-09-25 14:09 - 00048550 _____ () d:\data\rainmaker\Desktop\FRST.txt
2014-09-25 14:08 - 2014-09-25 14:09 - 00000000 ____D () C:\FRST
2014-09-25 14:08 - 2014-09-25 14:07 - 01100800 _____ (Farbar) d:\data\rainmaker\Desktop\FRST.exe
2014-09-25 14:02 - 2014-09-25 14:02 - 00000000 ____D () C:\Program Files\TAkeuTheCoUpOOn
2014-09-25 14:02 - 2014-09-25 14:02 - 00000000 ____D () C:\Program Files\FFindBeestDoeeall
2014-09-24 13:40 - 2014-09-24 13:40 - 00000000 ____D () d:\data\All Users\Application Data\Browser AdBlocker
2014-09-24 13:16 - 2014-09-25 14:04 - 00000000 ____D () d:\data\All Users\Application Data\TAkeuTheCoUpOOn
2014-09-19 14:00 - 2014-09-25 14:04 - 00000000 ____D () d:\data\All Users\Application Data\FFindBeestDoeeall
2014-09-09 21:40 - 2014-09-09 21:40 - 00000000 ____D () d:\data\All Users\Application Data\ISavEr
2014-08-28 17:27 - 2014-08-28 17:27 - 00000000 ____D () d:\data\NetworkService\Application Data\Yahoo!
2014-08-26 15:50 - 2014-08-26 15:50 - 00000775 _____ () d:\data\rainmaker\Application Data\Explorer.EXE_log.txt
2014-08-26 15:41 - 2014-08-26 15:41 - 00000000 ____D () d:\data\All Users\Application Data\Search-NeewTab
2014-08-26 15:41 - 2014-08-26 15:41 - 00000000 ____D () C:\Program Files\Search-NeewTab
2014-08-26 15:40 - 2014-09-25 14:04 - 00000564 ____H () C:\WINNT\Tasks\SW-Booster-S-787344154.job
2014-08-26 15:40 - 2014-08-26 16:05 - 00000827 _____ () d:\data\rainmaker\Application Data\LiveSupport.exe_log.txt
2014-08-26 15:40 - 2014-08-26 16:05 - 00000082 _____ () d:\data\rainmaker\Application Data\regsvr32.exe_log.txt
2014-08-26 15:40 - 2014-08-26 15:40 - 00000000 ____D () d:\data\All Users\Application Data\VenusApp Software
2014-08-26 15:40 - 2014-08-26 15:40 - 00000000 ____D () C:\Program Files\SW-Booster
2014-08-26 15:39 - 2014-09-25 14:04 - 00000000 ____D () d:\data\All Users\Application Data\Adblocker
2014-08-26 15:39 - 2014-08-26 15:39 - 00000000 ____D () C:\Program Files\Adblocker
2014-08-26 15:38 - 2014-09-25 14:02 - 00000000 ____D () d:\data\All Users\Application Data\3eda283a8b7b0d3d
2014-08-26 15:38 - 2014-09-25 13:53 - 00000000 ____D () d:\data\All Users\Application Data\pricecHop
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () C:\Program Files\pricecHop
2014-08-26 15:37 - 2014-08-26 15:40 - 00000000 ____D () d:\data\All Users\Application Data\InstallMate
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-25 14:09 - 2014-09-25 14:08 - 00048550 _____ () d:\data\rainmaker\Desktop\FRST.txt
2014-09-25 14:09 - 2014-09-25 14:08 - 00000000 ____D () C:\FRST
2014-09-25 14:09 - 2014-06-21 10:36 - 00000000 ____D () d:\data\rainmaker\Local Settings\temp
2014-09-25 14:09 - 2014-06-21 10:36 - 00000000 ____D () C:\WINNT\Temp
2014-09-25 14:08 - 2011-09-03 12:52 - 00001024 ____H () d:\data\rainmaker\ntuser.dat.LOG
2014-09-25 14:08 - 2011-09-03 12:52 - 00000000 ____D () d:\data\rainmaker\Desktop
2014-09-25 14:07 - 2014-09-25 14:08 - 01100800 _____ (Farbar) d:\data\rainmaker\Desktop\FRST.exe
2014-09-25 14:07 - 2011-09-04 14:55 - 00000000 ____D () d:\data\rainmaker\My Documents\Downloads
2014-09-25 14:07 - 2006-10-18 12:00 - 01667496 _____ () C:\WINNT\WindowsUpdate.log
2014-09-25 14:06 - 2007-03-20 16:43 - 00001024 ____H () d:\data\NetworkService\ntuser.dat.LOG
2014-09-25 14:06 - 2007-03-20 16:43 - 00001024 ____H () d:\data\LocalService\ntuser.dat.LOG
2014-09-25 14:05 - 2006-10-18 07:58 - 00000159 _____ () C:\WINNT\wiadebug.log
2014-09-25 14:04 - 2014-09-24 13:16 - 00000000 ____D () d:\data\All Users\Application Data\TAkeuTheCoUpOOn
2014-09-25 14:04 - 2014-09-19 14:00 - 00000000 ____D () d:\data\All Users\Application Data\FFindBeestDoeeall
2014-09-25 14:04 - 2014-08-26 15:40 - 00000564 ____H () C:\WINNT\Tasks\SW-Booster-S-787344154.job
2014-09-25 14:04 - 2014-08-26 15:39 - 00000000 ____D () d:\data\All Users\Application Data\Adblocker
2014-09-25 14:04 - 2014-06-18 12:55 - 00000880 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 14:04 - 2011-09-03 12:52 - 00000062 ___SH () d:\data\rainmaker\Local Settings\desktop.ini
2014-09-25 14:04 - 2007-03-20 16:43 - 00000062 ___SH () d:\data\NetworkService\Local Settings\desktop.ini
2014-09-25 14:04 - 2007-03-20 16:43 - 00000062 ___SH () d:\data\LocalService\Local Settings\desktop.ini
2014-09-25 14:04 - 2007-03-20 16:43 - 00000006 ____H () C:\WINNT\Tasks\SA.DAT
2014-09-25 14:04 - 2006-10-18 07:58 - 00000049 _____ () C:\WINNT\wiaservc.log
2014-09-25 14:03 - 2012-12-23 21:48 - 00000278 ___SH () d:\data\rainmaker\ntuser.ini
2014-09-25 14:03 - 2011-09-03 12:52 - 11010048 ____H () d:\data\rainmaker\NTUSER.DAT
2014-09-25 14:03 - 2007-03-20 16:43 - 00262144 ____H () d:\data\NetworkService\NTUSER.DAT
2014-09-25 14:03 - 2007-03-20 16:43 - 00262144 ____H () d:\data\LocalService\NTUSER.DAT
2014-09-25 14:03 - 2007-03-20 16:43 - 00032512 _____ () C:\WINNT\SchedLgU.Txt
2014-09-25 14:02 - 2014-09-25 14:02 - 00000000 ____D () C:\Program Files\TAkeuTheCoUpOOn
2014-09-25 14:02 - 2014-09-25 14:02 - 00000000 ____D () C:\Program Files\FFindBeestDoeeall
2014-09-25 14:02 - 2014-08-26 15:38 - 00000000 ____D () d:\data\All Users\Application Data\3eda283a8b7b0d3d
2014-09-25 14:02 - 2007-09-01 04:06 - 00010520 _____ () C:\setaid2.log
2014-09-25 14:02 - 2006-10-18 07:54 - 00000000 ____D () C:\WINNT
2014-09-25 14:01 - 2011-09-03 12:52 - 00000000 ____D () d:\data\rainmaker\Start Menu\Programs
2014-09-25 14:00 - 2014-06-18 12:55 - 00000884 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 13:59 - 2011-09-03 12:52 - 00000000 ___HD () d:\data\rainmaker\Recent
2014-09-25 13:57 - 2013-09-25 13:27 - 00020309 _____ () d:\data\rainmaker\Desktop\p1647062750-2.jpg
2014-09-25 13:53 - 2014-08-26 15:38 - 00000000 ____D () d:\data\All Users\Application Data\pricecHop
2014-09-25 13:51 - 2006-10-18 07:56 - 00000000 ____D () d:\data\All Users\Start Menu\Programs
2014-09-25 13:51 - 2006-10-18 07:56 - 00000000 ____D () d:\data\All Users\Desktop
2014-09-25 13:50 - 2007-08-31 14:17 - 02336751 _____ () C:\engine.log
2014-09-25 13:48 - 2007-03-20 16:43 - 00000000 ____D () d:\data\NetworkService\Local Settings\Temp
2014-09-24 22:04 - 2006-10-18 07:56 - 00146808 _____ () C:\WINNT\system32\FNTCACHE.DAT
2014-09-24 21:47 - 2012-04-14 14:35 - 00000826 _____ () C:\WINNT\Tasks\Adobe Flash Player Updater.job
2014-09-24 15:08 - 2011-09-03 12:52 - 00000000 ____D () d:\data\rainmaker
2014-09-24 14:12 - 2013-04-02 17:26 - 00008896 _____ () C:\WINNT\system32\TPAPSLOG.LOG
2014-09-24 13:40 - 2014-09-24 13:40 - 00000000 ____D () d:\data\All Users\Application Data\Browser AdBlocker
2014-09-24 13:40 - 2006-10-18 07:56 - 00000000 __RHD () d:\data\All Users\Application Data
2014-09-24 13:01 - 2007-09-01 04:07 - 00000000 __SHD () C:\WINNT\CSC
2014-09-23 16:57 - 2008-06-16 13:21 - 00000000 ____D () C:\Program Files\Google
2014-09-23 16:44 - 2006-10-18 11:51 - 00002206 _____ () C:\WINNT\system32\wpa.dbl
2014-09-19 14:38 - 2014-06-21 03:03 - 00004205 _____ () C:\WINNT\setupapi.log
2014-09-09 21:40 - 2014-09-09 21:40 - 00000000 ____D () d:\data\All Users\Application Data\ISavEr
2014-09-09 21:12 - 2009-04-28 03:00 - 00000000 ____D () C:\Quarantine
2014-08-28 21:41 - 2011-08-30 08:29 - 00001024 ____H () d:\data\Admin\ntuser.dat.LOG
2014-08-28 21:41 - 2009-09-21 09:36 - 00001024 ____H () d:\data\administrator.3YFK943Z\ntuser.dat.LOG
2014-08-28 21:41 - 2009-06-26 18:24 - 00001024 ____H () d:\data\tpritcha\ntuser.dat.LOG
2014-08-28 21:41 - 2008-12-02 19:44 - 00001024 ____H () d:\data\stozin\ntuser.dat.LOG
2014-08-28 21:41 - 2008-05-08 00:39 - 00001024 ____H () d:\data\sserebre\ntuser.dat.LOG
2014-08-28 21:41 - 2007-09-01 04:07 - 00001024 ____H () d:\data\wksbuild\ntuser.dat.LOG
2014-08-28 21:41 - 2007-08-31 14:20 - 00001024 ____H () d:\data\tmaloof\ntuser.dat.LOG
2014-08-28 21:41 - 2007-03-20 16:44 - 00001024 ____H () d:\data\Administrator\ntuser.dat.LOG
2014-08-28 17:27 - 2014-08-28 17:27 - 00000000 ____D () d:\data\NetworkService\Application Data\Yahoo!
2014-08-28 17:27 - 2009-06-17 14:10 - 00000284 _____ () C:\WINNT\Tasks\AppleSoftwareUpdate.job
2014-08-28 17:27 - 2007-03-20 16:43 - 00000000 ____D () d:\data\NetworkService\Application Data
2014-08-28 16:39 - 2009-10-26 14:15 - 00001324 _____ () C:\WINNT\system32\d3d9caps.dat
2014-08-26 16:07 - 2011-09-03 12:52 - 00000000 ___HD () d:\data\rainmaker\Application Data
2014-08-26 16:05 - 2014-08-26 15:40 - 00000827 _____ () d:\data\rainmaker\Application Data\LiveSupport.exe_log.txt
2014-08-26 16:05 - 2014-08-26 15:40 - 00000082 _____ () d:\data\rainmaker\Application Data\regsvr32.exe_log.txt
2014-08-26 16:05 - 2011-09-03 12:52 - 00000000 __SHD () d:\data\rainmaker\Cookies
2014-08-26 15:50 - 2014-08-26 15:50 - 00000775 _____ () d:\data\rainmaker\Application Data\Explorer.EXE_log.txt
2014-08-26 15:41 - 2014-08-26 15:41 - 00000000 ____D () d:\data\All Users\Application Data\Search-NeewTab
2014-08-26 15:41 - 2014-08-26 15:41 - 00000000 ____D () C:\Program Files\Search-NeewTab
2014-08-26 15:41 - 2014-06-08 13:21 - 00000000 ____D () d:\data\rainmaker\AppData\LocalLow
2014-08-26 15:40 - 2014-08-26 15:40 - 00000000 ____D () d:\data\All Users\Application Data\VenusApp Software
2014-08-26 15:40 - 2014-08-26 15:40 - 00000000 ____D () C:\Program Files\SW-Booster
2014-08-26 15:40 - 2014-08-26 15:37 - 00000000 ____D () d:\data\All Users\Application Data\InstallMate
2014-08-26 15:39 - 2014-08-26 15:39 - 00000000 ____D () C:\Program Files\Adblocker
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () C:\Program Files\pricecHop
2014-08-26 15:38 - 2014-06-18 13:30 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-06-18 12:55 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Google
2014-08-26 15:38 - 2012-07-03 08:22 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Google
2014-08-26 15:38 - 2011-09-03 12:52 - 00000000 ___HD () d:\data\rainmaker\Local Settings\Application Data
2014-08-26 15:38 - 2011-08-30 08:29 - 00000000 ___HD () d:\data\Admin\Local Settings\Application Data
2014-08-26 15:38 - 2009-09-21 09:36 - 00000000 ___HD () d:\data\administrator.3YFK943Z\Local Settings\Application Data
2014-08-26 15:38 - 2007-03-20 17:11 - 00000000 ___HD () C:\WINNT\system32\GroupPolicy
2014-08-26 15:38 - 2007-03-20 16:44 - 00000000 ___HD () d:\data\Administrator\Local Settings\Application Data
Some content of TEMP:
====================
d:\data\administrator.3YFK943Z\Local Settings\temp\Quarantine.exe
d:\data\rainmaker\Local Settings\temp\bpuninstall.exe
d:\data\rainmaker\Local Settings\temp\LiveSupport_setup.exe
d:\data\rainmaker\Local Settings\temp\optprosetup.exe
d:\data\rainmaker\Local Settings\temp\Yahoo Messenger Password Hacker.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINNT\explorer.exe => File is digitally signed
C:\WINNT\system32\winlogon.exe => File is digitally signed
C:\WINNT\system32\svchost.exe => File is digitally signed
C:\WINNT\system32\services.exe => File is digitally signed
C:\WINNT\system32\User32.dll => File is digitally signed
C:\WINNT\system32\userinit.exe => File is digitally signed
C:\WINNT\system32\rpcss.dll => File is digitally signed
C:\WINNT\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-09-2014 01
Ran by rainmaker at 2014-09-25 14:10:23
Running from d:\data\rainmaker\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4C06 - VPN 5.01 (HKLM\...\{C5D854EC-B8C9-4DF6-BE66-EBD66090DE4E}) (Version: 1.0.970 - RBC - 4C06)
6F02 - Windows Update Agent 2.0 x32 (HKLM\...\{69BD5ED9-F72C-4A70-B00D-DA348E710B0D}) (Version: 5.8.0.2694 - RBC - 6F02)
6F02 - Windows Update Agent 3.0 (HKLM\...\{A1E4084A-D61E-487B-83C8-53DBD5A95E60}) (Version: 3.0.1047 - RBC - 6F02)
6F90 - MSI Team Tools (HKLM\...\{AC92E21F-481A-439E-A364-935790374469}) (Version: 1.0.1010 - RBC - 6F90)
6FGL - CorporateBranding - FONTS Only (HKLM\...\{C791C4C2-3227-479D-B586-B226A509EBF2}) (Version: 2.01.00 - RBC COE)
6N85 - MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - RBC - 6N85)
6N89 - Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - RBC - 6N89 (Adobe Systems, Inc.))
6N95 - J2SE Runtime Environment 5.0 Update 11 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150110}) (Version: 1.5.0.110 - RBC - 6N95 (Sun Microsystems, Inc.))
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version: - )
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Reader 8.1.7 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.7 - RBC - 5D01 (Adobe Systems Incorporated))
AOL Toolbar (HKCU\...\AOL Toolbar) (Version: - )
Apple Mobile Device Support (HKLM\...\{8355F970-601D-442D-A79B-1D7DB4F24CAD}) (Version: 2.5.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Bitcasa version 1.1.6.18 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 1.1.6.18 - Bitcasa Inc.)
Bloomberg DDE Server (HKLM\...\Bloomberg DDE Server) (Version: - )
Bloomberg Excel Tools (HKLM\...\Bloomberg Excel Tools) (Version: - )
Bloomberg Keyboard v8.5 (HKLM\...\Bloomberg Keyboard v8.5) (Version: v8.5 - Bloomberg L.P.)
Bloomberg PFM Upload Tool for Microsoft Excel (HKLM\...\Bloomberg PFM Upload Tool for Microsoft Excel) (Version: - )
Bloomberg Report Viewer (CR) (HKLM\...\Bloomberg Report Viewer_is1) (Version: 1.0 - Bloomberg L.P.)
Bloomberg SFD Data Dictionary (HKLM\...\Bloomberg SFD Data Dictionary) (Version: - )
Bloomberg, V.09.07.07 (HKLM\...\Bloomberg, V.09.07.07) (Version: - )
Borland Database Engine (HKLM\...\{7719052E-B34A-4805-9B6E-E4BC2FCB0CC0}) (Version: 5.2 - LoanPerformance)
Client for Microsoft Office SharePoint Portal Server 2003 (HKLM\...\{21B9D2F9-1CE7-4CDA-9D0D-28EB96565D25}) (Version: 11.0.5704.0 - Microsoft)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6215.1000 - Microsoft Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
IBM Rescue and Recovery with Rapid Restore (HKLM\...\{11783F13-C3A9-44A8-929B-21A476F65272}) (Version: 2.04.0182.011 - IBM)
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.141 - InterVideo Inc.)
iPassConnect (HKLM\...\{AB6FFA58-F491-11D3-8951-000000034735}) (Version: - )
ISavEr (HKLM\...\{F1422DAA-0829-09A1-7536-73936CAB8FFA}) (Version: - Isavver) <==== ATTENTION
iTunes (HKLM\...\{5D601655-6D54-4384-B52C-17EC5385FBBD}) (Version: 8.2.0.23 - Apple Inc.)
Liquid XML Studio 2010 (HKLM\...\Liquid XML Studio 2010) (Version: 8.0.6.1970 - Liquid Technologies Limited)
Liquid XML Studio 2010 (Version: 8.0.6.1970 - Liquid Technologies Limited) Hidden
LoanPerformance RiskModel 3.1.6 (HKLM\...\{A58D887D-A71D-4C08-A21B-30585EA4CB48}) (Version: 3.1.6 - LoanPerformance)
LoanPerformance RiskModel 4.0 (HKLM\...\{70B2220F-2DB7-4A20-AA83-2ABC7087487B}) (Version: 4.0.3 - LoanPerformance)
LoanPerformance RiskModel 4.0 (HKLM\...\{CA44D7AD-8EB6-4F35-9CC5-59079CAD7113}) (Version: 4.0.3 - LoanPerformance)
McAfee AntiSpyware Enterprise Module (HKLM\...\McAfee Anti-Spyware Enterprise Module) (Version: 8.5.0.163 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM\...\{35C03C04-3F1F-42C2-A989-A757EE691F65}) (Version: 8.6.0 - McAfee, Inc.)
Microsoft .NET Framework (English) (Version: 1.0.3705 - Microsoft) Hidden
Microsoft .NET Framework (English) v1.0.3705 (HKLM\...\Microsoft .NET Framework Full v1.0.3705 (1033)) (Version: - )
Microsoft .NET Framework 1.0 Hotfix (KB891864) (HKLM\...\M891864) (Version: - )
Microsoft .NET Framework 1.0 Hotfix (KB928367) (HKLM\...\M928367) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Hotfix (KB891865) (HKLM\...\M891865) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB953297) (HKLM\...\M953297) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft External Out of Office Assistant (HKLM\...\externaloof) (Version: - )
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (HKLM\...\VISPROR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio Viewer 2003 (English) (HKLM\...\{90520409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.3709.5614 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 2.0.30523.8 - Microsoft Corporation)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{2243F21A-E132-44F7-BA13-024D0845C815}) (Version: 8.05.1704 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.00.1399.06 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.00.1399.06 - Microsoft Corporation) Hidden
Microsoft SQL Server Management Studio Express (HKLM\...\{A4512736-8D63-4298-9271-5329931FA46B}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{BF251EAF-8697-4E89-BF09-C998F97BBC40}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1CBE3804-20DF-48DA-B048-895C206E80A5}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
NK04 - VirusScan (HKLM\...\{CB8BC782-6143-423F-8458-BEA64FB868E5}) (Version: 1.1.1020 - RBC - NK04)
Nortel Networks TunnelGuard (HKLM\...\{5650A422-0789-473F-B2C7-6C3D10CC9FFB}) (Version: 2.0.0.0 - Nortel Networks)
QuickTime (HKLM\...\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}) (Version: 7.62.14.0 - Apple Inc.)
Remote Access VPN Client (HKLM\...\{EF964A78-078C-11D1-B7A7-0000C0134CE6}) (Version: - )
Remove Hidden Data Tool (HKLM\...\{90F80409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6058.0 - Microsoft Corporation)
Safari (HKLM\...\{C5C649A8-1D21-4C83-9B08-7B3752E580F4}) (Version: 4.30.17.0 - Apple Inc.)
Search-NeewTab (HKLM\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version: 4.1.0.1540 - Search-NewTab) <==== ATTENTION
SMS Advanced Client (Version: 2.50.4160.2000 - Microsoft Corporation) Hidden
Snapshot Viewer (HKLM\...\{880D04DD-660B-4F4F-940A-F4DB6C95DE35}) (Version: 1.0.850 - RBC - 6N02)
Sothink Flash Downloader for Browser (HKLM\...\{888DEFB8-CFCE-43FE-A7C8-9B18C4450719}_is1) (Version: - SourceTec Software Co., LTD)
Sothink SWF Catcher (HKLM\...\{49273419-5179-4866-9F71-5CF346F302CF}_is1) (Version: 2.6 - SourceTec Software Co., LTD)
Sothink SWF Decompiler (HKLM\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.3 - SourceTec Software Co., LTD)
Sothink SWF Editor (HKLM\...\{0BF1DE3D-31B9-417F-A915-4BCC5AAEE3CD}_is1) (Version: 1.3 - SourceTec Software Co., LTD)
SW-Booster (HKLM\...\S-787344154) (Version: 2.0.0.1591 - PremiumSoft) <==== ATTENTION
SW-Sustainer 1.80 (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c67abfdb}) (Version: - Certified Publisher) <==== ATTENTION
TextPad 5 (HKLM\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.3.1 - Helios)
ThinkPad Configuration (HKLM\...\{FC081D4D-DF1B-4CF1-B530-027E4118D846}) (Version: 1.51 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 1.16 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.33 - )
ThinkPad Power Manager (HKLM\...\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}) (Version: 1.12 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 7.5.17.18 - )
ThinkPad UltraNav Wizard (HKLM\...\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}) (Version: 3.03 - )
ThinkVantage Active Protection System (HKLM\...\{72806716-7088-41B2-8FA6-717A2A164DAB}) (Version: 1.40 - )
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB908531) (HKLM\...\KB908531) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB911280) (HKLM\...\KB911280) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB925720) (HKLM\...\KB925720) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB927891) (HKLM\...\KB927891) (Version: 3 - Microsoft Corporation)
Update for Windows XP (KB931836) (HKLM\...\KB931836) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB932823-v3) (HKLM\...\KB932823-v3) (Version: 3 - Microsoft Corporation)
Update for Windows XP (KB946627) (HKLM\...\KB946627) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB978207) (HKLM\...\KB978207) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version: - WebEx Communications, Inc)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows Media Player Enterprise Deployment (Version: 10.0.0.3802 - Microsoft Corporation) Hidden
Windows XP Hotfix - KB873333 (HKLM\...\KB873333) (Version: 20050114.005213 - Microsoft Corporation)
Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation)
Windows XP Hotfix - KB883667 (HKLM\...\KB883667) (Version: 20040812.104354 - Microsoft Corporation)
Windows XP Hotfix - KB885250 (HKLM\...\KB885250) (Version: 20050118.202711 - Microsoft Corporation)
Windows XP Hotfix - KB885453 (HKLM\...\KB885453) (Version: 20040924.183555 - Microsoft Corporation)
Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation)
Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation)
Windows XP Hotfix - KB888113 (HKLM\...\KB888113) (Version: 20041116.131036 - Microsoft Corporation)
Windows XP Hotfix - KB888302 (HKLM\...\KB888302) (Version: 20041207.111426 - Microsoft Corporation)
Windows XP Hotfix - KB890047 (HKLM\...\KB890047) (Version: 20041221.124506 - Microsoft Corporation)
Windows XP Hotfix - KB890175 (HKLM\...\KB890175) (Version: 20041201.233338 - Microsoft Corporation)
Windows XP Hotfix - KB890859 (HKLM\...\KB890859) (Version: 1 - Microsoft Corporation)
Windows XP Hotfix - KB891781 (HKLM\...\KB891781) (Version: 20050110.165439 - Microsoft Corporation)
Windows XP Hotfix - KB893066 (HKLM\...\KB893066) (Version: 1 - Microsoft Corporation)
Windows XP Hotfix - KB893086 (HKLM\...\KB893086) (Version: 1 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip v9.0 (HKLM\...\{B233F2BB-F1D0-460F-88E0-5C19C9132B1A}) (Version: 9.0.930 - RBC - KC10)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
YES1 - Sygate Personal Firewall (HKLM\...\{AD93A3B7-3AE5-4A99-B9DD-236075A747BE}) (Version: 1.0.970 - RBC)
YKG1 - Centra Client (HKLM\...\{5FC0907C-69A4-4DED-95C8-54F58784C8E7}) (Version: 1.0.970 - RBC - YKG1)
YKJ2 - Central Configuration Utility (HKLM\...\{95AACF74-B3F5-463B-85D8-D2B76339E735}) (Version: 1.0.1010 - RBC - YKJ2)
YLM2 - RBC Enterprise Library (HKLM\...\{4D95051A-A4EE-4EC9-816C-6461A09BF79D}) (Version: 1.0.930 - RBC - YLM2)
YLM7 - RBC Enterprise Library 2.0 (HKLM\...\{71F5D26D-4836-4124-85AE-48D3DB450DB9}) (Version: 1.0.970 - RBC - YLM7)
YND1 - Symantec Enterprise Vault Outlook Add-In (HKLM\...\{68E9F885-3B73-4884-A598-31FC2C7F8E63}) (Version: 7.5.1250 - RBC - YND1 (Symantec Corporation))
YNX3 - Desktop/Laptop Cisco Wireless Drivers (HKLM\...\{D3E95890-DE97-4A4C-89DC-6056A62619AE}) (Version: 1.0.980 - RBC - YNX3)
YNX4 - Intel Wireless Drivers (HKLM\...\{1B0FAEF9-0E29-41AB-BDBF-E443DB5DE609}) (Version: 1.0.1010 - RBC - YNX4)
YRU4 - Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4693 - )
YSOG - T60 BIOS Code (HKLM\...\{FDB42124-1AAA-42E4-B6D5-46652BF58150}) (Version: 1.0.1010 - RBC - YSOG)
YSOK - CMOS Files (HKLM\...\{96434172-9754-4BC9-A317-10E69F1349FC}) (Version: 1.0.980 - RBC - YSOK)
Zinio Reader 4 (HKLM\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.2.3972 - Zinio LLC)
Zinio Reader 4 (Version: 4.2.3972 - Zinio LLC) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll No File
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-10-18 11:49 - 2014-06-21 08:27 - 00000098 ____A C:\WINNT\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINNT\Tasks\Adobe Flash Player Updater.job => C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINNT\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINNT\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINNT\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINNT\Tasks\SW-Booster-S-787344154.job => d:\data\all users\application data\venusapp software\sw-booster\SW-Booster.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2007-09-01 02:55 - 2006-02-01 16:09 - 00024576 ____N () C:\WINNT\system32\tphklock.dll
2007-09-01 02:55 - 2005-11-11 02:33 - 00073782 ____N () C:\WINNT\system32\ibmpmsvc.exe
2014-08-26 15:40 - 2014-08-26 15:40 - 04296192 _____ () c:\Program Files\SW-Booster\Assistant.dll
2014-08-26 15:40 - 2014-08-26 15:40 - 00174928 _____ () c:\Program Files\SW-Booster\AssistantSvc.dll
2005-10-06 23:18 - 2005-10-06 23:18 - 00385024 ____N () C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
2009-04-25 11:37 - 2007-12-14 15:06 - 00120128 _____ () C:\Program Files\Network Associates\Common Framework\naXML2_71.dll
2009-04-25 11:37 - 2007-12-14 15:06 - 00156992 _____ () C:\Program Files\Network Associates\Common Framework\naisign2.DLL
2006-11-30 08:50 - 2006-11-30 08:50 - 00149080 _____ () C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 01159289 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\client\jvm.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00028787 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\hpi.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00057449 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\verify.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00102511 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\java.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00053360 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\zip.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00057451 ____R () C:\Program Files\Nortel Networks\TunnelGuard\jre\bin\net.dll
2005-09-06 16:50 - 2005-09-06 16:50 - 00077824 ____N () C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIcon.DLL
2014-06-18 16:36 - 2014-02-21 13:16 - 00265216 _____ () C:\Program Files\Bitcasa\ExplorerMenu.dll
2014-06-18 16:36 - 2014-02-21 13:06 - 02064896 _____ () C:\Program Files\Bitcasa\bitcasaui.dll
2007-09-01 03:59 - 2005-12-07 02:12 - 00036864 ____N () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
2007-09-01 03:59 - 2005-12-07 02:12 - 00073728 ____N () C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
2011-08-30 20:54 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2014-08-26 15:40 - 2014-08-26 15:40 - 01082880 _____ () d:\data\all users\application data\venusapp software\sw-booster\SW-Booster.exe
2007-09-01 02:55 - 2006-02-01 16:09 - 00094208 ____N () C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
2007-09-01 02:55 - 2006-02-01 16:09 - 00077824 ____N () C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
2009-04-25 19:16 - 2006-11-06 14:00 - 00651264 _____ () C:\Program Files\iPass\iPassConnect\LIBEAY32.dll
2006-10-18 11:48 - 2004-08-04 00:56 - 00059904 ____N () C:\WINNT\system32\devenum.dll
2006-10-18 11:50 - 2004-08-04 00:56 - 00014336 ____N () C:\WINNT\system32\msdmo.dll
2011-08-30 08:46 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2014-06-18 13:02 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-18 13:02 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-18 13:02 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-21 21:43 - 2014-07-08 08:18 - 14663856 _____ () d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Could not list accounts.
Could not list accounts. Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/25/2014 02:05:34 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
Error: (09/25/2014 02:05:27 PM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
Error: (09/25/2014 02:05:20 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 17190) (User: )
Description: FallBack certificate initialization failed with error code: 1.
Error: (09/25/2014 02:05:04 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.
Error: (09/25/2014 02:04:32 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Error: (09/25/2014 01:55:12 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
Error: (09/25/2014 01:54:53 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 17190) (User: )
Description: FallBack certificate initialization failed with error code: 1.
Error: (09/25/2014 01:54:43 PM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
Error: (09/25/2014 01:54:42 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.
Error: (09/25/2014 01:54:10 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
System errors:
=============
Error: (09/25/2014 02:08:51 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.
Error: (09/25/2014 02:05:06 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.
Error: (09/25/2014 02:05:02 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.6 for the Network Card with network address 001B773DA319 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
Error: (09/25/2014 02:04:48 PM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0) disappeared from the system without first being prepared for removal.
Error: (09/25/2014 02:04:32 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain OAK due to the following:
%%1311.
Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.
Error: (09/25/2014 01:54:23 PM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0) disappeared from the system without first being prepared for removal.
Error: (09/25/2014 01:54:10 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain OAK due to the following:
%%1311.
Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.
Error: (09/25/2014 01:47:52 PM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0) disappeared from the system without first being prepared for removal.
Error: (09/25/2014 01:47:36 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain OAK due to the following:
%%1311.
Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.
Error: (09/24/2014 10:33:33 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906).
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel® Core Duo CPU T2400 @ 1.83GHz
Percentage of memory in use: 68%
Total physical RAM: 1526.36 MB
Available physical RAM: 476.54 MB
Total Pagefile: 4225.84 MB
Available Pagefile: 3092.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.82 MB
==================== Drives ================================
Drive c: (COE) (Fixed) (Total:60.45 GB) (Free:21.87 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (DATA) (Fixed) (Total:32.7 GB) (Free:6.11 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 93.2 GB) (Disk ID: DAEEECAE)
Partition 1: (Active) - (Size=60.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=32.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================