Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

PC help with Browser Redirects [Solved]

Started by amanda222 , Sep 24 2014 11:19 AM

This topic is locked

#16
amanda222

Posted 29 September 2014 - 03:15 PM

Member

Topic Starter
Member
16 posts

Hi there. I downloaded the fixlist.txt from your post. Both that and the FRST file are in the same location on my desk top. When I click "Fix" I get a blue screen crash, physical memory dump. And when I reboot, no log file is produced. Please advise. I tried 3 times with the same result.

#17
Biscuithd

Posted 29 September 2014 - 03:42 PM

Trusted Helper

Malware Removal
2,573 posts

That is most unexpected! Let me review my instructions and I'll get back to you.

#18
Biscuithd

Posted 29 September 2014 - 05:04 PM

Trusted Helper

Malware Removal
2,573 posts

I made a change to the fix. Let's see if your machine like this any better

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply. Also give Chrome a try and see if I cleaned up everything this time

Attached Files

fixlist.txt 8.78KB 101 downloads

#19
amanda222

Posted 29 September 2014 - 05:51 PM

Member

Topic Starter
Member
16 posts

Hi there. This update ran without any issue. Below is the log.

However, the pop-ups continue in Chrome. They occur as new tabs upon clicking on a button or link from a good site. And also on good sites, including geeks2to, there appears to be pop-ups within the pages from a Powered by 50 Coupons?

Here are some of the pop-ups occuring as new tabs

http://t.cttsrv.com/ ----- they all appear to start this a url like this and then re-direct further to:

http://www.6wmqb04uj...lickID=85882321

https://www.bulletfl...0slfnI1xyKse000

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-09-2014
Ran by rainmaker at 2014-09-29 19:34:57 Run:4
Running from d:\data\rainmaker\Desktop
Loaded Profile: rainmaker (Available profiles: administrator & rainmaker & Admin & rbcadmin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
() D:\data\All Users\Application Data\VenusApp Software\SW-Booster\SW-Booster.exe
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [UIHost] logonui.exe [x ] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fly...616&lg=EN&cc=US
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fly...616&lg=EN&cc=US
SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fly...616&lg=EN&cc=US
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fly...616&lg=EN&cc=US
BHO: Search-NeewTab -> {1D2F45C0-E723-C694-063B-A958023E9A1B} -> C:\Program Files\Search-NeewTab\0trWpx5X.dll ()
BHO: ISavEr -> {48A88D8E-873A-2452-ACF4-2FD4456C5CD2} -> d:\data\All Users\Application Data\ISavEr\HqIxdafdhd.dll ()
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF Keyword.URL: hxxp://websearch.flyandsearch.info/?pid=724&r=2014/08/26&hid=5238787093181005616&lg=EN&cc=US&l=1&q=
FF SearchPlugin: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\WebSearch.xml
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/
FF Homepage: hxxp://search.easylifeapp.com/
FF SearchEngineOrder.1: WebSearch
FF DefaultSearchEngine: WebSearch
FF SelectedSearchEngine: WebSearch
CHR HomePage: Default -> hxxp://search.easylifeapp.com/
CHR StartupUrls: Default -> "hxxp://search.easylifeapp.com/"
CHR DefaultSearchKeyword: Default -> websearch
CHR DefaultSearchProvider: Default -> WebSearch
CHR DefaultSearchURL: Default -> http://websearch.fly...616&lg=EN&cc=US
CHR DefaultSuggestURL: Default -> http://localhost
FF Keyword.URL: hxxp://websearch.flyandsearch.info/?pid=724&r=2014/08/26&hid=5238787093181005616&lg=EN&cc=US&l=1&q=
FF SearchPlugin: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\WebSearch.xml

R2 c67abfdb; c:\Program Files\SW-Booster\AssistantSvc.dll [174928 2014-08-26] () [File not signed]
c:\Program Files\SW-Booster\AssistantSvc.dll
2014-09-25 14:02 - 2014-09-25 14:02 - 00000000 ____D () C:\Program Files\TAkeuTheCoUpOOn
2014-09-25 14:02 - 2014-09-25 14:02 - 00000000 ____D () C:\Program Files\FFindBeestDoeeall
2014-09-24 13:40 - 2014-09-24 13:40 - 00000000 ____D () d:\data\All Users\Application Data\Browser AdBlocker
2014-09-24 13:16 - 2014-09-25 14:04 - 00000000 ____D () d:\data\All Users\Application Data\TAkeuTheCoUpOOn
2014-09-19 14:00 - 2014-09-25 14:04 - 00000000 ____D () d:\data\All Users\Application Data\FFindBeestDoeeall
2014-09-09 21:40 - 2014-09-09 21:40 - 00000000 ____D () d:\data\All Users\Application Data\ISavEr
2014-08-26 15:50 - 2014-08-26 15:50 - 00000775 _____ () d:\data\rainmaker\Application Data\Explorer.EXE_log.txt
2014-08-26 15:41 - 2014-08-26 15:41 - 00000000 ____D () d:\data\All Users\Application Data\Search-NeewTab
2014-08-26 15:41 - 2014-08-26 15:41 - 00000000 ____D () C:\Program Files\Search-NeewTab
2014-08-26 15:40 - 2014-09-25 14:04 - 00000564 ____H () C:\WINNT\Tasks\SW-Booster-S-787344154.job
2014-08-26 15:40 - 2014-08-26 16:05 - 00000827 _____ () d:\data\rainmaker\Application Data\LiveSupport.exe_log.txt
2014-08-26 15:40 - 2014-08-26 16:05 - 00000082 _____ () d:\data\rainmaker\Application Data\regsvr32.exe_log.txt
2014-08-26 15:40 - 2014-08-26 15:40 - 00000000 ____D () d:\data\All Users\Application Data\VenusApp Software
2014-08-26 15:40 - 2014-08-26 15:40 - 00000000 ____D () C:\Program Files\SW-Booster
2014-08-26 15:39 - 2014-09-25 14:04 - 00000000 ____D () d:\data\All Users\Application Data\Adblocker
2014-08-26 15:39 - 2014-08-26 15:39 - 00000000 ____D () C:\Program Files\Adblocker
2014-08-26 15:38 - 2014-09-25 14:02 - 00000000 ____D () d:\data\All Users\Application Data\3eda283a8b7b0d3d
2014-08-26 15:38 - 2014-09-25 13:53 - 00000000 ____D () d:\data\All Users\Application Data\pricecHop
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () C:\Program Files\pricecHop
2014-08-26 15:37 - 2014-08-26 15:40 - 00000000 ____D () d:\data\All Users\Application Data\InstallMate
EmptyTemp:

*****************

D:\data\All Users\Application Data\VenusApp Software\SW-Booster\SW-Booster.exe => No running process found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\...\Winlogon: [UIHost] logonui.exe [x ] () => Error: No automatic fix found for this entry.
C:\WINNT\system32\GroupPolicy\Machine => Moved successfully.
C:\WINNT\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key not found.
"HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key not found.
"HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D2F45C0-E723-C694-063B-A958023E9A1B}" => Key not found.
"HKCR\CLSID\{1D2F45C0-E723-C694-063B-A958023E9A1B}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A88D8E-873A-2452-ACF4-2FD4456C5CD2}" => Key not found.
"HKCR\CLSID\{48A88D8E-873A-2452-ACF4-2FD4456C5CD2}" => Key not found.
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch"); => Error: No automatic fix found for this entry.
Firefox Keyword.URL deleted successfully.
"d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\WebSearch.xml" => not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
Firefox homepage deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> WebSearch ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
Firefox Keyword.URL deleted successfully.
"d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\WebSearch.xml" => not found.
c67abfdb => Service not found.
"c:\Program Files\SW-Booster\AssistantSvc.dll" => File/Directory not found.
"C:\Program Files\TAkeuTheCoUpOOn" => File/Directory not found.
"C:\Program Files\FFindBeestDoeeall" => File/Directory not found.
"2014-09-24 13:40 - 2014-09-24 13:40 - 00000000 ____D () d:\data\All Users\Application Data\Browser AdBlocker" => File/Directory not found.
"2014-09-24 13:16 - 2014-09-25 14:04 - 00000000 ____D () d:\data\All Users\Application Data\TAkeuTheCoUpOOn" => File/Directory not found.
"2014-09-19 14:00 - 2014-09-25 14:04 - 00000000 ____D () d:\data\All Users\Application Data\FFindBeestDoeeall" => File/Directory not found.
"2014-09-09 21:40 - 2014-09-09 21:40 - 00000000 ____D () d:\data\All Users\Application Data\ISavEr" => File/Directory not found.
"2014-08-26 15:50 - 2014-08-26 15:50 - 00000775 _____ () d:\data\rainmaker\Application Data\Explorer.EXE_log.txt" => File/Directory not found.
"2014-08-26 15:41 - 2014-08-26 15:41 - 00000000 ____D () d:\data\All Users\Application Data\Search-NeewTab" => File/Directory not found.
"C:\Program Files\Search-NeewTab" => File/Directory not found.
"C:\WINNT\Tasks\SW-Booster-S-787344154.job" => File/Directory not found.
"2014-08-26 15:40 - 2014-08-26 16:05 - 00000827 _____ () d:\data\rainmaker\Application Data\LiveSupport.exe_log.txt" => File/Directory not found.
"2014-08-26 15:40 - 2014-08-26 16:05 - 00000082 _____ () d:\data\rainmaker\Application Data\regsvr32.exe_log.txt" => File/Directory not found.
"2014-08-26 15:40 - 2014-08-26 15:40 - 00000000 ____D () d:\data\All Users\Application Data\VenusApp Software" => File/Directory not found.
"C:\Program Files\SW-Booster" => File/Directory not found.
"2014-08-26 15:39 - 2014-09-25 14:04 - 00000000 ____D () d:\data\All Users\Application Data\Adblocker" => File/Directory not found.
"C:\Program Files\Adblocker" => File/Directory not found.
"2014-08-26 15:38 - 2014-09-25 14:02 - 00000000 ____D () d:\data\All Users\Application Data\3eda283a8b7b0d3d" => File/Directory not found.
"2014-08-26 15:38 - 2014-09-25 13:53 - 00000000 ____D () d:\data\All Users\Application Data\pricecHop" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Torch" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Google" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Comodo" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Chromatic Browser" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Torch" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Comodo" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Chromatic Browser" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Torch" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Google" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Comodo" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Chromatic Browser" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Torch" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Google" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Comodo" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Chromatic Browser" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Torch" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Google" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Comodo" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Chromatic Browser" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Torch" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Google" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Comodo" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Chromatic Browser" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Torch" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Comodo" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Chromatic Browser" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Torch" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Comodo" => File/Directory not found.
"2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Chromatic Browser" => File/Directory not found.
"C:\Program Files\pricecHop" => File/Directory not found.
"2014-08-26 15:37 - 2014-08-26 15:40 - 00000000 ____D () d:\data\All Users\Application Data\InstallMate" => File/Directory not found.
EmptyTemp: => Removed 270.7 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#20
Biscuithd

Posted 30 September 2014 - 05:32 AM

Trusted Helper

Malware Removal
2,573 posts

This time the fix removed everything I specified, which is good. However, I must have missed something, or it's hiding. Please run a new scan and I'll have a look.

Scan with Farbar Recovery Scan Tool

Please downloadFarbar Recovery Scan Tool and save it to your Desktop.

Right-click on icon and select Run as Administrator to start the tool.
> Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
When the tool opens click Yes to disclaimer.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

#21
amanda222

Posted 01 October 2014 - 05:56 AM

Member

Topic Starter
Member
16 posts

Ok, here are the updated logs.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2014
Ran by rainmaker (administrator) on 3YFK943Z on 01-10-2014 08:01:07
Running from d:\data\rainmaker\Desktop
Loaded Profile: rainmaker (Available profiles: administrator & rainmaker & Admin & rbcadmin)
Platform: Microsoft Windows XP Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINNT\system32\smss.exe
(Microsoft Corporation) C:\WINNT\system32\winlogon.exe
(Microsoft Corporation) C:\WINNT\system32\services.exe
(Microsoft Corporation) C:\WINNT\system32\lsass.exe
() C:\WINNT\system32\ibmpmsvc.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\spoolsv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(DameWare Development LLC) C:\WINNT\system32\DWRCS.EXE
() C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\IBMTOOLS\eGatherer\launcheg.exe
() C:\Program Files\IBM\IBM Rapid Restore Ultra\rrucmd.exe
(Microsoft Corporation) C:\WINNT\system32\msiexec.exe
(IBM) C:\Program Files\IBM\IBM Rapid Restore Ultra\br_funcs.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Lenovo.) C:\WINNT\system32\TPHDEXLG.exe
(Alexandria Software Consulting) C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(DameWare Development) C:\WINNT\system32\DWRCST.EXE
(Microsoft Corporation) C:\WINNT\explorer.exe
(IBM Corp.) C:\IBMTOOLS\utils\ibmprc.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\Mctray.exe
(Microsoft Corporation) C:\WINNT\system32\userinit.exe
(Intel Corporation) C:\WINNT\system32\igfxtray.exe
(Intel Corporation) C:\WINNT\system32\hkcmd.exe
(Intel Corporation) C:\WINNT\system32\igfxpers.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\WINNT\system32\rundll32.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo, Ltd. and IBM Corporation.) C:\WINNT\system32\TpShocks.exe
() C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
() C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
(Microsoft Corporation) C:\WINNT\system32\wuauclt.exe
(Microsoft Corporation) C:\WINNT\system32\ctfmon.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Nortel Networks) C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
(Microsoft Corporation) C:\WINNT\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IBMPRC] => C:\IBMTOOLS\UTILS\ibmprc.exe [90112 2005-04-27] (IBM Corp.)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\Network Associates\Common Framework\UdaterUI.exe [136512 2007-12-14] (McAfee, Inc.)
HKLM\...\Run: [igfxtray] => C:\WINNT\system32\igfxtray.exe [94208 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINNT\system32\hkcmd.exe [77824 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINNT\system32\igfxpers.exe [118784 2006-09-15] (Intel Corporation)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-12-15] (Analog Devices, Inc.)
HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [BLOG] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [110592 2005-09-15] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [512000 2005-09-15] (Synaptics, Inc.)
HKLM\...\Run: [TpShocks] => C:\WINNT\system32\TpShocks.exe [106496 2005-11-07] (Lenovo, Ltd. and IBM Corporation.)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [94208 2006-02-01] ()
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [111952 2007-10-16] (McAfee, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2009-05-26] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [292136 2009-06-05] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\BitcasaBoot.exe "C:\Program Files\Bitcasa\Bitcasa.exe" /startup
HKLM\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434528 2006-10-26] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\WINNT\system32\userinit.exe,
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [UIHost] logonui.exe [x ] ()
Winlogon\Notify\crypt32chain: C:\WINNT\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINNT\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINNT\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINNT\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINNT\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINNT\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\tpfnf2: C:\WINNT\system32\notifyf2.dll ()
Winlogon\Notify\tphotkey: C:\WINNT\system32\tphklock.dll ()
Winlogon\Notify\wlballoon: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [ctfmon.exe] => C:\WINNT\system32\ctfmon.exe [15360 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434528 2006-10-26] (Microsoft Corporation)
Startup: d:\data\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: d:\data\All Users\Start Menu\Programs\Startup\TunnelGuard Tray Monitor.lnk
ShortcutTarget: TunnelGuard Tray Monitor.lnk -> C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE (Nortel Networks)
SSODL: EldosMountNotificator-cbfs5 - {2FDAFB24-B169-4275-A542-BBBF7E571352} - C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 1EldosIconOverlay-cbfs5 -> {87AE300F-D62D-458A-B35A-B3B7B6F9EB65} => C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 2EldosIconOverlay-cbfs5 -> {F02BF715-CB7E-4DB6-AD09-227DB5FB4B29} => C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: BitcasaBadFileOverlay -> {EC168C82-5053-422A-BB08-3CD9ACA22E85} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: BitcasaIconOverlay -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: BitcasaMirrorOverlay -> {8C403C00-4544-4A53-879B-1949390CDE13} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: BitcasaNotMirrored -> {775CDDED-E6D2-4DD8-8C1F-158BEF44B62A} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: BitcasaProgressOverlay -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: EldosIconOverlay-cbfs5 -> {2A23874A-2B68-4C72-8A22-5B1FFADC5081} => C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: VirtualExpanderFile.1 -> {E4000AC4-5E5F-4956-807A-C5854405D64F} => C:\WINNT\system32\VirtualExpander\VEShellExt.dll (Sony Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\system32\shell32.dll [8460800 2008-07-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINNT\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Firebug - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\[email protected] [2012-12-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2008-11-05]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - d:\data\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - d:\data\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINNT\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (MicrosoftÃÂ® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (MicrosoftÃÂ® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Google Update) - d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - d:\data\rainmaker\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR CustomProfile: d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Mini Notepad) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apjhdoaiejppfmijnkopdcpjcngdlffj [2014-09-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-08]
CHR Extension: (Facepad for Facebook) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgaknhmchnjaphondjciheacngggiclo [2014-09-24]
CHR Extension: (YouTube Flags) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeammepjjllhpcfnkohocddkmdejjebc [2014-09-17]
CHR Extension: (Best Save) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifkgichhpmabepjkbkmfeclembjdbpml [2014-08-26]
CHR Extension: (Google Wallet) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-14]
CHR Extension: (Responsive Web Design Tester) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2014-09-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2014-09-29] (Adobe Systems Incorporated)
S4 Alerter; C:\WINNT\system32\alrsvc.dll [17408 2004-08-04] (Microsoft Corporation)
R3 ALG; C:\WINNT\System32\alg.exe [44544 2004-08-04] (Microsoft Corporation)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.)
S3 AppMgmt; C:\WINNT\System32\appmgmts.dll [167936 2004-08-04] (Microsoft Corporation)
S3 aspnet_state; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
R2 AudioSrv; C:\WINNT\System32\audiosrv.dll [42496 2004-08-04] (Microsoft Corporation)
S3 BITS; C:\WINNT\system32\qmgr.dll [382464 2004-08-04] (Microsoft Corporation)
S2 Browser; C:\WINNT\System32\browser.dll [77312 2004-08-04] (Microsoft Corporation)
S2 CcmExec; C:\WINNT\system32\CCM\CcmExec.exe [578784 2006-02-09] (Microsoft Corporation)
S3 CiSvc; C:\WINNT\system32\cisvc.exe [5632 2004-08-04] (Microsoft Corporation)
S3 ClipSrv; C:\WINNT\system32\clipsrv.exe [33280 2004-08-04] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S3 COMSysApp; C:\WINNT\system32\dllhost.exe [5120 2004-08-04] (Microsoft Corporation)
R2 CryptSvc; C:\WINNT\System32\cryptsvc.dll [60416 2004-08-04] (Microsoft Corporation)
R2 DcomLaunch; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINNT\System32\dhcpcsvc.dll [111616 2006-05-19] (Microsoft Corporation)
S3 dmadmin; C:\WINNT\System32\dmadmin.exe [224768 2004-08-04] (Microsoft Corp., Veritas Software)
S3 dmserver; C:\WINNT\System32\dmserver.dll [23552 2004-08-04] (Microsoft Corp.)
R2 Dnscache; C:\WINNT\System32\dnsrslvr.dll [45568 2008-02-20] (Microsoft Corporation)
R2 DWMRCS; C:\WINNT\system32\DWRCS.EXE [222720 2007-07-25] (DameWare Development LLC) [File not signed]
R2 ERSvc; C:\WINNT\System32\ersvc.dll [23040 2004-08-04] (Microsoft Corporation)
R2 Eventlog; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINNT\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
S3 ExtranetAccess; C:\Program Files\Nexxia\Extranet_serv.exe [835584 2006-05-09] (Nortel Networks NA, Inc.) [File not signed]
S3 FastUserSwitchingCompatibility; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
R2 helpsvc; C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll [38912 2004-08-04] (Microsoft Corporation)
R2 HidServ; C:\WINNT\System32\hidserv.dll [21504 2004-08-04] (Microsoft Corporation)
S3 HTTPFilter; C:\WINNT\System32\w3ssl.dll [15872 2004-08-04] (Microsoft Corporation)
R2 IBM Rapid Restore Ultra Service; C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [385024 2005-10-06] () [File not signed]
R2 IBMPMSVC; C:\WINNT\system32\ibmpmsvc.exe [73782 2005-11-11] ()
S3 idsvc; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINNT\system32\imapi.exe [150016 2004-08-04] (Microsoft Corporation)
S3 iPassConnectEngine; C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe [1310720 2006-11-30] (iPass, Inc.) [File not signed]
R3 iPassPeriodicUpdateApp; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe [126976 2006-11-29] (iPass, Inc.) [File not signed]
R2 iPassPeriodicUpdateService; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe [86016 2006-11-29] (iPass, Inc.) [File not signed]
S4 Irmon; C:\WINNT\System32\irmon.dll [27136 2004-08-03] (Microsoft Corporation)
R2 lanmanserver; C:\WINNT\System32\srvsvc.dll [96768 2004-12-07] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINNT\System32\wkssvc.dll [134144 2009-06-10] (Microsoft Corporation)
R2 LmHosts; C:\WINNT\System32\lmhsvc.dll [13824 2004-08-04] (Microsoft Corporation)
R2 McAfeeFramework; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [103744 2007-12-14] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144704 2007-10-16] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54608 2007-10-16] (McAfee, Inc.)
S4 Messenger; C:\WINNT\System32\msgsvc.dll [33792 2004-08-04] (Microsoft Corporation)
S3 mnmsrvc; C:\WINNT\system32\mnmsrvc.exe [32768 2004-08-04] (Microsoft Corporation)
S3 MSDTC; C:\WINNT\system32\msdtc.exe [6144 2004-08-04] (Microsoft Corporation)
R2 MSIServer; C:\WINNT\System32\msiexec.exe [78848 2005-05-03] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
S4 NetDDE; C:\WINNT\system32\netdde.exe [111104 2004-08-04] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINNT\system32\netdde.exe [111104 2004-08-04] (Microsoft Corporation)
R2 Netlogon; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
R3 Netman; C:\WINNT\System32\netman.dll [197632 2005-08-22] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [132096 2008-07-29] (Microsoft Corporation)
R3 Nla; C:\WINNT\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 NtmsSvc; C:\WINNT\system32\ntmssvc.dll [435200 2004-08-04] (Microsoft Corporation)
R2 PlugPlay; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
S4 PolicyAgent; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 RasAuto; C:\WINNT\System32\rasauto.dll [89088 2004-08-04] (Microsoft Corporation)
R3 RasMan; C:\WINNT\System32\rasmans.dll [181248 2006-06-22] (Microsoft Corporation)
S3 RDSessMgr; C:\WINNT\system32\sessmgr.exe [140800 2004-08-04] (Microsoft Corporation)
S4 RemoteAccess; C:\WINNT\System32\mprdim.dll [49152 2002-08-29] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINNT\system32\regsvc.dll [59904 2004-08-04] (Microsoft Corporation)
S3 RpcLocator; C:\WINNT\system32\locator.exe [75264 2004-08-04] (Microsoft Corporation)
R2 RpcSs; C:\WINNT\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINNT\system32\rsvp.exe [132608 2002-08-29] (Microsoft Corporation)
R2 SamSs; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 SCardSvr; C:\WINNT\System32\SCardSvr.exe [95744 2004-08-04] (Microsoft Corporation)
R2 Schedule; C:\WINNT\system32\schedsvc.dll [190976 2004-08-04] (Microsoft Corporation)
R2 seclogon; C:\WINNT\System32\seclogon.dll [18944 2004-08-04] (Microsoft Corporation)
R2 SENS; C:\WINNT\system32\sens.dll [38912 2004-08-04] (Microsoft Corporation)
R2 SharedAccess; C:\WINNT\System32\ipnathlp.dll [331264 2004-08-04] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
R2 Spooler; C:\WINNT\system32\spoolsv.exe [57856 2005-06-10] (Microsoft Corporation)
R2 srservice; C:\WINNT\system32\srsvc.dll [170496 2004-08-04] (Microsoft Corporation)
R3 SSDPSRV; C:\WINNT\System32\ssdpsrv.dll [71680 2004-08-04] (Microsoft Corporation)
R2 stisvc; C:\WINNT\system32\wiaservc.dll [333824 2006-12-19] (Microsoft Corporation)
S3 SwPrv; C:\WINNT\system32\dllhost.exe [5120 2004-08-04] (Microsoft Corporation)
S3 SysmonLog; C:\WINNT\system32\smlogsvc.exe [89600 2004-08-04] (Microsoft Corporation)
R3 TapiSrv; C:\WINNT\System32\tapisrv.dll [249344 2005-07-08] (Microsoft Corporation)
R3 TermService; C:\WINNT\System32\termsrv.dll [295424 2004-08-04] (Microsoft Corporation)
R2 Themes; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
S3 TlntSvr; C:\WINNT\system32\tlntsvr.exe [73216 2004-08-04] (Microsoft Corporation)
R2 TPHDEXLGSVC; C:\WINNT\System32\TPHDEXLG.EXE [77824 2005-06-20] (Lenovo.) [File not signed]
R2 TrkWks; C:\WINNT\system32\trkwks.dll [90624 2004-08-04] (Microsoft Corporation)
R2 tunnelguardservice; c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe [53248 2005-09-06] (Alexandria Software Consulting) [File not signed]
S3 upnphost; C:\WINNT\System32\upnphost.dll [185344 2007-02-05] (Microsoft Corporation)
S3 UPS; C:\WINNT\System32\ups.exe [18432 2004-08-04] (Microsoft Corporation)
S3 VSS; C:\WINNT\System32\vssvc.exe [289792 2004-08-04] (Microsoft Corporation)
R2 W32Time; C:\WINNT\system32\w32time.dll [174592 2004-08-04] (Microsoft Corporation)
R2 WebClient; C:\WINNT\System32\webclnt.dll [68096 2006-01-03] (Microsoft Corporation)
R2 winmgmt; C:\WINNT\system32\wbem\WMIsvc.dll [144896 2004-08-04] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINNT\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
S3 Wmi; C:\WINNT\System32\advapi32.dll [617984 2009-02-09] (Microsoft Corporation)
S3 WmiApSrv; C:\WINNT\system32\wbem\wmiapsrv.exe [126464 2004-08-04] (Microsoft Corporation)
S2 wscsvc; C:\WINNT\system32\wscsvc.dll [81408 2004-08-04] (Microsoft Corporation)
R2 wuauserv; C:\WINNT\system32\wuauserv.dll [6656 2004-08-04] (Microsoft Corporation)
S3 WudfSvc; C:\WINNT\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
R2 WZCSVC; C:\WINNT\System32\wzcsvc.dll [474624 2005-04-20] (Microsoft Corporation)
S3 xmlprov; C:\WINNT\System32\xmlprov.dll [129536 2004-08-04] (Microsoft Corporation)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 magaService; c:\Program Files\Sygate\SSA\maga\maga.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINNT\System32\DRIVERS\ACPI.sys [187776 2004-08-04] (Microsoft Corporation)
R0 ACPIEC; C:\WINNT\System32\DRIVERS\ACPIEC.sys [11648 2002-08-29] (Microsoft Corporation)
R3 ADIHdAudAddService; C:\WINNT\System32\drivers\ADIHdAud.sys [173056 2005-12-15] (Analog Devices, Inc.)
R3 AEAudioService; C:\WINNT\System32\drivers\AEAudio.sys [152960 2005-12-15] (Andrea Electronics Corporation)
S3 aec; C:\WINNT\System32\drivers\aec.sys [142464 2004-08-03] (Microsoft Corporation)
R1 AFD; C:\WINNT\System32\drivers\afd.sys [138368 2008-08-14] (Microsoft Corporation)
R0 ANCSQ; C:\WINNT\System32\drivers\ANCSQ.sys [6912 2005-04-27] (IBM Corp.) [File not signed]
S3 AsyncMac; C:\WINNT\System32\DRIVERS\asyncmac.sys [14336 2004-08-03] (Microsoft Corporation)
R0 atapi; C:\WINNT\System32\DRIVERS\atapi.sys [95360 2004-08-03] (Microsoft Corporation)
S3 Atmarpc; C:\WINNT\System32\DRIVERS\atmarpc.sys [59904 2004-08-03] (Microsoft Corporation)
R3 atmeltpm; C:\WINNT\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.)
R3 audstub; C:\WINNT\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R1 Beep; C:\WINNT\system32\Drivers\Beep.sys [4224 2002-08-29] (Microsoft Corporation)
R1 cbfs5; C:\WINNT\system32\drivers\cbfs5.sys [346688 2013-11-25] (EldoS Corporation)
S4 cbidf2k; C:\WINNT\system32\Drivers\cbidf2k.sys [13952 2002-08-29] (Microsoft Corporation)
S1 Cdaudio; C:\WINNT\system32\Drivers\Cdaudio.sys [18688 2002-08-29] (Microsoft Corporation)
S4 Cdfs; C:\WINNT\system32\Drivers\Cdfs.sys [63744 2004-08-03] (Microsoft Corporation)
R1 Cdrom; C:\WINNT\System32\DRIVERS\cdrom.sys [49536 2004-08-04] (Microsoft Corporation)
R3 CmBatt; C:\WINNT\System32\DRIVERS\CmBatt.sys [14080 2004-08-03] (Microsoft Corporation)
R0 Compbatt; C:\WINNT\System32\DRIVERS\compbatt.sys [9344 2001-08-17] (Microsoft Corporation)
R0 Disk; C:\WINNT\System32\DRIVERS\disk.sys [36352 2004-08-04] (Microsoft Corporation)
S4 dmboot; C:\WINNT\System32\drivers\dmboot.sys [799744 2004-08-03] (Microsoft Corp., Veritas Software)
S4 dmio; C:\WINNT\System32\drivers\dmio.sys [153344 2004-08-03] (Microsoft Corp., Veritas Software)
S4 dmload; C:\WINNT\System32\drivers\dmload.sys [5888 2002-08-29] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINNT\System32\drivers\DMusic.sys [52864 2004-08-03] (Microsoft Corporation)
S3 drmkaud; C:\WINNT\System32\drivers\drmkaud.sys [2944 2004-08-03] (Microsoft Corporation)
R3 DwMirror; C:\WINNT\System32\DRIVERS\DamewareMini.sys [2944 2007-02-07] (DameWare Development, Inc.)
R1 dwvkbd; C:\WINNT\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
S3 e1express; C:\WINNT\System32\DRIVERS\e1e5132.sys [181760 2006-01-22] (Intel Corporation)
R3 Eacfilt; C:\WINNT\System32\DRIVERS\eacfilt.sys [24521 2006-05-09] (Nortel Networks) [File not signed]
R2 EGATHDRV; C:\WINNT\SYSTEM32\EGATHDRV.SYS [5427 2005-04-27] (IBM Corporation) [File not signed]
S4 Fastfat; C:\WINNT\system32\Drivers\Fastfat.sys [143360 2004-08-03] (Microsoft Corporation)
S1 Fdc; C:\WINNT\system32\Drivers\Fdc.sys [27392 2004-08-04] (Microsoft Corporation)
R1 Fips; C:\WINNT\system32\Drivers\Fips.sys [34944 2002-08-29] (Microsoft Corporation)
S3 FLMCKUSB; C:\WINNT\System32\Drivers\FLMckUSB.sys [69810 2004-12-15] (AuthenTec, Inc.)
S1 Flpydisk; C:\WINNT\system32\Drivers\Flpydisk.sys [20480 2004-08-04] (Microsoft Corporation)
R0 FltMgr; C:\WINNT\System32\DRIVERS\fltMgr.sys [124800 2004-08-03] (Microsoft Corporation)
U1 Fs_Rec; C:\WINNT\system32\Drivers\Fs_Rec.sys [7936 2002-08-29] (Microsoft Corporation)
R0 Ftdisk; C:\WINNT\System32\DRIVERS\ftdisk.sys [125056 2002-08-29] (Microsoft Corporation)
R3 GEARAspiWDM; C:\WINNT\System32\DRIVERS\GEARAspiWDM.sys [23400 2009-03-19] (GEAR Software Inc.)
R3 Gpc; C:\WINNT\System32\DRIVERS\msgpc.sys [35072 2004-08-03] (Microsoft Corporation)
R3 HDAudBus; C:\WINNT\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows ® Server 2003 DDK provider) [File not signed]
S3 HidUsb; C:\WINNT\System32\DRIVERS\hidusb.sys [9600 2001-08-17] (Microsoft Corporation)
R3 HSF_DPV; C:\WINNT\System32\DRIVERS\hsx_dpv.sys [936448 2005-12-06] (Conexant Systems, Inc.)
R3 HSXHWAZL; C:\WINNT\System32\DRIVERS\hsxhwazl.sys [192512 2005-12-06] (Conexant Systems, Inc.)
R3 HTTP; C:\WINNT\System32\Drivers\HTTP.sys [263552 2009-10-20] (Microsoft Corporation)
R1 i8042prt; C:\WINNT\System32\DRIVERS\i8042prt.sys [52736 2004-08-04] (Microsoft Corporation)
R3 ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [1173468 2006-09-15] (Intel Corporation) [File not signed]
R0 iaStor; C:\WINNT\System32\drivers\iaStor.sys [874240 2005-10-12] (Intel Corporation)
R2 ibmfilter; C:\WINNT\system32\drivers\ibmfilter.sys [63616 2005-04-27] (IBM) [File not signed]
R3 IBMPMDRV; C:\WINNT\System32\DRIVERS\ibmpmdrv.sys [10112 2005-11-11] (Lenovo.)
R1 Imapi; C:\WINNT\System32\DRIVERS\imapi.sys [41856 2004-08-04] (Microsoft Corporation)
R0 IntelIde; C:\WINNT\System32\DRIVERS\intelide.sys [5504 2004-08-03] (Microsoft Corporation)
R1 intelppm; C:\WINNT\System32\DRIVERS\intelppm.sys [36096 2004-08-04] (Microsoft Corporation)
S3 Ip6Fw; C:\WINNT\System32\DRIVERS\Ip6Fw.sys [29056 2004-08-03] (Microsoft Corporation)
R2 iPassP; C:\WINNT\System32\DRIVERS\iPassP.sys [21419 2009-04-25] (Meetinghouse Data Communications) [File not signed]
S3 IpFilterDriver; C:\WINNT\System32\DRIVERS\ipfltdrv.sys [32896 2002-08-29] (Microsoft Corporation)
S3 IpInIp; C:\WINNT\System32\DRIVERS\ipinip.sys [20992 2004-08-03] (Microsoft Corporation)
R3 IpNat; C:\WINNT\System32\DRIVERS\ipnat.sys [134912 2004-08-03] (Microsoft Corporation)
R1 IPSec; C:\WINNT\System32\DRIVERS\ipsec.sys [74752 2004-08-03] (Microsoft Corporation)
S3 IPSECEXT; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155216 2006-05-09] (Nortel Networks NA, Inc.) [File not signed]
R3 IPSECSHM; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155216 2006-05-09] (Nortel Networks NA, Inc.) [File not signed]
R2 irda; C:\WINNT\System32\DRIVERS\irda.sys [87424 2004-08-03] (Microsoft Corporation)
R3 IRENUM; C:\WINNT\System32\DRIVERS\irenum.sys [11264 2004-08-03] (Microsoft Corporation)
R0 isapnp; C:\WINNT\System32\DRIVERS\isapnp.sys [35840 2002-08-29] (Microsoft Corporation)
R1 Kbdclass; C:\WINNT\System32\DRIVERS\kbdclass.sys [24576 2004-08-04] (Microsoft Corporation)
S1 kbdhid; C:\WINNT\System32\DRIVERS\kbdhid.sys [14848 2004-08-03] (Microsoft Corporation)
S3 kmixer; C:\WINNT\System32\drivers\kmixer.sys [171776 2004-08-03] (Microsoft Corporation)
R0 KSecDD; C:\WINNT\system32\Drivers\KSecDD.sys [92544 2009-06-22] (Microsoft Corporation)
R2 mdmxsdk; C:\WINNT\System32\DRIVERS\mdmxsdk.sys [12544 2005-10-05] (Conexant)
R3 mfeapfk; C:\WINNT\System32\drivers\mfeapfk.sys [64168 2007-10-16] (McAfee, Inc.)
R3 mfeavfk; C:\WINNT\System32\drivers\mfeavfk.sys [72680 2007-10-16] (McAfee, Inc.)
R3 mfebopk; C:\WINNT\System32\drivers\mfebopk.sys [33960 2007-10-16] (McAfee, Inc.)
R3 mfehidk; C:\WINNT\System32\drivers\mfehidk.sys [171272 2007-10-16] (McAfee, Inc.)
R1 mferkdk; C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [31784 2007-10-16] (McAfee, Inc.)
R1 mfetdik; C:\WINNT\System32\drivers\mfetdik.sys [51944 2007-10-16] (McAfee, Inc.)
R1 mnmdd; C:\WINNT\system32\Drivers\mnmdd.sys [4224 2002-08-29] (Microsoft Corporation)
R3 Modem; C:\WINNT\system32\Drivers\Modem.sys [30080 2004-08-04] (Microsoft Corporation)
R1 Mouclass; C:\WINNT\System32\DRIVERS\mouclass.sys [23040 2004-08-04] (Microsoft Corporation)
S3 mouhid; C:\WINNT\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation)
R0 MountMgr; C:\WINNT\system32\Drivers\MountMgr.sys [42240 2004-08-03] (Microsoft Corporation)
R3 MRxDAV; C:\WINNT\System32\DRIVERS\mrxdav.sys [179584 2007-12-18] (Microsoft Corporation)
R1 MRxSmb; C:\WINNT\System32\DRIVERS\mrxsmb.sys [454016 2010-02-24] (Microsoft Corporation)
R1 Msfs; C:\WINNT\system32\Drivers\Msfs.sys [19072 2004-08-03] (Microsoft Corporation)
S3 MSKSSRV; C:\WINNT\System32\drivers\MSKSSRV.sys [7552 2004-08-03] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINNT\System32\drivers\MSPCLOCK.sys [5376 2004-08-03] (Microsoft Corporation)
S3 MSPQM; C:\WINNT\System32\drivers\MSPQM.sys [4992 2004-08-03] (Microsoft Corporation)
R3 mssmbios; C:\WINNT\System32\DRIVERS\mssmbios.sys [15488 2004-08-04] (Microsoft Corporation)
R0 Mup; C:\WINNT\system32\Drivers\Mup.sys [107904 2004-08-03] (Microsoft Corporation)
R0 NDIS; C:\WINNT\system32\Drivers\NDIS.sys [182912 2004-08-03] (Microsoft Corporation)
R3 NdisTapi; C:\WINNT\System32\DRIVERS\ndistapi.sys [9600 2002-08-29] (Microsoft Corporation)
R3 Ndisuio; C:\WINNT\System32\DRIVERS\ndisuio.sys [14592 2005-04-19] (Microsoft Corporation)
R3 NdisWan; C:\WINNT\System32\DRIVERS\ndiswan.sys [91776 2004-08-03] (Microsoft Corporation)
R3 NDProxy; C:\WINNT\system32\Drivers\NDProxy.sys [38016 2002-08-29] (Microsoft Corporation)
R1 NetBIOS; C:\WINNT\System32\DRIVERS\netbios.sys [34560 2004-08-03] (Microsoft Corporation)
R1 NetBT; C:\WINNT\System32\DRIVERS\netbt.sys [162816 2004-08-03] (Microsoft Corporation)
R3 NETw3x32; C:\WINNT\System32\DRIVERS\NETw3x32.sys [1709696 2006-09-27] (Intel® Corporation)
R1 Npfs; C:\WINNT\system32\Drivers\Npfs.sys [30848 2004-08-03] (Microsoft Corporation)
R3 NSCIRDA; C:\WINNT\System32\DRIVERS\nscirda.sys [28672 2004-08-03] (National Semiconductor Corporation)
R4 Ntfs; C:\WINNT\system32\Drivers\Ntfs.sys [574592 2004-08-03] (Microsoft Corporation)
R1 Null; C:\WINNT\system32\Drivers\Null.sys [2944 2002-08-29] (Microsoft Corporation)
S3 NwlnkFlt; C:\WINNT\System32\DRIVERS\nwlnkflt.sys [12416 2002-08-29] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINNT\System32\DRIVERS\nwlnkfwd.sys [32512 2002-08-29] (Microsoft Corporation)
S3 Parport; C:\WINNT\System32\DRIVERS\parport.sys [80128 2004-08-04] (Microsoft Corporation)
R0 PartMgr; C:\WINNT\system32\Drivers\PartMgr.sys [18688 2002-08-29] (Microsoft Corporation)
S4 ParVdm; C:\WINNT\system32\Drivers\ParVdm.sys [6784 2002-08-29] (Microsoft Corporation)
R0 PCI; C:\WINNT\System32\DRIVERS\pci.sys [68224 2004-08-03] (Microsoft Corporation)
R0 PCIIde; C:\WINNT\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation)
R0 Pcmcia; C:\WINNT\System32\DRIVERS\pcmcia.sys [119936 2004-08-04] (Microsoft Corporation)
R3 PptpMiniport; C:\WINNT\System32\DRIVERS\raspptp.sys [48384 2004-08-03] (Microsoft Corporation)
S3 prepdrvr; C:\WINNT\system32\CCM\prepdrv.sys [20704 2006-02-09] (Microsoft Corporation)
S4 psadd; C:\WINNT\system32\Drivers\psadd.sys [13184 2007-03-20] (IBM Corporation) [File not signed]
R3 PSched; C:\WINNT\System32\DRIVERS\psched.sys [69120 2004-08-03] (Microsoft Corporation)
R3 Ptilink; C:\WINNT\System32\DRIVERS\ptilink.sys [17792 2002-08-29] (Parallel Technologies, Inc.)
R0 PxHelp20; C:\WINNT\System32\Drivers\PxHelp20.sys [20576 2007-03-20] (Sonic Solutions) [File not signed]
R1 RasAcd; C:\WINNT\System32\DRIVERS\rasacd.sys [8832 2002-08-29] (Microsoft Corporation)
R3 Rasirda; C:\WINNT\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 Rasl2tp; C:\WINNT\System32\DRIVERS\rasl2tp.sys [51328 2004-08-03] (Microsoft Corporation)
R3 RasPppoe; C:\WINNT\System32\DRIVERS\raspppoe.sys [41472 2004-08-03] (Microsoft Corporation)
R3 Raspti; C:\WINNT\System32\DRIVERS\raspti.sys [16512 2002-08-29] (Microsoft Corporation)
R1 Rdbss; C:\WINNT\System32\DRIVERS\rdbss.sys [174592 2006-05-05] (Microsoft Corporation)
R1 RDPCDD; C:\WINNT\System32\DRIVERS\RDPCDD.sys [4224 2002-08-29] (Microsoft Corporation)
R3 rdpdr; C:\WINNT\System32\DRIVERS\rdpdr.sys [196864 2004-08-03] (Microsoft Corporation)
S3 RDPWD; C:\WINNT\system32\Drivers\RDPWD.sys [139528 2005-06-10] (Microsoft Corporation)
R1 redbook; C:\WINNT\System32\DRIVERS\redbook.sys [57472 2004-08-03] (Microsoft Corporation)
S3 Secdrv; C:\WINNT\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 serenum; C:\WINNT\System32\DRIVERS\serenum.sys [15488 2004-08-04] (Microsoft Corporation)
S3 Serial; C:\WINNT\System32\DRIVERS\serial.sys [64896 2004-08-04] (Microsoft Corporation)
S1 Sfloppy; C:\WINNT\system32\Drivers\Sfloppy.sys [11392 2004-08-04] (Microsoft Corporation)
R1 ShockMgr; C:\WINNT\system32\Drivers\ShockMgr.sys [4736 2005-06-20] (Lenovo.) [File not signed]
R0 Shockprf; C:\WINNT\system32\Drivers\Shockprf.sys [85760 2005-11-30] (Lenovo) [File not signed]
R1 Smapint; C:\WINNT\System32\drivers\Smapint.sys [14848 2005-11-30] (Microsoft Corporation) [File not signed]
S3 splitter; C:\WINNT\System32\drivers\splitter.sys [6400 2004-08-03] (Microsoft Corporation)
R0 sr; C:\WINNT\System32\DRIVERS\sr.sys [73472 2004-08-03] (Microsoft Corporation)
R3 Srv; C:\WINNT\System32\DRIVERS\srv.sys [352640 2009-12-31] (Microsoft Corporation)
R3 swenum; C:\WINNT\System32\DRIVERS\swenum.sys [4352 2004-08-04] (Microsoft Corporation)
S3 swmidi; C:\WINNT\System32\drivers\swmidi.sys [54272 2001-08-17] (Microsoft Corporation)
R0 Symmpi; C:\WINNT\System32\DRIVERS\symmpi.sys [99328 2007-03-20] (LSI Logic) [File not signed]
R3 SynTP; C:\WINNT\System32\DRIVERS\SynTP.sys [177664 2005-09-15] (Synaptics, Inc.)
R3 sysaudio; C:\WINNT\System32\drivers\sysaudio.sys [60800 2004-08-03] (Microsoft Corporation)
R1 Tcpip; C:\WINNT\System32\DRIVERS\tcpip.sys [360320 2008-06-20] (Microsoft Corporation)
S3 TcUsb; C:\WINNT\System32\Drivers\tcusb.sys [24832 2004-11-04] (UPEK Inc.)
S3 TDPIPE; C:\WINNT\system32\Drivers\TDPIPE.sys [12040 2004-08-04] (Microsoft Corporation)
R1 TDSMAPI; C:\WINNT\System32\drivers\TDSMAPI.SYS [9343 2005-11-30] () [File not signed]
S3 TDTCP; C:\WINNT\system32\Drivers\TDTCP.sys [21896 2004-08-04] (Microsoft Corporation)
R1 TermDD; C:\WINNT\System32\DRIVERS\termdd.sys [40840 2004-08-04] (Microsoft Corporation)
S3 tpflhlp; c:\drivers\t60\bios\tpflhlp.sys [13360 2007-08-09] (Lenovo Group Limited)
R1 TPHKDRV; C:\WINNT\system32\Drivers\TPHKDRV.sys [17699 2006-02-01] (IBM Corporation) [File not signed]
R1 TPPWRIF; C:\WINNT\System32\drivers\Tppwrif.sys [4442 2005-12-07] () [File not signed]
S4 Udfs; C:\WINNT\system32\Drivers\Udfs.sys [66176 2004-08-03] (Microsoft Corporation)
R3 Update; C:\WINNT\System32\DRIVERS\update.sys [209408 2004-08-03] (Microsoft Corporation)
S3 USBAAPL; C:\WINNT\System32\Drivers\usbaapl.sys [39424 2009-06-05] (Apple, Inc.)
S3 usbaudio; C:\WINNT\System32\drivers\usbaudio.sys [59264 2004-08-03] (Microsoft Corporation)
S3 usbccgp; C:\WINNT\System32\DRIVERS\usbccgp.sys [31616 2004-08-03] (Microsoft Corporation)
R3 usbehci; C:\WINNT\System32\DRIVERS\usbehci.sys [26624 2004-08-03] (Microsoft Corporation)
R3 usbhub; C:\WINNT\System32\DRIVERS\usbhub.sys [57600 2004-08-03] (Microsoft Corporation)
S3 usbscan; C:\WINNT\System32\DRIVERS\usbscan.sys [15104 2004-08-03] (Microsoft Corporation)
S3 USBSTOR; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [26496 2004-08-03] (Microsoft Corporation)
R3 usbuhci; C:\WINNT\System32\DRIVERS\usbuhci.sys [20480 2004-08-04] (Microsoft Corporation)
R1 VgaSave; C:\WINNT\System32\drivers\vga.sys [20992 2004-08-03] (Microsoft Corporation)
R0 VolSnap; C:\WINNT\system32\Drivers\VolSnap.sys [52352 2004-08-03] (Microsoft Corporation)
S3 w39n51; C:\WINNT\System32\DRIVERS\w39n51.sys [1428096 2005-12-05] (Intel® Corporation)
R3 Wanarp; C:\WINNT\System32\DRIVERS\wanarp.sys [34560 2004-08-03] (Microsoft Corporation)
R3 wdmaud; C:\WINNT\System32\drivers\wdmaud.sys [82944 2004-08-03] (Microsoft Corporation)
R3 winachsf; C:\WINNT\System32\DRIVERS\hsx_cnxt.sys [670208 2005-12-06] (Conexant Systems, Inc.)
R1 WS2IFSL; C:\WINNT\System32\drivers\ws2ifsl.sys [12032 2002-08-29] (Microsoft Corporation)
S3 WudfPf; C:\WINNT\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation)
S3 WudfRd; C:\WINNT\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation)
U1 RCHelp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-30 06:11 - 2014-09-30 06:11 - 00000000 ____D () d:\data\LocalService\Application Data\McAfee
2014-09-30 06:09 - 2014-09-30 06:09 - 00000000 ____D () d:\data\All Users\Start Menu\Programs\McAfee Security Scan Plus
2014-09-30 06:09 - 2014-09-30 06:09 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-09-29 20:48 - 2014-09-29 20:48 - 17323696 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerInstaller.exe
2014-09-29 20:10 - 2014-09-30 06:09 - 00001648 _____ () d:\data\All Users\Desktop\McAfee Security Scan Plus.lnk
2014-09-29 20:10 - 2014-09-30 06:09 - 00000000 ____D () d:\data\All Users\Application Data\McAfee Security Scan
2014-09-29 20:05 - 2014-09-29 20:17 - 00000000 ____D () C:\WINNT\system32\MRT
2014-09-29 20:05 - 2014-08-29 13:01 - 98758480 _____ (Microsoft Corporation) C:\WINNT\system32\MRT.exe
2014-09-29 20:00 - 2014-09-29 20:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-29 17:17 - 2014-09-29 17:17 - 00090112 _____ () C:\WINNT\Minidump\Mini092914-03.dmp
2014-09-29 17:15 - 2014-09-29 17:15 - 00090112 _____ () C:\WINNT\Minidump\Mini092914-02.dmp
2014-09-29 17:13 - 2014-09-29 17:13 - 00090112 _____ () C:\WINNT\Minidump\Mini092914-01.dmp
2014-09-27 15:11 - 2014-09-27 03:27 - 01699276 _____ (Thisisu) d:\data\rainmaker\Desktop\JRT_NEW.exe
2014-09-27 14:26 - 2014-09-27 14:26 - 01290752 _____ () d:\data\rainmaker\Desktop\zoek.exe
2014-09-27 14:24 - 2014-09-27 14:23 - 01373475 _____ () d:\data\rainmaker\Desktop\adwcleaner_3.310.exe
2014-09-27 14:17 - 2014-09-27 14:17 - 00000000 ____D () d:\data\rainmaker\Desktop\FRST-OlderVersion
2014-09-25 14:08 - 2014-10-01 08:02 - 00046531 _____ () d:\data\rainmaker\Desktop\FRST.txt
2014-09-25 14:08 - 2014-10-01 08:01 - 00000000 ____D () C:\FRST
2014-09-25 14:08 - 2014-09-27 14:17 - 01100288 _____ (Farbar) d:\data\rainmaker\Desktop\FRST.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-01 08:02 - 2014-06-21 10:36 - 00000000 ____D () d:\data\rainmaker\Local Settings\temp
2014-10-01 08:02 - 2006-10-18 12:00 - 01935096 _____ () C:\WINNT\WindowsUpdate.log
2014-10-01 08:01 - 2014-06-21 10:36 - 00000000 ____D () C:\WINNT\Temp
2014-10-01 08:01 - 2011-09-03 12:52 - 00001024 ____H () d:\data\rainmaker\ntuser.dat.LOG
2014-10-01 08:01 - 2011-09-03 12:52 - 00000000 ____D () d:\data\rainmaker\Desktop
2014-10-01 08:01 - 2007-03-20 16:43 - 00001024 ____H () d:\data\NetworkService\ntuser.dat.LOG
2014-10-01 08:01 - 2007-03-20 16:43 - 00001024 ____H () d:\data\LocalService\ntuser.dat.LOG
2014-10-01 08:00 - 2014-06-18 12:55 - 00000884 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-01 07:59 - 2014-06-18 12:55 - 00000880 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-01 07:59 - 2012-05-13 14:55 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-01 07:59 - 2011-09-03 12:52 - 00000062 ___SH () d:\data\rainmaker\Local Settings\desktop.ini
2014-10-01 07:59 - 2007-08-31 14:17 - 02340056 _____ () C:\engine.log
2014-10-01 07:59 - 2007-03-20 16:43 - 00000062 ___SH () d:\data\NetworkService\Local Settings\desktop.ini
2014-10-01 07:59 - 2007-03-20 16:43 - 00000062 ___SH () d:\data\LocalService\Local Settings\desktop.ini
2014-10-01 07:59 - 2007-03-20 16:43 - 00000006 ____H () C:\WINNT\Tasks\SA.DAT
2014-10-01 07:59 - 2007-03-20 16:43 - 00000000 ____D () d:\data\NetworkService\Local Settings\Temp
2014-10-01 07:59 - 2006-10-18 11:51 - 00002206 _____ () C:\WINNT\system32\wpa.dbl
2014-10-01 07:59 - 2006-10-18 07:58 - 00000157 _____ () C:\WINNT\wiadebug.log
2014-10-01 07:59 - 2006-10-18 07:58 - 00000049 _____ () C:\WINNT\wiaservc.log
2014-09-30 07:44 - 2011-09-03 12:52 - 11010048 ____H () d:\data\rainmaker\NTUSER.DAT
2014-09-30 07:44 - 2007-03-20 16:43 - 00262144 ____H () d:\data\NetworkService\NTUSER.DAT
2014-09-30 07:44 - 2007-03-20 16:43 - 00262144 ____H () d:\data\LocalService\NTUSER.DAT
2014-09-30 07:44 - 2007-03-20 16:43 - 00032554 _____ () C:\WINNT\SchedLgU.Txt
2014-09-30 07:44 - 2006-10-18 07:54 - 00000000 ____D () C:\WINNT
2014-09-30 06:47 - 2013-04-02 17:26 - 00011712 _____ () C:\WINNT\system32\TPAPSLOG.LOG
2014-09-30 06:47 - 2012-04-14 14:35 - 00000826 _____ () C:\WINNT\Tasks\Adobe Flash Player Updater.job
2014-09-30 06:09 - 2006-10-18 07:56 - 00000000 ___RD () d:\data\All Users\Start Menu\Programs\Startup
2014-09-30 06:09 - 2006-10-18 07:56 - 00000000 ____D () d:\data\All Users\Start Menu\Programs
2014-09-30 06:09 - 2006-10-18 07:56 - 00000000 ____D () d:\data\All Users\Desktop
2014-09-30 03:02 - 2009-04-28 03:00 - 00000000 ____D () C:\Quarantine
2014-09-30 03:00 - 2013-04-02 17:08 - 00000000 __SHD () d:\data\NetworkService\Cookies
2014-09-30 03:00 - 2007-03-20 16:43 - 00000000 ___HD () d:\data\NetworkService\Local Settings\Temporary Internet Files
2014-09-30 03:00 - 2007-03-20 16:43 - 00000000 ___HD () d:\data\NetworkService\Local Settings\History
2014-09-29 20:48 - 2012-04-14 14:35 - 00701104 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerApp.exe
2014-09-29 20:48 - 2011-08-30 08:46 - 00071344 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerCPLApp.cpl
2014-09-29 20:11 - 2011-09-03 12:52 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Adobe
2014-09-29 20:10 - 2007-03-20 17:14 - 00000000 ____D () d:\data\All Users\Application Data\McAfee
2014-09-29 20:10 - 2006-10-18 07:56 - 00000000 __RHD () d:\data\All Users\Application Data
2014-09-29 20:09 - 2011-09-04 14:55 - 00000000 ____D () d:\data\rainmaker\My Documents\Downloads
2014-09-29 19:40 - 2011-09-03 12:52 - 00000000 __SHD () d:\data\rainmaker\Local Settings\Temporary Internet Files
2014-09-29 19:40 - 2011-09-03 12:52 - 00000000 __SHD () d:\data\rainmaker\Local Settings\History
2014-09-29 19:40 - 2011-09-03 12:52 - 00000000 ___HD () d:\data\rainmaker\Recent
2014-09-29 19:38 - 2014-06-21 10:36 - 00000000 ____D () d:\data\LocalService\Local Settings\temp
2014-09-29 19:38 - 2011-09-03 12:52 - 00000000 __SHD () d:\data\rainmaker\Cookies
2014-09-29 19:38 - 2007-03-20 16:43 - 00000000 __SHD () d:\data\LocalService\Local Settings\Temporary Internet Files
2014-09-29 19:38 - 2007-03-20 16:43 - 00000000 __SHD () d:\data\LocalService\Local Settings\History
2014-09-29 19:38 - 2007-03-20 16:43 - 00000000 __SHD () d:\data\LocalService\Cookies
2014-09-29 19:37 - 2012-12-23 21:48 - 00000278 ___SH () d:\data\rainmaker\ntuser.ini
2014-09-29 19:36 - 2014-06-19 16:47 - 00000000 __SHD () d:\data\Default User\Cookies
2014-09-29 19:36 - 2013-04-02 17:07 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\temp
2014-09-29 19:36 - 2011-08-30 08:29 - 00000000 __SHD () d:\data\Admin\Local Settings\History
2014-09-29 19:36 - 2011-08-30 08:29 - 00000000 __SHD () d:\data\Admin\Cookies
2014-09-29 19:36 - 2011-08-30 08:29 - 00000000 __RHD () d:\data\Admin\Recent
2014-09-29 19:36 - 2009-09-21 09:36 - 00000000 __SHD () d:\data\administrator.3YFK943Z\Local Settings\Temporary Internet Files
2014-09-29 19:36 - 2009-09-21 09:36 - 00000000 __SHD () d:\data\administrator.3YFK943Z\Local Settings\History
2014-09-29 19:36 - 2009-09-21 09:36 - 00000000 __SHD () d:\data\administrator.3YFK943Z\Cookies
2014-09-29 19:36 - 2009-09-21 09:36 - 00000000 __RHD () d:\data\administrator.3YFK943Z\Recent
2014-09-29 19:36 - 2009-06-26 18:24 - 00000000 __RHD () d:\data\tpritcha\Recent
2014-09-29 19:36 - 2009-06-26 18:24 - 00000000 ___SD () d:\data\tpritcha\Local Settings\History
2014-09-29 19:36 - 2009-06-26 18:24 - 00000000 ___SD () d:\data\tpritcha\Cookies
2014-09-29 19:36 - 2008-12-02 19:44 - 00000000 __RHD () d:\data\stozin\Recent
2014-09-29 19:36 - 2008-12-02 19:44 - 00000000 ___SD () d:\data\stozin\Local Settings\History
2014-09-29 19:36 - 2008-12-02 19:44 - 00000000 ___SD () d:\data\stozin\Cookies
2014-09-29 19:36 - 2008-05-08 00:39 - 00000000 ___SD () d:\data\sserebre\Cookies
2014-09-29 19:36 - 2007-09-01 04:07 - 00000000 ___SD () d:\data\wksbuild\Cookies
2014-09-29 19:36 - 2007-08-31 14:20 - 00000000 ___SD () d:\data\tmaloof\Cookies
2014-09-29 19:36 - 2007-03-20 16:44 - 00000000 ___SD () d:\data\Administrator\Local Settings\History
2014-09-29 19:36 - 2007-03-20 16:44 - 00000000 ___SD () d:\data\Administrator\Cookies
2014-09-29 19:36 - 2006-10-18 07:56 - 00000000 __SHD () d:\data\Default User\Local Settings\History
2014-09-29 19:34 - 2007-03-20 17:11 - 00000000 ___HD () C:\WINNT\system32\GroupPolicy
2014-09-29 18:02 - 2011-08-30 08:29 - 00001024 ____H () d:\data\Admin\ntuser.dat.LOG
2014-09-29 18:02 - 2009-09-21 09:36 - 00001024 ____H () d:\data\administrator.3YFK943Z\ntuser.dat.LOG
2014-09-29 18:02 - 2009-06-26 18:24 - 00001024 ____H () d:\data\tpritcha\ntuser.dat.LOG
2014-09-29 18:02 - 2008-12-02 19:44 - 00001024 ____H () d:\data\stozin\ntuser.dat.LOG
2014-09-29 18:02 - 2008-05-08 00:39 - 00001024 ____H () d:\data\sserebre\ntuser.dat.LOG
2014-09-29 18:02 - 2007-09-01 04:07 - 00001024 ____H () d:\data\wksbuild\ntuser.dat.LOG
2014-09-29 18:02 - 2007-08-31 14:20 - 00001024 ____H () d:\data\tmaloof\ntuser.dat.LOG
2014-09-29 18:02 - 2007-03-20 16:44 - 00001024 ____H () d:\data\Administrator\ntuser.dat.LOG
2014-09-29 17:18 - 2007-09-01 04:07 - 00000000 __SHD () C:\WINNT\CSC
2014-09-29 17:17 - 2013-03-30 20:35 - 00000000 ____D () C:\WINNT\Minidump
2014-09-27 15:06 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data
2014-09-27 15:06 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data
2014-09-27 15:06 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data
2014-09-27 15:06 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data
2014-09-27 15:06 - 2011-09-03 12:52 - 00000000 ___RD () d:\data\rainmaker\My Documents
2014-09-27 15:06 - 2011-09-03 12:52 - 00000000 ___HD () d:\data\rainmaker\Local Settings\Application Data
2014-09-27 15:06 - 2011-09-03 12:52 - 00000000 ___HD () d:\data\rainmaker\Application Data
2014-09-27 15:06 - 2011-08-30 08:29 - 00000000 ___HD () d:\data\Admin\Local Settings\Application Data
2014-09-27 15:06 - 2009-09-21 09:36 - 00000000 ___HD () d:\data\administrator.3YFK943Z\Local Settings\Application Data
2014-09-27 15:06 - 2007-03-20 16:44 - 00000000 ___HD () d:\data\Administrator\Local Settings\Application Data
2014-09-25 17:27 - 2009-06-17 14:10 - 00000284 _____ () C:\WINNT\Tasks\AppleSoftwareUpdate.job
2014-09-25 14:02 - 2014-08-26 15:38 - 00000000 ____D () d:\data\All Users\Application Data\3eda283a8b7b0d3d
2014-09-25 14:02 - 2007-09-01 04:06 - 00010520 _____ () C:\setaid2.log
2014-09-25 14:01 - 2011-09-03 12:52 - 00000000 ____D () d:\data\rainmaker\Start Menu\Programs
2014-09-25 13:57 - 2013-09-25 13:27 - 00020309 _____ () d:\data\rainmaker\Desktop\p1647062750-2.jpg
2014-09-24 22:04 - 2006-10-18 07:56 - 00146808 _____ () C:\WINNT\system32\FNTCACHE.DAT
2014-09-24 15:08 - 2011-09-03 12:52 - 00000000 ____D () d:\data\rainmaker
2014-09-23 16:57 - 2008-06-16 13:21 - 00000000 ____D () C:\Program Files\Google
2014-09-19 14:38 - 2014-06-21 03:03 - 00004205 _____ () C:\WINNT\setupapi.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINNT\explorer.exe => File is digitally signed
C:\WINNT\system32\winlogon.exe => File is digitally signed
C:\WINNT\system32\svchost.exe => File is digitally signed
C:\WINNT\system32\services.exe => File is digitally signed
C:\WINNT\system32\User32.dll => File is digitally signed
C:\WINNT\system32\userinit.exe => File is digitally signed
C:\WINNT\system32\rpcss.dll => File is digitally signed
C:\WINNT\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-09-2014
Ran by rainmaker at 2014-10-01 08:03:58
Running from d:\data\rainmaker\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4C06 - VPN 5.01 (HKLM\...\{C5D854EC-B8C9-4DF6-BE66-EBD66090DE4E}) (Version: 1.0.970 - RBC - 4C06)
6F02 - Windows Update Agent 2.0 x32 (HKLM\...\{69BD5ED9-F72C-4A70-B00D-DA348E710B0D}) (Version: 5.8.0.2694 - RBC - 6F02)
6F02 - Windows Update Agent 3.0 (HKLM\...\{A1E4084A-D61E-487B-83C8-53DBD5A95E60}) (Version: 3.0.1047 - RBC - 6F02)
6F90 - MSI Team Tools (HKLM\...\{AC92E21F-481A-439E-A364-935790374469}) (Version: 1.0.1010 - RBC - 6F90)
6FGL - CorporateBranding - FONTS Only (HKLM\...\{C791C4C2-3227-479D-B586-B226A509EBF2}) (Version: 2.01.00 - RBC COE)
6N85 - MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - RBC - 6N85)
6N89 - Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - RBC - 6N89 (Adobe Systems, Inc.))
6N95 - J2SE Runtime Environment 5.0 Update 11 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150110}) (Version: 1.5.0.110 - RBC - 6N95 (Sun Microsystems, Inc.))
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 8.1.7 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.7 - RBC - 5D01 (Adobe Systems Incorporated))
AOL Toolbar (HKCU\...\AOL Toolbar) (Version: - )
Apple Mobile Device Support (HKLM\...\{8355F970-601D-442D-A79B-1D7DB4F24CAD}) (Version: 2.5.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Bloomberg DDE Server (HKLM\...\Bloomberg DDE Server) (Version: - )
Bloomberg Excel Tools (HKLM\...\Bloomberg Excel Tools) (Version: - )
Bloomberg Keyboard v8.5 (HKLM\...\Bloomberg Keyboard v8.5) (Version: v8.5 - Bloomberg L.P.)
Bloomberg PFM Upload Tool for Microsoft Excel (HKLM\...\Bloomberg PFM Upload Tool for Microsoft Excel) (Version: - )
Bloomberg Report Viewer (CR) (HKLM\...\Bloomberg Report Viewer_is1) (Version: 1.0 - Bloomberg L.P.)
Bloomberg SFD Data Dictionary (HKLM\...\Bloomberg SFD Data Dictionary) (Version: - )
Bloomberg, V.09.07.07 (HKLM\...\Bloomberg, V.09.07.07) (Version: - )
Borland Database Engine (HKLM\...\{7719052E-B34A-4805-9B6E-E4BC2FCB0CC0}) (Version: 5.2 - LoanPerformance)
Client for Microsoft Office SharePoint Portal Server 2003 (HKLM\...\{21B9D2F9-1CE7-4CDA-9D0D-28EB96565D25}) (Version: 11.0.5704.0 - Microsoft)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6215.1000 - Microsoft Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
IBM Rescue and Recovery with Rapid Restore (HKLM\...\{11783F13-C3A9-44A8-929B-21A476F65272}) (Version: 2.04.0182.011 - IBM)
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.141 - InterVideo Inc.)
iPassConnect (HKLM\...\{AB6FFA58-F491-11D3-8951-000000034735}) (Version: - )
ISavEr (HKLM\...\{F1422DAA-0829-09A1-7536-73936CAB8FFA}) (Version: - Isavver) <==== ATTENTION
iTunes (HKLM\...\{5D601655-6D54-4384-B52C-17EC5385FBBD}) (Version: 8.2.0.23 - Apple Inc.)
Liquid XML Studio 2010 (HKLM\...\Liquid XML Studio 2010) (Version: 8.0.6.1970 - Liquid Technologies Limited)
Liquid XML Studio 2010 (Version: 8.0.6.1970 - Liquid Technologies Limited) Hidden
LoanPerformance RiskModel 3.1.6 (HKLM\...\{A58D887D-A71D-4C08-A21B-30585EA4CB48}) (Version: 3.1.6 - LoanPerformance)
LoanPerformance RiskModel 4.0 (HKLM\...\{70B2220F-2DB7-4A20-AA83-2ABC7087487B}) (Version: 4.0.3 - LoanPerformance)
LoanPerformance RiskModel 4.0 (HKLM\...\{CA44D7AD-8EB6-4F35-9CC5-59079CAD7113}) (Version: 4.0.3 - LoanPerformance)
McAfee AntiSpyware Enterprise Module (HKLM\...\McAfee Anti-Spyware Enterprise Module) (Version: 8.5.0.163 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM\...\{35C03C04-3F1F-42C2-A989-A757EE691F65}) (Version: 8.6.0 - McAfee, Inc.)
Microsoft .NET Framework (English) (Version: 1.0.3705 - Microsoft) Hidden
Microsoft .NET Framework (English) v1.0.3705 (HKLM\...\Microsoft .NET Framework Full v1.0.3705 (1033)) (Version: - )
Microsoft .NET Framework 1.0 Hotfix (KB891864) (HKLM\...\M891864) (Version: - )
Microsoft .NET Framework 1.0 Hotfix (KB928367) (HKLM\...\M928367) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Hotfix (KB891865) (HKLM\...\M891865) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB953297) (HKLM\...\M953297) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft External Out of Office Assistant (HKLM\...\externaloof) (Version: - )
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (HKLM\...\VISPROR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio Viewer 2003 (English) (HKLM\...\{90520409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.3709.5614 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 2.0.30523.8 - Microsoft Corporation)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{2243F21A-E132-44F7-BA13-024D0845C815}) (Version: 8.05.1704 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.00.1399.06 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.00.1399.06 - Microsoft Corporation) Hidden
Microsoft SQL Server Management Studio Express (HKLM\...\{A4512736-8D63-4298-9271-5329931FA46B}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{BF251EAF-8697-4E89-BF09-C998F97BBC40}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1CBE3804-20DF-48DA-B048-895C206E80A5}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
NK04 - VirusScan (HKLM\...\{CB8BC782-6143-423F-8458-BEA64FB868E5}) (Version: 1.1.1020 - RBC - NK04)
Nortel Networks TunnelGuard (HKLM\...\{5650A422-0789-473F-B2C7-6C3D10CC9FFB}) (Version: 2.0.0.0 - Nortel Networks)
QuickTime (HKLM\...\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}) (Version: 7.62.14.0 - Apple Inc.)
Remote Access VPN Client (HKLM\...\{EF964A78-078C-11D1-B7A7-0000C0134CE6}) (Version: - )
Remove Hidden Data Tool (HKLM\...\{90F80409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6058.0 - Microsoft Corporation)
Safari (HKLM\...\{C5C649A8-1D21-4C83-9B08-7B3752E580F4}) (Version: 4.30.17.0 - Apple Inc.)
SMS Advanced Client (Version: 2.50.4160.2000 - Microsoft Corporation) Hidden
Snapshot Viewer (HKLM\...\{880D04DD-660B-4F4F-940A-F4DB6C95DE35}) (Version: 1.0.850 - RBC - 6N02)
Sothink Flash Downloader for Browser (HKLM\...\{888DEFB8-CFCE-43FE-A7C8-9B18C4450719}_is1) (Version: - SourceTec Software Co., LTD)
Sothink SWF Catcher (HKLM\...\{49273419-5179-4866-9F71-5CF346F302CF}_is1) (Version: 2.6 - SourceTec Software Co., LTD)
Sothink SWF Decompiler (HKLM\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.3 - SourceTec Software Co., LTD)
Sothink SWF Editor (HKLM\...\{0BF1DE3D-31B9-417F-A915-4BCC5AAEE3CD}_is1) (Version: 1.3 - SourceTec Software Co., LTD)
TextPad 5 (HKLM\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.3.1 - Helios)
ThinkPad Configuration (HKLM\...\{FC081D4D-DF1B-4CF1-B530-027E4118D846}) (Version: 1.51 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 1.16 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.33 - )
ThinkPad Power Manager (HKLM\...\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}) (Version: 1.12 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 7.5.17.18 - )
ThinkPad UltraNav Wizard (HKLM\...\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}) (Version: 3.03 - )
ThinkVantage Active Protection System (HKLM\...\{72806716-7088-41B2-8FA6-717A2A164DAB}) (Version: 1.40 - )
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB908531) (HKLM\...\KB908531) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB911280) (HKLM\...\KB911280) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB925720) (HKLM\...\KB925720) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB927891) (HKLM\...\KB927891) (Version: 3 - Microsoft Corporation)
Update for Windows XP (KB931836) (HKLM\...\KB931836) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB932823-v3) (HKLM\...\KB932823-v3) (Version: 3 - Microsoft Corporation)
Update for Windows XP (KB946627) (HKLM\...\KB946627) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB978207) (HKLM\...\KB978207) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version: - WebEx Communications, Inc)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows Media Player Enterprise Deployment (Version: 10.0.0.3802 - Microsoft Corporation) Hidden
Windows XP Hotfix - KB873333 (HKLM\...\KB873333) (Version: 20050114.005213 - Microsoft Corporation)
Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation)
Windows XP Hotfix - KB883667 (HKLM\...\KB883667) (Version: 20040812.104354 - Microsoft Corporation)
Windows XP Hotfix - KB885250 (HKLM\...\KB885250) (Version: 20050118.202711 - Microsoft Corporation)
Windows XP Hotfix - KB885453 (HKLM\...\KB885453) (Version: 20040924.183555 - Microsoft Corporation)
Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation)
Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation)
Windows XP Hotfix - KB888113 (HKLM\...\KB888113) (Version: 20041116.131036 - Microsoft Corporation)
Windows XP Hotfix - KB888302 (HKLM\...\KB888302) (Version: 20041207.111426 - Microsoft Corporation)
Windows XP Hotfix - KB890047 (HKLM\...\KB890047) (Version: 20041221.124506 - Microsoft Corporation)
Windows XP Hotfix - KB890175 (HKLM\...\KB890175) (Version: 20041201.233338 - Microsoft Corporation)
Windows XP Hotfix - KB890859 (HKLM\...\KB890859) (Version: 1 - Microsoft Corporation)
Windows XP Hotfix - KB891781 (HKLM\...\KB891781) (Version: 20050110.165439 - Microsoft Corporation)
Windows XP Hotfix - KB893066 (HKLM\...\KB893066) (Version: 1 - Microsoft Corporation)
Windows XP Hotfix - KB893086 (HKLM\...\KB893086) (Version: 1 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip v9.0 (HKLM\...\{B233F2BB-F1D0-460F-88E0-5C19C9132B1A}) (Version: 9.0.930 - RBC - KC10)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
YES1 - Sygate Personal Firewall   (HKLM\...\{AD93A3B7-3AE5-4A99-B9DD-236075A747BE}) (Version: 1.0.970 - RBC)
YKG1 - Centra Client (HKLM\...\{5FC0907C-69A4-4DED-95C8-54F58784C8E7}) (Version: 1.0.970 - RBC - YKG1)
YKJ2 - Central Configuration Utility (HKLM\...\{95AACF74-B3F5-463B-85D8-D2B76339E735}) (Version: 1.0.1010 - RBC - YKJ2)
YLM2 - RBC Enterprise Library (HKLM\...\{4D95051A-A4EE-4EC9-816C-6461A09BF79D}) (Version: 1.0.930 - RBC - YLM2)
YLM7 - RBC Enterprise Library 2.0 (HKLM\...\{71F5D26D-4836-4124-85AE-48D3DB450DB9}) (Version: 1.0.970 - RBC - YLM7)
YND1 - Symantec Enterprise Vault Outlook Add-In (HKLM\...\{68E9F885-3B73-4884-A598-31FC2C7F8E63}) (Version: 7.5.1250 - RBC - YND1 (Symantec Corporation))
YNX3 - Desktop/Laptop Cisco Wireless Drivers (HKLM\...\{D3E95890-DE97-4A4C-89DC-6056A62619AE}) (Version: 1.0.980 - RBC - YNX3)
YNX4 - Intel Wireless Drivers (HKLM\...\{1B0FAEF9-0E29-41AB-BDBF-E443DB5DE609}) (Version: 1.0.1010 - RBC - YNX4)
YRU4 - Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4693 - )
YSOG - T60 BIOS Code (HKLM\...\{FDB42124-1AAA-42E4-B6D5-46652BF58150}) (Version: 1.0.1010 - RBC - YSOG)
YSOK - CMOS Files (HKLM\...\{96434172-9754-4BC9-A317-10E69F1349FC}) (Version: 1.0.980 - RBC - YSOK)
Zinio Reader 4 (HKLM\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.2.3972 - Zinio LLC)
Zinio Reader 4 (Version: 4.2.3972 - Zinio LLC) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3510421623-2965073675-2411060337-1012_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll No File

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-10-18 11:49 - 2014-06-21 08:27 - 00000098 ____A C:\WINNT\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINNT\Tasks\Adobe Flash Player Updater.job => C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINNT\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINNT\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINNT\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-09-01 02:55 - 2006-02-01 16:09 - 00024576 ____N () C:\WINNT\system32\tphklock.dll
2007-09-01 02:55 - 2005-11-11 02:33 - 00073782 ____N () C:\WINNT\system32\ibmpmsvc.exe
2005-10-06 23:18 - 2005-10-06 23:18 - 00385024 ____N () C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
2009-04-25 11:37 - 2007-12-14 15:06 - 00120128 _____ () C:\Program Files\Network Associates\Common Framework\naXML2_71.dll
2009-04-25 11:37 - 2007-12-14 15:06 - 00156992 _____ () C:\Program Files\Network Associates\Common Framework\naisign2.DLL
2006-11-30 08:50 - 2006-11-30 08:50 - 00149080 _____ () C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll
2005-04-27 11:02 - 2005-04-27 11:02 - 00036864 ____N () C:\IBMTOOLS\eGatherer\launcheg.exe
2005-04-27 11:07 - 2005-04-27 11:07 - 00221184 ____N () C:\Program Files\IBM\IBM Rapid Restore Ultra\rrucmd.exe
2005-04-27 11:12 - 2005-04-27 11:12 - 00131072 ____N () C:\Program Files\IBM\IBM Rapid Restore Ultra\ui.dll
2005-04-27 11:12 - 2005-04-27 11:12 - 00139264 ____N () C:\Program Files\IBM\IBM Rapid Restore Ultra\CDRecord.dll
2005-04-27 11:10 - 2005-04-27 11:10 - 00069632 ____N () C:\Program Files\IBM\IBM Rapid Restore Ultra\zlib.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 01159289 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\client\jvm.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00028787 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\hpi.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00057449 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\verify.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00102511 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\java.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00053360 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\zip.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00057451 ____R () C:\Program Files\Nortel Networks\TunnelGuard\jre\bin\net.dll
2005-09-06 16:50 - 2005-09-06 16:50 - 00077824 ____N () C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIcon.DLL
2014-06-18 16:36 - 2014-02-21 13:16 - 00265216 _____ () C:\Program Files\Bitcasa\ExplorerMenu.dll
2014-06-18 16:36 - 2014-02-21 13:06 - 02064896 _____ () C:\Program Files\Bitcasa\bitcasaui.dll
2007-09-01 03:59 - 2005-12-07 02:12 - 00036864 ____N () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
2007-09-01 03:59 - 2005-12-07 02:12 - 00073728 ____N () C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
2009-04-25 19:16 - 2006-11-06 14:00 - 00651264 _____ () C:\Program Files\iPass\iPassConnect\LIBEAY32.dll
2007-09-01 02:55 - 2006-02-01 16:09 - 00094208 ____N () C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
2007-09-01 02:55 - 2006-02-01 16:09 - 00077824 ____N () C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
2011-08-30 08:46 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Admin (S-1-5-21-3510421623-2965073675-2411060337-1014 - Administrator - Enabled) => d:\data\Admin
administrator (S-1-5-21-3510421623-2965073675-2411060337-1007 - Administrator - Enabled) => d:\data\administrator.3YFK943Z
ASPNET (S-1-5-21-3510421623-2965073675-2411060337-1003 - Limited - Enabled)
Guest (S-1-5-21-3510421623-2965073675-2411060337-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3510421623-2965073675-2411060337-1005 - Limited - Disabled)
rainmaker (S-1-5-21-3510421623-2965073675-2411060337-1012 - Administrator - Enabled) => d:\data\rainmaker
rbcadmin (S-1-5-21-3510421623-2965073675-2411060337-500 - Administrator - Enabled) => d:\data\Administrator
rbc_troppus (S-1-5-21-3510421623-2965073675-2411060337-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/01/2014 08:00:23 AM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (10/01/2014 08:00:09 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17190) (User: )
Description: FallBack certificate initialization failed with error code: 1.

Error: (10/01/2014 07:59:59 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (10/01/2014 07:59:59 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (10/01/2014 07:59:22 AM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (09/30/2014 07:44:13 AM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1683.4989kb9799061033643finstallx865.1.2600.2.2.0.2560

Error: (09/30/2014 07:44:13 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{2A3320D6-C805-4280-B423-B665BDE33D8F}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINNT\TEMP\NDP1.1sp1-KB979906-X86\NDP1.1sp1-KB979906-X86-msi.0.log.

Error: (09/30/2014 07:44:11 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (09/30/2014 06:08:15 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (09/30/2014 06:06:44 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

System errors:
=============
Error: (10/01/2014 07:59:49 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (10/01/2014 07:59:46 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (10/01/2014 07:59:34 AM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0) disappeared from the system without first being prepared for removal.

Error: (10/01/2014 07:59:22 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain OAK due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (09/30/2014 07:44:14 AM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906).

Error: (09/30/2014 07:43:45 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB} did not register with DCOM within the required timeout.

Error: (09/30/2014 07:43:19 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (09/30/2014 03:53:54 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain OAK due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (09/30/2014 03:24:16 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 479 minutes.
NtpClient has no source of accurate time.

Error: (09/30/2014 03:01:02 AM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906).

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ Duo CPU T2400 @ 1.83GHz
Percentage of memory in use: 41%
Total physical RAM: 1526.36 MB
Available physical RAM: 887.41 MB
Total Pagefile: 4225.84 MB
Available Pagefile: 3716.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.66 MB

==================== Drives ================================

Drive c: (COE) (Fixed) (Total:60.45 GB) (Free:21.76 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (DATA) (Fixed) (Total:32.7 GB) (Free:6.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 93.2 GB) (Disk ID: DAEEECAE)
Partition 1: (Active) - (Size=60.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=32.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#22
Biscuithd

Posted 01 October 2014 - 09:25 AM

Trusted Helper

Malware Removal
2,573 posts

I should have asked, is the problem only in Chrome?

If it's in IE and FF, then stop and tell me, otherwise, continue with these instructions.

First follow these instructions here. This will reset Chrome and disable all your extensions. Once complete, try Chrome and see if the issue is resolved. If not, tell me. If so, you can then re-enable your extensions one at a time until your figure out the culprit. Do that by starting Chrome and place this chrome://extensions in your address bar enable one (or more) at a time until you figure out which is the culprit.

I think it's this one, but you have to test to be sure.

CHR Extension: (Best Save) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifkgichhpmabepjkbkmfeclembjdbpml [2014-08-26]

#23
amanda222

Posted 04 October 2014 - 08:50 AM

Member

Topic Starter
Member
16 posts

Yes, the issue is with Chrome. Let me try these steps and will report back! Thanks!!

#24
amanda222

Posted 04 October 2014 - 08:55 AM

Member

Topic Starter
Member
16 posts

That fix seems to have corrected Chrome. Not seeing the redirects or new tabs poping up!

#25
Biscuithd

Posted 05 October 2014 - 07:10 AM

Trusted Helper

Malware Removal
2,573 posts

That fix seems to have corrected Chrome. Not seeing the redirects or new tabs poping up!

Excellent news!

Yes, I should have remembered that when some of these infections are removed, the Browser needs to be reset. Sorry about that.

Ok, let's finish the cleaning. I have two tools for your to use that will take care of any remnants that might be lurking on your machine.

We'll search for some remnants that might be hiding.

Please download Malwarebytes Anti-Malware and save it to your desktop.

Install the progam and select update

Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits

Go back to the Dashboard and select Scan Now

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot

On completion of the scan (or after the reboot) select View Detailed Log

Select Export > Select text file and save to the desktop.

Please post that log for my review.

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

Accept the Terms of Use and click Start.
Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

Download esetsmartinstaller_enu.exe that you'll be given link to.
Double click esetsmartinstaller_enu.exe.
Allow the Terms of Use and click Start.

To perform the scan:

Make sure that Remove found threats is unchecked.
Scan archives is checked.
In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
Click Start
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. This may take several hours. Please, be patient.
Do not do anything on your machine as it may interrupt the scan.
When the scan is done, click Finish.
A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.

Don't forget to re-enable previously switched-off protection software!

#26
Biscuithd

Posted 08 October 2014 - 01:04 PM

Trusted Helper

Malware Removal
2,573 posts

Were you able to do the last two scans?

How is the machine working?

#27
amanda222

Posted 08 October 2014 - 07:28 PM

Member

Topic Starter
Member
16 posts

Sorry was traveling for work. Will run these tomorrow and post back

#28
Biscuithd

Posted 09 October 2014 - 05:38 AM

Trusted Helper

Malware Removal
2,573 posts

Sorry was traveling for work. Will run these tomorrow and post back

No problem :thumbsup: Just checking

#29
amanda222

Posted 10 October 2014 - 07:29 AM

Member

Topic Starter
Member
16 posts

Here are the MAM logs:

Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 2014/10/10 8:19:01 AM, SYSTEM, 3YFK943Z, Protection, Malware Protection, Starting,
Protection, 2014/10/10 8:19:01 AM, SYSTEM, 3YFK943Z, Protection, Malware Protection, Started,
Protection, 2014/10/10 8:19:01 AM, SYSTEM, 3YFK943Z, Protection, Malicious Website Protection, Starting,
Protection, 2014/10/10 8:19:26 AM, SYSTEM, 3YFK943Z, Protection, Malicious Website Protection, Started,
Protection, 2014/10/10 9:24:11 AM, SYSTEM, 3YFK943Z, Protection, Malicious Website Protection, Stopping,
Protection, 2014/10/10 9:24:11 AM, SYSTEM, 3YFK943Z, Protection, Malicious Website Protection, Stopped,
Protection, 2014/10/10 9:24:12 AM, SYSTEM, 3YFK943Z, Protection, Malicious Website Protection, Starting,
Protection, 2014/10/10 9:24:28 AM, SYSTEM, 3YFK943Z, Protection, Malicious Website Protection, Started,
Protection, 2014/10/10 9:26:28 AM, SYSTEM, 3YFK943Z, Protection, Malware Protection, Starting,
Protection, 2014/10/10 9:26:28 AM, SYSTEM, 3YFK943Z, Protection, Malware Protection, Started,
Protection, 2014/10/10 9:26:29 AM, SYSTEM, 3YFK943Z, Protection, Malicious Website Protection, Starting,
Protection, 2014/10/10 9:26:49 AM, SYSTEM, 3YFK943Z, Protection, Malicious Website Protection, Started,

(end)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2014/10/10
Scan Time: 8:23:41 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.09.10
Rootkit Database: v2014.10.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 2
CPU: x86
File System: NTFS
User: rainmaker

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 656864
Time Elapsed: 33 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-3510421623-2965073675-2411060337-1012-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TidyNetwork, Quarantined, [4cfc21f1fb8191a5f098bc85e023e917],

Registry Values: 5
Hijack.ControlPanelStyle, HKU\S-1-5-21-1123561945-1364589140-839522115-10467-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, Quarantined, [71d7fd15a0dc3105d28f7b3fcc37bb45]
Hijack.ControlPanelStyle, HKU\S-1-5-21-1123561945-1364589140-839522115-54252-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, Quarantined, [a1a715fd314be84e8bd68436877c7f81]
Hijack.ControlPanelStyle, HKU\S-1-5-21-1123561945-1364589140-839522115-61785-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, Quarantined, [c48445cda1dbd561ee735961cd36669a]
Hijack.ControlPanelStyle, HKU\S-1-5-21-3510421623-2965073675-2411060337-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, Quarantined, [3414e52d740850e6ca97c6f4fd06926e]
PUP.Optional.QuickStart.A, HKU\S-1-5-21-3510421623-2965073675-2411060337-1012-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, [email protected], Quarantined, [2e1ac250d8a492a412ab081f29daed13]

Registry Data: 4
PUM.Hijack.DisplayProperties, HKU\S-1-5-21-1123561945-1364589140-839522115-10467-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispBackgroundPage, 1, Good: (0), Bad: (1),Replaced,[f157ad652e4e8da9dd8828ecc63f53ad]
PUM.Hijack.DisplayProperties, HKU\S-1-5-21-1123561945-1364589140-839522115-54252-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispBackgroundPage, 1, Good: (0), Bad: (1),Replaced,[8cbcd43e5f1d63d3e4819e760203ef11]
PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3510421623-2965073675-2411060337-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispBackgroundPage, 1, Good: (0), Bad: (1),Replaced,[95b316fc403c47ef164fff15976e21df]
PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3510421623-2965073675-2411060337-1014-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispBackgroundPage, 1, Good: (0), Bad: (1),Replaced,[e3655cb67c00b1851a4b4fc58d7816ea]

Folders: 0
(No malicious items detected)

Files: 14
PUP.Optional.Booster.A, D:\data\All Users\Application Data\VenusApp Software\SW-Booster\SW-Booster.exe, Quarantined, [8cbcb45e6d0f171fda0486037c86966a],
PUP.Optional.OptimumInstaller.A, D:\data\rainmaker\My Documents\Downloads\Player-Chrome.exe, Quarantined, [d5737a9884f88babea25adb452afd62a],
PUP.Optional.OneClickDownloader.A, D:\data\rainmaker\My Documents\Downloads\Cg_2.12.14_Stefanie-Knight-welcome-to-eden.rar.exe, Quarantined, [a7a10a08e795f244ef8557f846bba957],
PUP.Optional.OneClickDownloader.A, D:\data\rainmaker\My Documents\Downloads\Cg_6.7.14_Sarah-Summers-county-cutie.rar.exe, Quarantined, [c0881cf6c7b535015e0f77ae8f72ac54],
PUP.Optional.InstallRex, D:\data\rainmaker\My Documents\Downloads\DownloadSetup (1).exe, Quarantined, [dc6c27ebcfad9b9badedead0b74ae31d],
PUP.Optional.Amonetize, D:\data\rainmaker\My Documents\Downloads\Cg 3.21.14 Stefanie Knight heating up.rar__3515_i476823652_il4936957.exe, Quarantined, [aa9e5cb6afcdb97d1207258c21e032ce],
PUP.Optional.InstallRex, D:\data\rainmaker\My Documents\Downloads\DownloadSetup (2).exe, Quarantined, [ff49f61c86f6072f0892b802b05112ee],
PUP.Optional.OneClickDownloader.A, D:\data\rainmaker\My Documents\Downloads\Pm_5.8.14_Shelby-Chesnes-simple-pleasures.rar.exe, Quarantined, [61e7bd55671559ddfc711c096e93ae52],
PUP.Optional.Somoto, D:\data\rainmaker\My Documents\Downloads\stefanie-knight-heating-up-nude_downloader-7vSQSVtE.exe, Quarantined, [133552c05d1fc076457ef39d33d1629e],
PUP.Optional.OneClickDownloader.A, D:\data\rainmaker\My Documents\Downloads\stefanie-knight-perfect-body-nude.zip.exe, Quarantined, [74d49979b7c57abc86ee0f405ba66d93],
PUP.Optional.OutBrowse, D:\data\rainmaker\My Documents\Downloads\install-flashplayer.exe, Quarantined, [ec5c7f93ec9053e3981af1a790710000],
PUP.Optional.Installrex, D:\data\rainmaker\My Documents\Downloads\LucyPinder.info - Photo Siterip Thru 2013-12-15.exe, Quarantined, [7bcd1101c7b553e3ec32e6d1699841bf],
PUP.Optional.AdPeak.A, C:\Temp\InstallFilter32.msi, Quarantined, [d474e52d7c0061d54762f6475ea21be5],
PUP.Optional.SupraSavings.A, C:\Temp\t.msi, Quarantined, [0147bd556f0d31059632678654b0817f],

Physical Sectors: 0
(No malicious items detected)

(end)

#30
amanda222

Posted 10 October 2014 - 09:39 AM

Member

Topic Starter
Member
16 posts

Here is the other scan

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c4033d670c59754b8438d735422993cc
# engine=20535
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-10 03:27:40
# local_time=2014-10-10 11:27:40 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode_1='McAfee VirusScan Enterprise'
# compatibility_mode=5128 16777213 75 83 171319718 247145860 0 0
# scanned=97661
# found=45
# cleaned=0
# scan_time=6098
sh=C0F4BCB661E0283F19DD86B5A8F6A3F9B7EB02B6 ft=1 fh=c71c00117709e63a vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\System Volume Information\_restore{04A00B27-8B39-4593-8FFB-5D15AC5C9F67}\RP1000\A0170552.dll"
sh=B56A5511BF5713584B83863E6A7FEA9BB3F36FD9 ft=1 fh=c71c0011ec2a40e7 vn="a variant of Win64/Adware.MultiPlug.D application" ac=I fn="C:\System Volume Information\_restore{04A00B27-8B39-4593-8FFB-5D15AC5C9F67}\RP1000\A0170553.dll"
sh=C0F4BCB661E0283F19DD86B5A8F6A3F9B7EB02B6 ft=1 fh=c71c00117709e63a vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\System Volume Information\_restore{04A00B27-8B39-4593-8FFB-5D15AC5C9F67}\RP1001\A0170653.dll"
sh=B56A5511BF5713584B83863E6A7FEA9BB3F36FD9 ft=1 fh=c71c0011ec2a40e7 vn="a variant of Win64/Adware.MultiPlug.D application" ac=I fn="C:\System Volume Information\_restore{04A00B27-8B39-4593-8FFB-5D15AC5C9F67}\RP1001\A0170654.dll"
sh=3646742A1F4A951A2CBCFBC52EBD912AF6BE40F1 ft=1 fh=1d0e953539d0474f vn="a variant of Win32/SProtector.D potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{04A00B27-8B39-4593-8FFB-5D15AC5C9F67}\RP1003\A0172742.dll"
sh=C0F4BCB661E0283F19DD86B5A8F6A3F9B7EB02B6 ft=1 fh=c71c00117709e63a vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\System Volume Information\_restore{04A00B27-8B39-4593-8FFB-5D15AC5C9F67}\RP1003\A0172743.dll"
sh=B56A5511BF5713584B83863E6A7FEA9BB3F36FD9 ft=1 fh=c71c0011ec2a40e7 vn="a variant of Win64/Adware.MultiPlug.D application" ac=I fn="C:\System Volume Information\_restore{04A00B27-8B39-4593-8FFB-5D15AC5C9F67}\RP1003\A0172745.dll"
sh=32F99788C6D45851A067C84FFFA1116E54CA3EF3 ft=1 fh=c71c00116263307f vn="a variant of Win32/SProtector.D potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{04A00B27-8B39-4593-8FFB-5D15AC5C9F67}\RP1003\A0172748.dll"
sh=46560D0E2662C1C44F72B68EA5A3C2D7F0E77EBE ft=1 fh=c71c001105569964 vn="a variant of Win32/ELEX.AD potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{04A00B27-8B39-4593-8FFB-5D15AC5C9F67}\RP999\A0170435.exe"
sh=D2BC806A05A53DE0B69451EE2457CBAAB005F812 ft=1 fh=c71c0011240d44a4 vn="a variant of Win32/Thinknice.B potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{04A00B27-8B39-4593-8FFB-5D15AC5C9F67}\RP999\A0170437.dll"
sh=08241F4AF87D458B55B701FF9760C627C4A4BE5D ft=1 fh=c71c00113f80be9f vn="Win64/Thinknice.A potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{04A00B27-8B39-4593-8FFB-5D15AC5C9F67}\RP999\A0170438.dll"
sh=A8B6642986C14994DCDD0AD231A2A972F0DAE16B ft=1 fh=c71c0011202d025d vn="a variant of Win32/Thinknice.B potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{04A00B27-8B39-4593-8FFB-5D15AC5C9F67}\RP999\A0170439.dll"
sh=7CDFAC0B98D11269B85E9792C2A8691FAE147599 ft=1 fh=9b79fa80baa436d8 vn="a variant of Win64/Thinknice.B potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{04A00B27-8B39-4593-8FFB-5D15AC5C9F67}\RP999\A0170443.dll"
sh=865DADC923E300F431CFDE193EF8A3E8AA452914 ft=1 fh=f69724dd4d671843 vn="a variant of Win64/Thinknice.C potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{04A00B27-8B39-4593-8FFB-5D15AC5C9F67}\RP999\A0170445.dll"
sh=079B025C4704D1D26F6B4AC4D1729C5DF4A3D489 ft=1 fh=c71c001104e3a0de vn="Win32/Thinknice.A potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{04A00B27-8B39-4593-8FFB-5D15AC5C9F67}\RP999\A0170446.dll"
sh=E16893EC0AB084A8DB5F87A5C9A29B0B2846D7F9 ft=1 fh=cca47823c3292533 vn="a variant of Win32/Toolbar.Iminent.C potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{04A00B27-8B39-4593-8FFB-5D15AC5C9F67}\RP999\A0170448.exe"
sh=7F29C65D27184E6C1E65253A19154568335D994C ft=1 fh=8dfecc9f0b4d34d4 vn="Win32/AdvancedSystemProtector.A potentially unwanted application" ac=I fn="C:\zoek_backup\C_WINNT_system32_sasnative32.exe.vir"
sh=712FC4DCBFF95EAE7E198E6A3137480721A1664D ft=1 fh=9d4cd292ed7fc56d vn="Win32/InstallMate.A potentially unwanted application" ac=I fn="C:\zoek_backup\d_data_rainmaker_My Documents_Downloads_DownloadSetup.exe.vir"
sh=458A7DCB3C85CBE3C93EB7876FA0E6CD7E07F0F6 ft=1 fh=c71c0011129d357b vn="a variant of Win32/AdWare.MultiPlug.T application" ac=I fn="C:\zoek_backup\d_data_ALLUSE~1_APPLIC~1_SAAvErrAddon\KBJqEAtVe.exe"
sh=9896DAB927F232F334AAC794EE39E4741E8560AD ft=1 fh=20cdc242a13dadda vn="MSIL/AdvancedSystemProtector.D potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\C\Program Files\RegClean Pro\systweakasp.exe.vir"
sh=C0F4BCB661E0283F19DD86B5A8F6A3F9B7EB02B6 ft=1 fh=c71c00117709e63a vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="D:\AdwCleaner\Quarantine\C\Program Files\Search-NeewTab\0trWpx5X.dll.vir"
sh=B56A5511BF5713584B83863E6A7FEA9BB3F36FD9 ft=1 fh=c71c0011ec2a40e7 vn="a variant of Win64/Adware.MultiPlug.D application" ac=I fn="D:\AdwCleaner\Quarantine\C\Program Files\Search-NeewTab\0trWpx5X.x64.dll.vir"
sh=6F4FD559E82ECD0E9BF238374A8AE7763D9AF88F ft=1 fh=0fe3e64a55eab364 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\SPTool.dll.vir"
sh=09975ED04166B761DC1CED0B15BAE6D37DCC0560 ft=1 fh=919d2464905062de vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir"
sh=CC7735B51ACFC778DAFCE7B9C25798C1149059CA ft=1 fh=bdcf262ba56c13e6 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=C2BF9E02AAF8CD61356523AF0425BD4DEEE8A0E8 ft=1 fh=aed2a53e39c1b826 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=E07AC00C609A9096EFEDCF5839D77AD91C96BD2D ft=1 fh=a44174895411af10 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=6C0CFF21847BEBDC22C8ED1C8A24ED19724D7741 ft=1 fh=91d5fb4f6ab1ad55 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=19D4CD0E4DDB51C3B3A25676F68963807BE1710C ft=1 fh=5c3c9fe0db73a8b4 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=3AE79DE1D9A3C56075DB1B53DF9D7880AE03A5F6 ft=1 fh=bd390a3911fc5a39 vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=0F00EB8310C851AAD8AE9C7C17EF5F0D81617D3A ft=1 fh=1090c94a8e08b65e vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=32F99788C6D45851A067C84FFFA1116E54CA3EF3 ft=1 fh=c71c00116263307f vn="a variant of Win32/SProtector.D potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\C\Program Files\sw-booster\Assistant.dll.vir"
sh=3646742A1F4A951A2CBCFBC52EBD912AF6BE40F1 ft=1 fh=1d0e953539d0474f vn="a variant of Win32/SProtector.D potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\C\Program Files\sw-booster\AssistantSvc.dll.vir"
sh=C746A4049FC2E4C926520485A8F3817D798C6246 ft=1 fh=31ae8a6fe7d9ac4a vn="a variant of Win32/Systweak.A potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\C\WINNT\system32\roboot.exe.vir"
sh=D1933549C59D151AEC77010E665D2E60EB16F24C ft=1 fh=c71c0011a031ef1a vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="D:\AdwCleaner\Quarantine\d\data\All Users\Application Data\Isaver\HqIxdafdhd.dll.vir"
sh=A0510838E7A5E9977D513C495BA969494C26FFBF ft=1 fh=c71c001140221e1e vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="D:\AdwCleaner\Quarantine\d\data\All Users\Application Data\Isaver\HqIxdafdhd.exe.vir"
sh=57A6CA45DC88B35381E368A7333BB1447684B872 ft=1 fh=c71c001189a3012b vn="a variant of Win32/AdWare.MultiPlug.CK application" ac=I fn="D:\AdwCleaner\Quarantine\d\data\All Users\Application Data\Search-NeewTab\WKPMdpUra.exe.vir"
sh=079B025C4704D1D26F6B4AC4D1729C5DF4A3D489 ft=1 fh=c71c001104e3a0de vn="Win32/Thinknice.A potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\d\data\rainmaker\Application Data\SupTab\SupTab.dll.vir"
sh=BED7D4112F66A980A31E556608ECDE49C428F259 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="D:\data\All Users\Application Data\InstallMate\{75146767-958B-489D-AA76-DDA9AEF74591}\Custom.dll"
sh=1134C01276E5DB3554AA6D43A97234ABB6505C51 ft=1 fh=4f94dd565a2a151b vn="a variant of Win32/InstallCore.W potentially unwanted application" ac=I fn="D:\data\rainmaker\My Documents\Downloads\Denise_Milani_Photoset_Collection_-_Part_3_(PlayBoyMan).rar_downloader.exe"
sh=E1EE4470977FF6081F3335D50F071640A8D405E0 ft=1 fh=65e2fb4828adb020 vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="D:\data\rainmaker\My Documents\Downloads\Firefox_Setup_17.0.exe"
sh=1FBB1DAA25B9097C9F5F8BB1DC4D205E23EF1883 ft=1 fh=34ad8a10ae132cbf vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="D:\data\rainmaker\My Documents\Downloads\Setup (1).exe"
sh=C459208E908F56339C47A9E739838792FD4B4E57 ft=1 fh=31f2c402da0c3ada vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="D:\data\rainmaker\My Documents\Downloads\Setup (2).exe"
sh=32F04B7998CB6CBF135749C5E2F7D9B3E2D98246 ft=1 fh=e90ff010781407dc vn="Win32/Adware.1ClickDownload.G application" ac=I fn="D:\data\rainmaker\My Documents\Downloads\Sexy_Denise_Milani_on_Happy_4th_of_July_HQ_Photo_Shoot.exe"
sh=8E5C001A0799250227577573560F39E208FF3A61 ft=0 fh=0000000000000000 vn="MSIL/FakeTool.II trojan" ac=I fn="D:\data\rainmaker\My Documents\Downloads\Yahoo Messenger Password Hacker 1.2 Beta.zip"