Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trovi Browser hijack on new Windows 8.1 machine and old Windows XP mac


  • This topic is locked This topic is locked

#16
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
Hello,

It's always best to view these instructions on another computer.

Close all browser windows.
Open Hijackthis
This time do a System Scan only
Wait for the scan result to load.

Place a check in the following entries:
O4 - HKLM\..\Run: [Dell QuickSet] C:\PROGRAM FILES\DELL\QUICKSET\QUICKSET.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O18 - Protocol: bw+0 - {2E6F22AF-D5F4-4398-910A-99788C112F59} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {2E6F22AF-D5F4-4398-910A-99788C112F59} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {2E6F22AF-D5F4-4398-910A-99788C112F59} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: McAfee Task Manager (McTaskManager) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
  • Click fix checked
  • Close Hijackthis.
  • Reboot.
  • Post a new Hijackthis.
You can double check the 04's if you would like, so you know what these programs are.
To do that:
Example entry--> O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
Now search Google for--> EULALauncher.exe
Look for the bleeping computer link "Program information" and it gives a description of the program. It's possible you may find one you want to add or one that you don't want to fix.

Thanks
Joe
  • 0

Advertisements


#17
clydec

clydec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

Here's the latest Hijack This log after running the fix. I didn't check the Canon Printer entries since a Canon is the printer I currently use. There are Epson entries probably from the previous household printer. I have a Dell Network Assistant that runs at start up. It is long expired and I always close it. Upon start up, I always have to go to Services, run Wireless Zero Configuration and then check use Windows to detect wireless networks in the wireless network properties.

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:48:00 AM, on 12/6/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
CHROME: 39.0.2171.71
FIREFOX: 11.0 (en-US)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\PROGRAM FILES\ERASER\ERASER.EXE
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Adria Zoe Palinsky\My Documents\Downloads\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.crossmar...son=0&formdir=3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071122
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKCU\..\Run: [Eraser] C:\PROGRAM FILES\ERASER\ERASER.EXE -hide
O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [1351BD77A9084D0331B2E9D1271C3C64AE834D2A._service_run] "C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1197168806134
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: McAfee Task Manager (McTaskManager) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (file missing)
O23 - Service: NETGEARGenieDaemon - NETGEAR - C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
 
--
End of file - 8843 bytes

  • 0

#18
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
Download Security Check by screen317 from Here or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • 0

#19
clydec

clydec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

Here's the Security Check log;

 

 Results of screen317's Security Check version 0.99.91  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Microsoft Security Essentials    
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 2.0.3.1025  
 Adobe Flash Player 15.0.0.239  
 Adobe Reader XI  
 Mozilla Firefox 11.0 Firefox out of Date!  
 Mozilla Thunderbird (17.0.8) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 6% 
````````````````````End of Log`````````````````````` 

  • 0

#20
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
So only Firefox is an issue there, you can up date Firefox from the Help tab in the browser, click help, click About Firefox, and up date.

Can we see another scan. This has to be downloaded to the desktop. If it ends up in the downloads folder move to the desktop. This is a diagnostics scan and we will see what it shows.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from. The Desktop!
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#21
clydec

clydec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

Wow. Couldn't get on geeks to go for awhile.

 

Ran Farbar. It stopped during the scan and gave an 'encountered a problem and needs to close' message. Didn't try to run it again. I do have the logs on the desktop and have included them below.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-12-2014 02
Ran by Adria Zoe Palinsky (administrator) on CLYDE on 06-12-2014 12:42:00
Running from C:\Documents and Settings\Adria Zoe Palinsky\Desktop
Loaded Profile: Adria Zoe Palinsky (Available profiles: Adria Zoe Palinsky)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
(SingleClick Systems) C:\Program Files\Dell Network Assistant\hnm_svc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
() C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(Google Inc.) C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\PROGRA~1\MI3AA1~1\rapimgr.exe
(Google Inc.) C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [851968 2007-04-27] (Synaptics, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2007-03-16] (Dell Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\...\Run: [Eraser] => C:\PROGRAM FILES\ERASER\ERASER.EXE [916240 2007-12-22] (The Eraser Project)
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\...\Run: [OpenDNS Updater] => C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\...\Run: [1351BD77A9084D0331B2E9D1271C3C64AE834D2A._service_run] => C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [856904 2014-11-25] (Google Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
ShortcutTarget: Dell Network Assistant.lnk -> C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.crossmar...son=0&formdir=3
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4101731986-3624329164-1986708144-1006: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin HKU\S-1-5-21-4101731986-3624329164-1986708144-1006: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-4101731986-3624329164-1986708144-1006: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-4101731986-3624329164-1986708144-1006: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4101731986-3624329164-1986708144-1006: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\msvcm80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\msvcp80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\msvcr80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Adria Zoe Palinsky\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Adria Zoe Palinsky\Application Data\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default\searchplugins\aolsearch.xml
FF Extension: Move Media Player - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default\Extensions\[email protected] [2009-01-29]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-12]
FF Extension: Harley Davidson - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default\Extensions\{2c088200-b973-11db-8314-0800200c9a66}(2) [2009-07-15]
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-04-18]
FF Extension: AddThis - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2013-05-19]
FF Extension: Adblock Plus - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2009-07-14]
FF Extension: LastFM - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default\Extensions\{82BC70E0-FE85-11DA-A899-3A655C103D30}.xpi [2011-06-26]
FF Extension: FireFTP - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-05-10]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}(2) [2009-06-08]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-03]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-29]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3B7A82D1-58FD-4B86-9F4C-0A97FBA915A2&SearchSource=55&CUI=&UM=6&UP=SP3BC5F913-3AB8-417F-9DEB-E2BBA30D48D2&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3B7A82D1-58FD-4B86-9F4C-0A97FBA915A2&SearchSource=55&CUI=&UM=6&UP=SP3BC5F913-3AB8-417F-9DEB-E2BBA30D48D2&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () [File not signed]
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [77824 2002-01-29] () [File not signed]
R2 EPSONStatusAgent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [94208 2002-07-17] (SEIKO EPSON CORPORATION) [File not signed]
R2 hnmsvc; C:\Program Files\Dell Network Assistant\hnm_svc.exe [112176 2007-05-25] (SingleClick Systems)
R2 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-10-19] (Logitech Inc.)
R2 LVPrcSrv; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [99888 2006-06-26] (Logitech Inc.)
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [189440 2014-03-23] (NETGEAR) [File not signed]
S4 PuranDefrag; C:\WINDOWS\system32\PuranDefragS.exe [229376 2010-05-17] (Puran Software) [File not signed]
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.) [File not signed]
S2 McAfeeFramework; "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [X]
S2 McTaskManager; "C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2007-05-15] (Advanced Micro Devices)
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R0 atiide; C:\WINDOWS\System32\DRIVERS\atiide.sys [3456 2007-05-23] (ATI Technologies Inc.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2007-03-16] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209152 2007-04-23] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989696 2007-04-23] (Conexant Systems, Inc.)
S3 LVcKap; C:\WINDOWS\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)
S3 LVMVDrv; C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)
R3 LVPr2Mon; C:\WINDOWS\System32\drivers\LVPr2Mon.sys [25624 2007-10-11] ()
S3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35088 2014-09-25] (CACE Technologies, Inc.)
S2 Packet; C:\WINDOWS\System32\DRIVERS\packet.sys [12672 2006-12-18] (SingleClick Systems) [File not signed]
S3 pepifilter; C:\WINDOWS\System32\DRIVERS\lv302af.sys [13848 2007-10-11] (Logitech Inc.)
S3 PID_08A0; C:\WINDOWS\System32\DRIVERS\LV302AV.SYS [720176 2006-06-22] (Logitech Inc.)
S3 PID_PEPI; C:\WINDOWS\System32\DRIVERS\LV302V32.SYS [1279000 2007-10-11] (Logitech Inc.)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1228296 2007-04-23] (SigmaTel, Inc.)
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [32000 2008-07-10] (Apple, Inc.) [File not signed]
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-06 12:42 - 2014-12-06 12:42 - 00024695 _____ () C:\Documents and Settings\Adria Zoe Palinsky\Desktop\FRST.txt
2014-12-06 12:41 - 2014-12-06 12:42 - 00000000 ____D () C:\FRST
2014-12-06 12:38 - 2014-12-06 12:38 - 01111040 _____ (Farbar) C:\Documents and Settings\Adria Zoe Palinsky\Desktop\FRST.exe
2014-12-06 12:36 - 2014-12-06 12:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-06 12:36 - 2014-12-06 12:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2014-12-05 23:19 - 2014-12-05 23:19 - 00000000 ____D () C:\_OTL
2014-12-05 22:35 - 2014-12-05 22:35 - 00003065 _____ () C:\Documents and Settings\Adria Zoe Palinsky\Desktop\JRT.txt
2014-12-05 22:30 - 2014-12-05 22:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-05 22:11 - 2014-12-05 22:15 - 00000000 ____D () C:\AdwCleaner
2014-12-05 22:11 - 2014-12-05 22:11 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-04 10:53 - 2014-12-04 10:53 - 00002374 _____ () C:\Documents and Settings\Adria Zoe Palinsky\Desktop\GooredFix.txt
2014-12-04 10:53 - 2014-12-04 10:53 - 00000000 ____D () C:\Documents and Settings\Adria Zoe Palinsky\Desktop\GooredFix Backups
2014-12-04 09:45 - 2014-12-04 09:45 - 00003144 _____ () C:\12-4-14 malwarebytes removal file.txt
2014-12-04 09:13 - 2014-12-04 09:13 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-25 20:22 - 2014-11-25 20:29 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-25 20:22 - 2014-11-25 20:22 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-11-21 12:44 - 2014-11-21 12:45 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-21 12:44 - 2014-11-21 12:44 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2014-11-21 12:44 - 2014-11-21 12:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-11-21 12:40 - 2014-11-21 12:40 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-11-21 12:40 - 2014-11-21 12:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-11-21 12:39 - 2014-11-21 12:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-21 12:39 - 2014-11-21 12:39 - 00000000 ____D () C:\Program Files\iPod
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-06 12:42 - 2007-11-28 18:03 - 00000000 ____D () C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Temp
2014-12-06 12:40 - 2009-07-03 12:07 - 00001030 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4101731986-3624329164-1986708144-1006UA.job
2014-12-06 12:37 - 2012-04-05 17:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-06 12:36 - 2007-12-18 20:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-06 12:13 - 2010-09-11 21:06 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-06 11:50 - 2004-08-10 14:02 - 01781795 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-06 11:42 - 2010-11-28 22:31 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-12-06 11:32 - 2012-01-11 03:01 - 00317454 _____ () C:\WINDOWS\setupapi.log
2014-12-06 11:31 - 2007-11-22 05:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-12-06 11:24 - 2014-03-12 06:23 - 00000248 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-12-06 11:24 - 2010-09-11 21:06 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-06 11:24 - 2004-08-10 14:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-06 11:24 - 2004-08-10 13:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-06 11:24 - 2004-08-10 13:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-12-06 11:23 - 2007-11-22 04:56 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-12-06 11:23 - 2004-08-10 14:08 - 00032382 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-06 11:22 - 2008-12-05 22:32 - 00000000 ____D () C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Eraser
2014-12-05 23:30 - 2008-08-24 00:19 - 00000000 ____D () C:\MDT
2014-12-05 23:21 - 2010-11-28 22:31 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-12-05 23:19 - 2004-08-10 14:02 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-12-05 18:40 - 2009-07-03 12:07 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4101731986-3624329164-1986708144-1006Core.job
2014-12-05 12:28 - 2011-11-22 07:03 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-12-04 09:48 - 2010-08-11 02:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981997$
2014-12-04 09:14 - 2014-05-19 16:56 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-04 09:13 - 2014-05-19 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-04 09:13 - 2014-05-19 16:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-26 08:37 - 2012-04-05 17:14 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-26 08:37 - 2011-05-17 18:04 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-25 20:28 - 2011-06-16 06:58 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-25 20:21 - 2007-11-22 04:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-11-25 20:20 - 2008-08-02 00:00 - 00000000 ____D () C:\Program Files\Adobe
2014-11-21 12:40 - 2007-12-18 12:25 - 00000000 ____D () C:\Program Files\iTunes
2014-11-21 12:38 - 2014-08-08 12:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-11-19 19:30 - 2004-08-10 13:57 - 00553888 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-17 12:36 - 2013-08-11 03:09 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-11-12 03:21 - 2013-07-24 16:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 03:00 - 2007-12-08 21:49 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-11 02:36 - 2007-12-18 20:09 - 00000000 ____D () C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla
2014-11-09 17:44 - 2007-11-28 19:42 - 00002433 _____ () C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk
2014-11-09 15:52 - 2007-11-28 18:03 - 00000000 ____D () C:\Documents and Settings\Adria Zoe Palinsky
2014-11-08 15:00 - 2014-03-12 06:23 - 00000242 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
 
Some content of TEMP:
====================
C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Temp\IadHide5.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
Now the Additions log
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-12-2014 02
Ran by Adria Zoe Palinsky at 2014-12-06 12:43:32
Running from C:\Documents and Settings\Adria Zoe Palinsky\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee VirusScan Enterprise (Disabled - Up to date) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM\...\uTorrent) (Version: 2.2.0 - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.2.0.23 - Adobe Systems, Inc.)
AIM 6 (HKLM\...\AIM_6) (Version:  - )
AIM MusicLink 2.1.0.5 (HKLM\...\AIM MusicLink 2.1.0.5) (Version: 2.1.0.5 - AOL, LLC)
AIMTunes (HKLM\...\AIMTunes) (Version:  - )
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1016 - )
ATI Catalyst Control Center (HKLM\...\{EF40BAC3-372B-46F4-A32D-B37CF4217CE7}) (Version: 1.2.2475.36837 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.31-061011a-053721C-Dell - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - )
Canon MP495 series User Registration (HKLM\...\Canon MP495 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
CDisplay 1.8 (HKLM\...\CDisplay_is1) (Version:  - dvd8n)
Citrix XenApp Web Plugin (HKLM\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
Dell Network Assistant (HKLM\...\{0240BDFB-2995-4A3F-8C96-18D41282B716}) (Version: 3.0.0.0 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3075 - Dell)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EPSON TWAIN 5 (HKLM\...\{9A3EABC0-CA06-11D4-BF77-00104B130C19}) (Version:  - )
Eraser (HKLM\...\Eraser) (Version:  - Heidi Computers Ltd.)
Eraser (Version: 5.86 - Heidi Computers Ltd.) Hidden
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
FoxyTunes for Firefox (HKLM\...\FoxyTunesForFirefox) (Version:  - )
GIMP 2.6.7 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
Google Chrome (HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 4.5.0.457 (HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\...\GoToMeeting) (Version:  - )
GTK+ Runtime 2.12.8 rev a (remove only) (HKLM\...\GTK 2.0) (Version:  - )
Image Resizer Powertoy for Windows XP (HKLM\...\{1CB92574-96F2-467B-B793-5CEB35C40C29}) (Version: 1.00.0001 - Microsoft Corporation)
Inkscape 0.48.0 (HKLM\...\Inkscape) (Version: 0.48.0 - )
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Last.fm 1.5.4.24567 (HKLM\...\LastFM_is1) (Version:  - Last.fm)
Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.30.04 - Logitech, Inc.)
Logitech Legacy USB Camera Driver Package (HKLM\...\legacyqcam_10.51) (Version:  - )
Logitech QuickCam (HKLM\...\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}) (Version: 11.50.1169 - Logitech Inc.)
Logitech QuickCam (HKLM\...\{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}) (Version: 10.00.1439 - Logitech Inc.)
Logitech QuickCam Driver Package (HKLM\...\lvdrivers_11.50) (Version:  - )
Logitech® Camera Driver (HKLM\...\QcDrv) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft ActiveSync (HKLM\...\{99052DB7-9592-4522-A558-5417BBAD48EE}) (Version: 4.5.5096.0 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
Mozilla Firefox 34.0 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 en-US) (HKLM\...\Mozilla Thunderbird 17.0.8 (x86 en-US)) (Version: 17.0.8 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
MVision (Version: 10.51.2027 - Logitech Inc.) Hidden
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.3.1.25 - NETGEAR Inc.)
OpenDNS Updater 2.2.1 (HKLM\...\OpenDNS Updater) (Version: 2.2.1 - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD (HKLM\...\{281ECE39-F043-492B-8337-F2E546B5604A}) (Version: 7.0 - Dell)
Puran Defrag Free Edition 7.1 (HKLM\...\Puran Defrag Free Edition_is1) (Version:  - Puran Software)
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 8.3.11 - Dell Computer Corporation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
UMVPLStandalone (Version: 10.00.1439 - Logitech Inc.) Hidden
VLC media player 1.1.5 (HKLM\...\VLC media player) (Version: 1.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0059.1 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XCommentPro (HKLM\...\XCommentPro) (Version: 1.028 - Intellimon Ltd)
XSitePro2 (HKLM\...\XSitePro2) (Version: 2.140 - Intellimon Ltd)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.21.13 (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{05C3F9E2-1E76-439F-9E37-9020946A191A}\InprocServer32 -> C:\Program Files\Common Files\Logitech\LComMgr\LVMaEnum.dll (Logitech Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{09303D01-B159-4F1B-A2B8-CA3117B8FA1B}\InprocServer32 -> C:\Program Files\Common Files\Logitech\LComMgr\LVMaEnum.dll (Logitech Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.21.99 (the data entry has 19 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.21.57 (the data entry has 19 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.25.5\ (the data entry has 18 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.21.69 (the data entry has 19 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.2.183.3 (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.2.131.2 (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.21.79 (the data entry has 19 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.23.9\ (the data entry has 18 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{54B2BE72-FEC7-443D-BAE9-3E70E618A7D8}\InprocServer32 -> C:\Program Files\Common Files\Logitech\LComMgr\LVMaEnum.dll (Logitech Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.21.14 (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.21.12 (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.21.15 (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{73CA2532-42DE-449F-8C8A-229B8AAF3B68}\InprocServer32 -> C:\Program Files\Common Files\Logitech\LComMgr\LVMaEnum.dll (Logitech Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\457\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.24.15 (the data entry has 19 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.21.14 (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{949DB7D2-36F2-4CCA-8CA8-A3A6D4E5911C}\InprocServer32 -> C:\Program Files\Common Files\Logitech\LComMgr\LVMaEnum.dll (Logitech Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.22.3\ (the data entry has 18 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{A50A1B09-943D-4A78-B08D-56072A602ABD}\InprocServer32 -> C:\Program Files\Common Files\Logitech\LComMgr\LVComCX.dll (Logitech Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.21.16 (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.21.11 (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{C9448C44-BEFB-4941-8457-E5C4314D3D96}\localserver32 -> C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{CAF933C7-C65A-46D2-AA63-1FC84EB43954}\InprocServer32 -> C:\Program Files\Common Files\Logitech\LComMgr\LVMaEnum.dll (Logitech Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{CC9E9F9A-11A4-49DD-B468-782AFDE5607E}\InprocServer32 -> C:\Program Files\Common Files\Logitech\LComMgr\LVMaEnum.dll (Logitech Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{CD89D352-5A13-49F8-9EB5-7E6D1FB0CD57}\localserver32 -> C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{DB20D0C0-4CEF-11D0-8B17-00AA00211961}\localserver32 -> C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{DB20D0C3-4CEF-11D0-8B17-00AA00211961}\localserver32 -> C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.21.65 (the data entry has 19 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{E8ACF719-FFDE-4EE1-8923-48BDA8569FCC}\localserver32 -> C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.22.5\ (the data entry has 18 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.21.11 (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.24.7\ (the data entry has 18 more characters).
 
==================== Restore Points  =========================
 
06-12-2014 04:19:29 System Checkpoint
06-12-2014 16:40:06 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-10 13:51 - 2014-12-05 23:21 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4101731986-3624329164-1986708144-1006Core.job => C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4101731986-3624329164-1986708144-1006UA.job => C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-12-29 13:06 - 2002-01-29 13:33 - 00077824 _____ () C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
2008-12-29 13:05 - 2002-04-04 23:07 - 00286720 _____ () C:\Program Files\Common Files\EPSON\EBAPI\eEBNWDev.dll
2007-10-19 13:17 - 2007-10-19 13:17 - 00068120 _____ () C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
2007-11-22 04:52 - 2007-03-16 04:10 - 00020480 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2007-11-22 04:52 - 2007-03-16 04:10 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2008-05-14 20:24 - 2007-09-20 17:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2010-06-16 16:42 - 2010-06-16 16:42 - 00839680 _____ () C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
2004-08-04 05:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 05:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-11-25 21:47 - 2014-11-25 01:39 - 09009480 _____ () C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-25 21:47 - 2014-11-25 01:39 - 01677128 _____ () C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
 
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\Software\Classes\.exe: exefile =>  <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================

  • 0

#22
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
Hello,

A few items to fix

Funny I see Trovi again in Chrome, it's in the fix.
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3B7A82D1-58FD-4B86-9F4C-0A97FBA915A2&SearchSource=55&CUI=&UM=6&UP=SP3BC5F913-3AB8-417F-9DEB-E2BBA30D48D2&SSPV=

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll No File
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3B7A82D1-58FD-4B86-9F4C-0A97FBA915A2&SearchSource=55&CUI=&UM=6&UP=SP3BC5F913-3AB8-417F-9DEB-E2BBA30D48D2&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3B7A82D1-58FD-4B86-9F4C-0A97FBA915A2&SearchSource=55&CUI=&UM=6&UP=SP3BC5F913-3AB8-417F-9DEB-E2BBA30D48D2&SSPV="
CHR Plugin: (Native Client) - C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
S2 McAfeeFramework; "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [X]
S2 McTaskManager; "C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe" [X]
C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Temp\IadHide5.dll
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\Software\Classes\.exe: exefile =>  <===== ATTENTION!

Emptytemp:
reboot:
end


Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Post the fixlog.txt
Then post a fresh FRST, only 1 log will be created on the next scan. That is FRST.txt log.

Joe
  • 0

#23
clydec

clydec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

Done. First the fixlog then the FRST.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-12-2014 02
Ran by Adria Zoe Palinsky at 2014-12-06 15:02:02 Run:1
Running from C:\Documents and Settings\Adria Zoe Palinsky\Desktop
Loaded Profile: Adria Zoe Palinsky (Available profiles: Adria Zoe Palinsky)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll No File
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3B7A82D1-58FD-4B86-9F4C-0A97FBA915A2&SearchSource=55&CUI=&UM=6&UP=SP3BC5F913-3AB8-417F-9DEB-E2BBA30D48D2&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3B7A82D1-58FD-4B86-9F4C-0A97FBA915A2&SearchSource=55&CUI=&UM=6&UP=SP3BC5F913-3AB8-417F-9DEB-E2BBA30D48D2&SSPV="
CHR Plugin: (Native Client) - C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
S2 McAfeeFramework; "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [X]
S2 McTaskManager; "C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe" [X]
C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Temp\IadHide5.dll
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\Software\Classes\.exe: exefile =>  <===== ATTENTION!
 
Emptytemp:
reboot:
end
*****************
 
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll not found.
C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll not found.
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll not found.
McAfeeFramework => Service deleted successfully.
McTaskManager => Service deleted successfully.
C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Temp\IadHide5.dll => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":62E2D794" ADS removed successfully.
"HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\Software\Classes\.exe" => Key deleted successfully.
EmptyTemp: => Removed 127 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-12-2014 02
Ran by Adria Zoe Palinsky (administrator) on CLYDE on 06-12-2014 15:16:46
Running from C:\Documents and Settings\Adria Zoe Palinsky\Desktop
Loaded Profile: Adria Zoe Palinsky (Available profiles: Adria Zoe Palinsky)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
(SingleClick Systems) C:\Program Files\Dell Network Assistant\hnm_svc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
() C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(Google Inc.) C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\PROGRA~1\MI3AA1~1\rapimgr.exe
(Google Inc.) C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [851968 2007-04-27] (Synaptics, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2007-03-16] (Dell Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\...\Run: [Eraser] => C:\PROGRAM FILES\ERASER\ERASER.EXE [916240 2007-12-22] (The Eraser Project)
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\...\Run: [OpenDNS Updater] => C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\...\Run: [1351BD77A9084D0331B2E9D1271C3C64AE834D2A._service_run] => C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [856904 2014-11-25] (Google Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
ShortcutTarget: Dell Network Assistant.lnk -> C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.crossmar...son=0&formdir=3
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-4101731986-3624329164-1986708144-1006\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-4101731986-3624329164-1986708144-1006 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4101731986-3624329164-1986708144-1006: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin HKU\S-1-5-21-4101731986-3624329164-1986708144-1006: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-4101731986-3624329164-1986708144-1006: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-4101731986-3624329164-1986708144-1006: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4101731986-3624329164-1986708144-1006: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\msvcm80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\msvcp80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\msvcr80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Adria Zoe Palinsky\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Adria Zoe Palinsky\Application Data\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default\searchplugins\aolsearch.xml
FF Extension: Move Media Player - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default\Extensions\[email protected] [2009-01-29]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-12]
FF Extension: Harley Davidson - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default\Extensions\{2c088200-b973-11db-8314-0800200c9a66}(2) [2009-07-15]
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-04-18]
FF Extension: AddThis - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2013-05-19]
FF Extension: Adblock Plus - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2009-07-14]
FF Extension: LastFM - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default\Extensions\{82BC70E0-FE85-11DA-A899-3A655C103D30}.xpi [2011-06-26]
FF Extension: FireFTP - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\Firefox\Profiles\of0rqd1a.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-05-10]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}(2) [2009-06-08]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-03]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-29]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3B7A82D1-58FD-4B86-9F4C-0A97FBA915A2&SearchSource=55&CUI=&UM=6&UP=SP3BC5F913-3AB8-417F-9DEB-E2BBA30D48D2&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3B7A82D1-58FD-4B86-9F4C-0A97FBA915A2&SearchSource=55&CUI=&UM=6&UP=SP3BC5F913-3AB8-417F-9DEB-E2BBA30D48D2&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () [File not signed]
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [77824 2002-01-29] () [File not signed]
R2 EPSONStatusAgent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [94208 2002-07-17] (SEIKO EPSON CORPORATION) [File not signed]
R2 hnmsvc; C:\Program Files\Dell Network Assistant\hnm_svc.exe [112176 2007-05-25] (SingleClick Systems)
R2 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-10-19] (Logitech Inc.)
R2 LVPrcSrv; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [99888 2006-06-26] (Logitech Inc.)
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [189440 2014-03-23] (NETGEAR) [File not signed]
S4 PuranDefrag; C:\WINDOWS\system32\PuranDefragS.exe [229376 2010-05-17] (Puran Software) [File not signed]
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2007-05-15] (Advanced Micro Devices)
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R0 atiide; C:\WINDOWS\System32\DRIVERS\atiide.sys [3456 2007-05-23] (ATI Technologies Inc.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2007-03-16] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209152 2007-04-23] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989696 2007-04-23] (Conexant Systems, Inc.)
S3 LVcKap; C:\WINDOWS\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)
S3 LVMVDrv; C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)
R3 LVPr2Mon; C:\WINDOWS\System32\drivers\LVPr2Mon.sys [25624 2007-10-11] ()
S3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35088 2014-09-25] (CACE Technologies, Inc.)
S2 Packet; C:\WINDOWS\System32\DRIVERS\packet.sys [12672 2006-12-18] (SingleClick Systems) [File not signed]
S3 pepifilter; C:\WINDOWS\System32\DRIVERS\lv302af.sys [13848 2007-10-11] (Logitech Inc.)
S3 PID_08A0; C:\WINDOWS\System32\DRIVERS\LV302AV.SYS [720176 2006-06-22] (Logitech Inc.)
S3 PID_PEPI; C:\WINDOWS\System32\DRIVERS\LV302V32.SYS [1279000 2007-10-11] (Logitech Inc.)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1228296 2007-04-23] (SigmaTel, Inc.)
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [32000 2008-07-10] (Apple, Inc.) [File not signed]
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-06 13:23 - 2014-12-06 13:23 - 00060946 _____ () C:\Documents and Settings\Adria Zoe Palinsky\Desktop\next post.txt
2014-12-06 12:43 - 2014-12-06 12:43 - 00028145 _____ () C:\Documents and Settings\Adria Zoe Palinsky\Desktop\Addition.txt
2014-12-06 12:42 - 2014-12-06 15:17 - 00024391 _____ () C:\Documents and Settings\Adria Zoe Palinsky\Desktop\FRST.txt
2014-12-06 12:41 - 2014-12-06 15:16 - 00000000 ____D () C:\FRST
2014-12-06 12:38 - 2014-12-06 12:38 - 01111040 _____ (Farbar) C:\Documents and Settings\Adria Zoe Palinsky\Desktop\FRST.exe
2014-12-06 12:36 - 2014-12-06 12:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-06 12:36 - 2014-12-06 12:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2014-12-05 23:19 - 2014-12-05 23:19 - 00000000 ____D () C:\_OTL
2014-12-05 22:35 - 2014-12-05 22:35 - 00003065 _____ () C:\Documents and Settings\Adria Zoe Palinsky\Desktop\JRT.txt
2014-12-05 22:30 - 2014-12-05 22:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-05 22:11 - 2014-12-05 22:15 - 00000000 ____D () C:\AdwCleaner
2014-12-05 22:11 - 2014-12-05 22:11 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-04 10:53 - 2014-12-04 10:53 - 00002374 _____ () C:\Documents and Settings\Adria Zoe Palinsky\Desktop\GooredFix.txt
2014-12-04 10:53 - 2014-12-04 10:53 - 00000000 ____D () C:\Documents and Settings\Adria Zoe Palinsky\Desktop\GooredFix Backups
2014-12-04 09:45 - 2014-12-04 09:45 - 00003144 _____ () C:\12-4-14 malwarebytes removal file.txt
2014-12-04 09:13 - 2014-12-04 09:13 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-25 20:22 - 2014-11-25 20:29 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-25 20:22 - 2014-11-25 20:22 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-11-21 12:44 - 2014-11-21 12:45 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-21 12:44 - 2014-11-21 12:44 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2014-11-21 12:44 - 2014-11-21 12:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-11-21 12:40 - 2014-11-21 12:40 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-11-21 12:40 - 2014-11-21 12:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-11-21 12:39 - 2014-11-21 12:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-21 12:39 - 2014-11-21 12:39 - 00000000 ____D () C:\Program Files\iPod
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-06 15:17 - 2007-11-28 18:03 - 00000000 ____D () C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Temp
2014-12-06 15:15 - 2010-11-28 22:31 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-12-06 15:13 - 2010-09-11 21:06 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-06 15:11 - 2012-01-11 03:01 - 00318924 _____ () C:\WINDOWS\setupapi.log
2014-12-06 15:10 - 2007-11-22 05:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-12-06 15:09 - 2004-08-10 14:02 - 01804024 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-06 15:04 - 2014-03-12 06:23 - 00000248 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-12-06 15:04 - 2010-09-11 21:06 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-06 15:04 - 2004-08-10 14:08 - 00032374 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-06 15:04 - 2004-08-10 14:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-06 15:04 - 2004-08-10 13:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-06 15:04 - 2004-08-10 13:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-12-06 14:40 - 2009-07-03 12:07 - 00001030 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4101731986-3624329164-1986708144-1006UA.job
2014-12-06 14:37 - 2012-04-05 17:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-06 13:24 - 2008-12-05 22:32 - 00000000 ____D () C:\Documents and Settings\Adria Zoe Palinsky\Local Settings\Application Data\Eraser
2014-12-06 12:36 - 2007-12-18 20:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-06 11:23 - 2007-11-22 04:56 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-12-05 23:30 - 2008-08-24 00:19 - 00000000 ____D () C:\MDT
2014-12-05 23:21 - 2010-11-28 22:31 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-12-05 23:19 - 2004-08-10 14:02 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-12-05 18:40 - 2009-07-03 12:07 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4101731986-3624329164-1986708144-1006Core.job
2014-12-05 12:28 - 2011-11-22 07:03 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-12-04 09:48 - 2010-08-11 02:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981997$
2014-12-04 09:14 - 2014-05-19 16:56 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-04 09:13 - 2014-05-19 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-04 09:13 - 2014-05-19 16:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-26 08:37 - 2012-04-05 17:14 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-26 08:37 - 2011-05-17 18:04 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-25 20:28 - 2011-06-16 06:58 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-25 20:21 - 2007-11-22 04:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-11-25 20:20 - 2008-08-02 00:00 - 00000000 ____D () C:\Program Files\Adobe
2014-11-21 12:40 - 2007-12-18 12:25 - 00000000 ____D () C:\Program Files\iTunes
2014-11-21 12:38 - 2014-08-08 12:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-11-19 19:30 - 2004-08-10 13:57 - 00553888 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-17 12:36 - 2013-08-11 03:09 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-11-12 03:21 - 2013-07-24 16:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 03:00 - 2007-12-08 21:49 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-11 02:36 - 2007-12-18 20:09 - 00000000 ____D () C:\Documents and Settings\Adria Zoe Palinsky\Application Data\Mozilla
2014-11-09 17:44 - 2007-11-28 19:42 - 00002433 _____ () C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk
2014-11-09 15:52 - 2007-11-28 18:03 - 00000000 ____D () C:\Documents and Settings\Adria Zoe Palinsky
2014-11-08 15:00 - 2014-03-12 06:23 - 00000242 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

  • 0

#24
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
Did you reset Chrome like we did on the winds 8.1 ?

Because I'm seeing Trovi back as Chromes home page.


Lets try resetting chrome,
Please follow these instructions here to reset chrome.

Have to run an errand back a bit later.

Joe
  • 0

#25
clydec

clydec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

Again, thanks for your help Joe.

I did reset Chrome earlier on the XP. At least I thought I did. It was just reset again. Closed Chrome, opened it and didn't get the Trovi re-direct on start up that caused all these problems initially.

What logs do you need next?


  • 0

Advertisements


#26
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
If no issues remain then, let it run for a bit and we will remove our tools.

So check back.

Are you satisfied with my help so far ?
Joe
  • 0

#27
clydec

clydec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

If no issues remain then, let it run for a bit and we will remove our tools.

So check back.

Are you satisfied with my help so far ?
Joe

I can't tell you how much.

 

Thanks again for your all your help and I'll respond to your next post.

Clyde


  • 0

#28
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
Lets go ahead and remove the tools, please run this on the Windows 8.1 machine too. It removes all the tools we used and the log files. We don't want that stuff left there.

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.
Really no need to post the log.

I'll keep the thread open for a day or 2 in case something goes funny with the XP Trovi Home page.


Also some tips for you.

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here

Thanks
Joe :)
  • 0

#29
clydec

clydec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
From the XP machine.
 
# DelFix v10.8 - Logfile created 06/12/2014 at 16:22:58
# Updated 29/07/2014 by Xplode
# Username : Adria Zoe Palinsky - CLYDE
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\Desktop\GooredFix Backups
Deleted : C:\AdwCleanerDebug.txt
Deleted : C:\TDSSKiller.3.0.0.41_04.12.2014_11.05.03_log.txt
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\Desktop\Addition.txt
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\Desktop\Fixlog.txt
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\Desktop\FRST.exe
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\Desktop\FRST.txt
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\Desktop\GooredFix.txt
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\Desktop\JRT.txt
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\Desktop\OTL fixlog11302010_182755.txt
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\Desktop\TFC.exe
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\My Documents\Downloads\adwcleaner_4.104.exe
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\My Documents\Downloads\Extras.Txt
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\My Documents\Downloads\GooredFix.exe
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\My Documents\Downloads\JRT.exe
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\My Documents\Downloads\HijackThis.exe
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\My Documents\Downloads\hijackthis.log
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\My Documents\Downloads\OTL.Txt
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\My Documents\Downloads\OTL (1).exe
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\My Documents\Downloads\OTL.exe
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\My Documents\Downloads\SecurityCheck.exe
Deleted : C:\Documents and Settings\Adria Zoe Palinsky\My Documents\Downloads\tdsskiller.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Classes\.cfxxe
Deleted : HKLM\SOFTWARE\Classes\cfxxefile
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
 
~ Cleaning system restore ...
 
Deleted : RP #1 [System Checkpoint | 12/06/2014 04:19:29]
Deleted : RP #2 [Software Distribution Service 3.0 | 12/06/2014 16:40:06]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#30
clydec

clydec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

From the 8.1 machine.

 

# DelFix v10.8 - Logfile created 06/12/2014 at 16:27:47
# Updated 29/07/2014 by Xplode
# Username : clyde - CLYDE
# Operating System : Windows 8.1  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\AdwCleanerDebug.txt
Deleted : C:\Users\clyde\Desktop\JRT.txt
Deleted : C:\Users\clyde\Downloads\adwcleaner_4.104.exe
Deleted : C:\Users\clyde\Downloads\Extras.Txt
Deleted : C:\Users\clyde\Downloads\JRT (1).exe
Deleted : C:\Users\clyde\Downloads\JRT.exe
Deleted : C:\Users\clyde\Downloads\OTL.Txt
Deleted : C:\Users\clyde\Downloads\OTL (1).exe
Deleted : C:\Users\clyde\Downloads\OTL.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Cleaning system restore ...
 
Deleted : RP #3 [Windows Update | 12/04/2014 01:09:43]
Deleted : RP #4 [OTL Restore Point - 12/5/2014 5:44:00 PM | 12/05/2014 22:44:01]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP