Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser pop-ups\ Unable to view Https page [Closed]


  • This topic is locked This topic is locked

#1
angelbreath_1999

angelbreath_1999

    Member

  • Member
  • PipPip
  • 16 posts

Hi, I am new here.  And hope you call help me with my PC issue.  Trying to get an older machine up and running to use a a spare house.  Internet is more or less unusable with broswer popups on both IE and Chrome-  Coupon50 pop-up, etc.  Also unable to view https pages like yahoo.com login.

 

Please help!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by administrator (administrator) on 3YFK943Z on 17-04-2015 15:21:22
Running from d:\data\administrator.3YFK943Z\My Documents\Downloads
Loaded Profiles: administrator (Available profiles: administrator & rainmaker & Admin & rbcadmin)
Platform: Microsoft Windows XP Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINNT\system32\smss.exe
(Microsoft Corporation) C:\WINNT\system32\csrss.exe
(Microsoft Corporation) C:\WINNT\system32\winlogon.exe
(Microsoft Corporation) C:\WINNT\system32\services.exe
(Microsoft Corporation) C:\WINNT\system32\lsass.exe
() C:\WINNT\system32\ibmpmsvc.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\spoolsv.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(DameWare Development LLC) C:\WINNT\system32\DWRCS.EXE
() C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Lenovo.) C:\WINNT\system32\TPHDEXLG.exe
(Alexandria Software Consulting) C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(DameWare Development) C:\WINNT\system32\DWRCST.EXE
(Microsoft Corporation) C:\WINNT\explorer.exe
(IBM Corp.) C:\IBMTOOLS\utils\ibmprc.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
(Intel Corporation) C:\WINNT\system32\igfxtray.exe
(Intel Corporation) C:\WINNT\system32\hkcmd.exe
(Intel Corporation) C:\WINNT\system32\igfxpers.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\Mctray.exe
(Microsoft Corporation) C:\WINNT\system32\rundll32.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo, Ltd. and IBM Corporation.) C:\WINNT\system32\TpShocks.exe
() C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
(Microsoft Corporation) C:\WINNT\system32\alg.exe
(Microsoft Corporation) C:\WINNT\system32\ctfmon.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Nortel Networks) C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE
(Yahoo! Inc.) C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Yahoo! Inc.) C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IBMPRC] => C:\IBMTOOLS\UTILS\ibmprc.exe [90112 2005-04-27] (IBM Corp.)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\Network Associates\Common Framework\UdaterUI.exe [136512 2007-12-14] (McAfee, Inc.)
HKLM\...\Run: [igfxtray] => C:\WINNT\system32\igfxtray.exe [94208 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINNT\system32\hkcmd.exe [77824 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINNT\system32\igfxpers.exe [118784 2006-09-15] (Intel Corporation)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-12-15] (Analog Devices, Inc.)
HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [BLOG] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [110592 2005-09-15] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [512000 2005-09-15] (Synaptics, Inc.)
HKLM\...\Run: [TpShocks] => C:\WINNT\system32\TpShocks.exe [106496 2005-11-07] (Lenovo, Ltd. and IBM Corporation.)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [94208 2006-02-01] ()
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [111952 2007-10-16] (McAfee, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2009-05-26] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [292136 2009-06-05] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\BitcasaBoot.exe "C:\Program Files\Bitcasa\Bitcasa.exe" /startup
HKLM\...\Winlogon: [Userinit] C:\WINNT\system32\userinit.exe,
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [UIHost] C:\WINNT\system32\logonui.exe [514560 2004-08-04] (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINNT\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINNT\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINNT\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINNT\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINNT\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINNT\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\tpfnf2: C:\WINNT\system32\notifyf2.dll ()
Winlogon\Notify\tphotkey: C:\WINNT\system32\tphklock.dll ()
Winlogon\Notify\wlballoon: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\System32\logon.scr [220672 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\System32\logon.scr [220672 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1007\...\Run: [ctfmon.exe] => C:\WINNT\system32\ctfmon.exe [15360 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1007\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1007\...\RunOnce: [FlashPlayerUpdate] => C:\WINNT\system32\Macromed\Flash\FlashUtil32_16_0_0_257_ActiveX.exe [960176 2015-01-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1007\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3510421623-2965073675-2411060337-1007\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\System32\logon.scr [220672 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434528 2006-10-26] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\system32\logon.scr [220672 2004-08-04] (Microsoft Corporation)
Startup: d:\data\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: d:\data\All Users\Start Menu\Programs\Startup\TunnelGuard Tray Monitor.lnk
ShortcutTarget: TunnelGuard Tray Monitor.lnk -> C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE (Nortel Networks)
SSODL: EldosMountNotificator-cbfs5 - {2FDAFB24-B169-4275-A542-BBBF7E571352} - C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [1EldosIconOverlay-cbfs5] -> {87AE300F-D62D-458A-B35A-B3B7B6F9EB65} => C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [2EldosIconOverlay-cbfs5] -> {F02BF715-CB7E-4DB6-AD09-227DB5FB4B29} => C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [BitcasaBadFileOverlay] -> {EC168C82-5053-422A-BB08-3CD9ACA22E85} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [BitcasaMirrorOverlay] -> {8C403C00-4544-4A53-879B-1949390CDE13} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [BitcasaNotMirrored] -> {775CDDED-E6D2-4DD8-8C1F-158BEF44B62A} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs5] -> {2A23874A-2B68-4C72-8A22-5B1FFADC5081} => C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [VirtualExpanderFile.1] -> {E4000AC4-5E5F-4956-807A-C5854405D64F} => C:\WINNT\system32\VirtualExpander\VEShellExt.dll (Sony Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3510421623-2965073675-2411060337-1007\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\S-1-5-21-3510421623-2965073675-2411060337-1007\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3510421623-2965073675-2411060337-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15] (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll [2009-03-08] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll [2009-03-08] (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll [2004-08-04] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll [2009-03-08] (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll [2009-03-08] (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\SHELL32.dll [2008-07-03] (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\system32\shell32.dll [8460800 2008-07-03] (Microsoft Corporation)
Winsock: Catalog5 01 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINNT\system32\winrnr.dll [16896] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 13 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 14 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 15 C:\WINNT\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Winsock: Catalog9 16 C:\WINNT\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: d:\data\administrator.3YFK943Z\Application Data\Mozilla\Firefox\Profiles\fe3pt8sv.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINNT\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll [2015-01-19] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2009-06-05] ()
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll [2008-06-30] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009-10-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-09-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-09-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-09-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-09-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-09-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-09-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-09-05] (Apple Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2008-11-05]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-18]
CHR Extension: (Google Drive) - d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-18]
CHR Extension: (Mini Notepad) - d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apjhdoaiejppfmijnkopdcpjcngdlffj [2014-09-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-18]
CHR Extension: (YouTube) - d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-18]
CHR Extension: (Facepad for Facebook) - d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgaknhmchnjaphondjciheacngggiclo [2014-09-24]
CHR Extension: (Google Search) - d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-18]
CHR Extension: (YouTube Flags) - d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeammepjjllhpcfnkohocddkmdejjebc [2014-09-17]
CHR Extension: (Yahoo! Toolbar for Chrome) - d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-06-21]
CHR Extension: (Best Save) - d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifkgichhpmabepjkbkmfeclembjdbpml [2014-08-26]
CHR Extension: (Google Wallet) - d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-18]
CHR Extension: (Responsive Web Design Tester) - d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2014-09-09]
CHR Extension: (Gmail) - d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-18]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx
StartMenuInternet: chrome.exe - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2015-01-19] (Adobe Systems Incorporated)
S4 Alerter; C:\WINNT\system32\alrsvc.dll [17408 2004-08-04] (Microsoft Corporation)
R3 ALG; C:\WINNT\System32\alg.exe [44544 2004-08-04] (Microsoft Corporation)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.)
S3 AppMgmt; C:\WINNT\System32\appmgmts.dll [167936 2004-08-04] (Microsoft Corporation)
S3 aspnet_state; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
R2 AudioSrv; C:\WINNT\System32\audiosrv.dll [42496 2004-08-04] (Microsoft Corporation)
R2 BITS; C:\WINNT\system32\qmgr.dll [382464 2004-08-04] (Microsoft Corporation)
S2 Browser; C:\WINNT\System32\browser.dll [77312 2004-08-04] (Microsoft Corporation)
S2 CcmExec; C:\WINNT\system32\CCM\CcmExec.exe [578784 2006-02-09] (Microsoft Corporation)
S3 CiSvc; C:\WINNT\system32\cisvc.exe [5632 2004-08-04] (Microsoft Corporation)
S3 ClipSrv; C:\WINNT\system32\clipsrv.exe [33280 2004-08-04] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
R2 CryptSvc; C:\WINNT\System32\cryptsvc.dll [60416 2004-08-04] (Microsoft Corporation)
R2 DcomLaunch; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINNT\System32\dhcpcsvc.dll [111616 2006-05-19] (Microsoft Corporation)
S3 dmadmin; C:\WINNT\System32\dmadmin.exe [224768 2004-08-04] (Microsoft Corp., Veritas Software)
S3 dmserver; C:\WINNT\System32\dmserver.dll [23552 2004-08-04] (Microsoft Corp.)
R2 Dnscache; C:\WINNT\System32\dnsrslvr.dll [45568 2008-02-20] (Microsoft Corporation)
R2 DWMRCS; C:\WINNT\system32\DWRCS.EXE [222720 2007-07-25] (DameWare Development LLC) [File not signed]
R2 ERSvc; C:\WINNT\System32\ersvc.dll [23040 2004-08-04] (Microsoft Corporation)
R2 Eventlog; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINNT\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
S3 ExtranetAccess; C:\Program Files\Nexxia\Extranet_serv.exe [835584 2006-05-09] (Nortel Networks NA, Inc.) [File not signed]
S3 FastUserSwitchingCompatibility; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
R2 helpsvc; C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll [38912 2004-08-04] (Microsoft Corporation)
R2 HidServ; C:\WINNT\System32\hidserv.dll [21504 2004-08-04] (Microsoft Corporation)
S3 HTTPFilter; C:\WINNT\System32\w3ssl.dll [15872 2004-08-04] (Microsoft Corporation)
R2 IBM Rapid Restore Ultra Service; C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [385024 2005-10-06] () [File not signed]
R2 IBMPMSVC; C:\WINNT\system32\ibmpmsvc.exe [73782 2005-11-11] ()
S3 idsvc; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINNT\system32\imapi.exe [150016 2004-08-04] (Microsoft Corporation)
S3 iPassConnectEngine; C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe [1310720 2006-11-30] (iPass, Inc.) [File not signed]
R3 iPassPeriodicUpdateApp; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe [126976 2006-11-29] (iPass, Inc.) [File not signed]
R2 iPassPeriodicUpdateService; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe [86016 2006-11-29] (iPass, Inc.) [File not signed]
S4 Irmon; C:\WINNT\System32\irmon.dll [27136 2004-08-03] (Microsoft Corporation)
R2 lanmanserver; C:\WINNT\System32\srvsvc.dll [96768 2004-12-07] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINNT\System32\wkssvc.dll [134144 2009-06-10] (Microsoft Corporation)
R2 LmHosts; C:\WINNT\System32\lmhsvc.dll [13824 2004-08-04] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [103744 2007-12-14] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144704 2007-10-16] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54608 2007-10-16] (McAfee, Inc.)
S4 Messenger; C:\WINNT\System32\msgsvc.dll [33792 2004-08-04] (Microsoft Corporation)
S3 mnmsrvc; C:\WINNT\system32\mnmsrvc.exe [32768 2004-08-04] (Microsoft Corporation)
S3 MSDTC; C:\WINNT\system32\msdtc.exe [6144 2004-08-04] (Microsoft Corporation)
S2 MSIServer; C:\WINNT\System32\msiexec.exe [78848 2005-05-03] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
S4 NetDDE; C:\WINNT\system32\netdde.exe [111104 2004-08-04] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINNT\system32\netdde.exe [111104 2004-08-04] (Microsoft Corporation)
R2 Netlogon; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
R3 Netman; C:\WINNT\System32\netman.dll [197632 2005-08-22] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [132096 2008-07-29] (Microsoft Corporation)
R3 Nla; C:\WINNT\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 NtmsSvc; C:\WINNT\system32\ntmssvc.dll [435200 2004-08-04] (Microsoft Corporation)
R2 PlugPlay; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
S4 PolicyAgent; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 RasAuto; C:\WINNT\System32\rasauto.dll [89088 2004-08-04] (Microsoft Corporation)
R3 RasMan; C:\WINNT\System32\rasmans.dll [181248 2006-06-22] (Microsoft Corporation)
S3 RDSessMgr; C:\WINNT\system32\sessmgr.exe [140800 2004-08-04] (Microsoft Corporation)
S4 RemoteAccess; C:\WINNT\System32\mprdim.dll [49152 2002-08-29] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINNT\system32\regsvc.dll [59904 2004-08-04] (Microsoft Corporation)
S3 RpcLocator; C:\WINNT\system32\locator.exe [75264 2004-08-04] (Microsoft Corporation)
R2 RpcSs; C:\WINNT\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINNT\system32\rsvp.exe [132608 2002-08-29] (Microsoft Corporation)
R2 SamSs; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 SCardSvr; C:\WINNT\System32\SCardSvr.exe [95744 2004-08-04] (Microsoft Corporation)
R2 Schedule; C:\WINNT\system32\schedsvc.dll [190976 2004-08-04] (Microsoft Corporation)
R2 seclogon; C:\WINNT\System32\seclogon.dll [18944 2004-08-04] (Microsoft Corporation)
R2 SENS; C:\WINNT\system32\sens.dll [38912 2004-08-04] (Microsoft Corporation)
R2 SharedAccess; C:\WINNT\System32\ipnathlp.dll [331264 2004-08-04] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
R2 Spooler; C:\WINNT\system32\spoolsv.exe [57856 2005-06-10] (Microsoft Corporation)
R2 srservice; C:\WINNT\system32\srsvc.dll [170496 2004-08-04] (Microsoft Corporation)
R3 SSDPSRV; C:\WINNT\System32\ssdpsrv.dll [71680 2004-08-04] (Microsoft Corporation)
R2 stisvc; C:\WINNT\system32\wiaservc.dll [333824 2006-12-19] (Microsoft Corporation)
S3 SysmonLog; C:\WINNT\system32\smlogsvc.exe [89600 2004-08-04] (Microsoft Corporation)
R3 TapiSrv; C:\WINNT\System32\tapisrv.dll [249344 2005-07-08] (Microsoft Corporation)
R3 TermService; C:\WINNT\System32\termsrv.dll [295424 2004-08-04] (Microsoft Corporation)
R2 Themes; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
S3 TlntSvr; C:\WINNT\system32\tlntsvr.exe [73216 2004-08-04] (Microsoft Corporation)
R2 TPHDEXLGSVC; C:\WINNT\System32\TPHDEXLG.EXE [77824 2005-06-20] (Lenovo.) [File not signed]
R2 TrkWks; C:\WINNT\system32\trkwks.dll [90624 2004-08-04] (Microsoft Corporation)
R2 tunnelguardservice; c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe [53248 2005-09-06] (Alexandria Software Consulting) [File not signed]
S3 upnphost; C:\WINNT\System32\upnphost.dll [185344 2007-02-05] (Microsoft Corporation)
S3 UPS; C:\WINNT\System32\ups.exe [18432 2004-08-04] (Microsoft Corporation)
S3 VSS; C:\WINNT\System32\vssvc.exe [289792 2004-08-04] (Microsoft Corporation)
R2 W32Time; C:\WINNT\system32\w32time.dll [174592 2004-08-04] (Microsoft Corporation)
R2 WebClient; C:\WINNT\System32\webclnt.dll [68096 2006-01-03] (Microsoft Corporation)
R2 winmgmt; C:\WINNT\system32\wbem\WMIsvc.dll [144896 2004-08-04] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINNT\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
S3 Wmi; C:\WINNT\System32\advapi32.dll [617984 2009-02-09] (Microsoft Corporation)
S3 WmiApSrv; C:\WINNT\system32\wbem\wmiapsrv.exe [126464 2004-08-04] (Microsoft Corporation)
S2 wscsvc; C:\WINNT\system32\wscsvc.dll [81408 2004-08-04] (Microsoft Corporation)
R2 wuauserv; C:\WINNT\system32\wuauserv.dll [6656 2004-08-04] (Microsoft Corporation)
S3 WudfSvc; C:\WINNT\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
R2 WZCSVC; C:\WINNT\System32\wzcsvc.dll [474624 2005-04-20] (Microsoft Corporation)
S3 xmlprov; C:\WINNT\System32\xmlprov.dll [129536 2004-08-04] (Microsoft Corporation)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 magaService; c:\Program Files\Sygate\SSA\maga\maga.exe [X]
S3 SwPrv; C:\WINNT\system32\dllhost.exe /Processid:{868E36B6-D316-4F20-9084-88CB3CA35698}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINNT\System32\DRIVERS\ACPI.sys [187776 2004-08-04] (Microsoft Corporation)
R0 ACPIEC; C:\WINNT\System32\DRIVERS\ACPIEC.sys [11648 2002-08-29] (Microsoft Corporation)
R3 ADIHdAudAddService; C:\WINNT\System32\drivers\ADIHdAud.sys [173056 2005-12-15] (Analog Devices, Inc.)
R3 AEAudioService; C:\WINNT\System32\drivers\AEAudio.sys [152960 2005-12-15] (Andrea Electronics Corporation)
S3 aec; C:\WINNT\System32\drivers\aec.sys [142464 2004-08-03] (Microsoft Corporation)
R1 AFD; C:\WINNT\System32\drivers\afd.sys [138368 2008-08-14] (Microsoft Corporation)
R0 ANCSQ; C:\WINNT\System32\drivers\ANCSQ.sys [6912 2005-04-27] (IBM Corp.) [File not signed]
S3 AsyncMac; C:\WINNT\System32\DRIVERS\asyncmac.sys [14336 2004-08-03] (Microsoft Corporation)
R0 atapi; C:\WINNT\System32\DRIVERS\atapi.sys [95360 2004-08-03] (Microsoft Corporation)
S3 Atmarpc; C:\WINNT\System32\DRIVERS\atmarpc.sys [59904 2004-08-03] (Microsoft Corporation)
R3 atmeltpm; C:\WINNT\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.)
R3 audstub; C:\WINNT\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R1 Beep; C:\WINNT\system32\Drivers\Beep.sys [4224 2002-08-29] (Microsoft Corporation)
R1 cbfs5; C:\WINNT\system32\drivers\cbfs5.sys [346688 2013-11-25] (EldoS Corporation)
S4 cbidf2k; C:\WINNT\system32\Drivers\cbidf2k.sys [13952 2002-08-29] (Microsoft Corporation)
S1 Cdaudio; C:\WINNT\system32\Drivers\Cdaudio.sys [18688 2002-08-29] (Microsoft Corporation)
R4 Cdfs; C:\WINNT\system32\Drivers\Cdfs.sys [63744 2004-08-03] (Microsoft Corporation)
R1 Cdrom; C:\WINNT\System32\DRIVERS\cdrom.sys [49536 2004-08-04] (Microsoft Corporation)
R3 CmBatt; C:\WINNT\System32\DRIVERS\CmBatt.sys [14080 2004-08-03] (Microsoft Corporation)
R0 Compbatt; C:\WINNT\System32\DRIVERS\compbatt.sys [9344 2001-08-17] (Microsoft Corporation)
R0 Disk; C:\WINNT\System32\DRIVERS\disk.sys [36352 2004-08-04] (Microsoft Corporation)
S4 dmboot; C:\WINNT\System32\drivers\dmboot.sys [799744 2004-08-03] (Microsoft Corp., Veritas Software)
S4 dmio; C:\WINNT\System32\drivers\dmio.sys [153344 2004-08-03] (Microsoft Corp., Veritas Software)
S4 dmload; C:\WINNT\System32\drivers\dmload.sys [5888 2002-08-29] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINNT\System32\drivers\DMusic.sys [52864 2004-08-03] (Microsoft Corporation)
S3 drmkaud; C:\WINNT\System32\drivers\drmkaud.sys [2944 2004-08-03] (Microsoft Corporation)
R3 DwMirror; C:\WINNT\System32\DRIVERS\DamewareMini.sys [2944 2007-02-07] (DameWare Development, Inc.)
R1 dwvkbd; C:\WINNT\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
R3 e1express; C:\WINNT\System32\DRIVERS\e1e5132.sys [181760 2006-01-22] (Intel Corporation)
R3 Eacfilt; C:\WINNT\System32\DRIVERS\eacfilt.sys [24521 2006-05-09] (Nortel Networks) [File not signed]
R2 EGATHDRV; C:\WINNT\SYSTEM32\EGATHDRV.SYS [5427 2005-04-27] (IBM Corporation) [File not signed]
S4 Fastfat; C:\WINNT\system32\Drivers\Fastfat.sys [143360 2004-08-03] (Microsoft Corporation)
S1 Fdc; C:\WINNT\system32\Drivers\Fdc.sys [27392 2004-08-04] (Microsoft Corporation)
R1 Fips; C:\WINNT\system32\Drivers\Fips.sys [34944 2002-08-29] (Microsoft Corporation)
S3 FLMCKUSB; C:\WINNT\System32\Drivers\FLMckUSB.sys [69810 2004-12-15] (AuthenTec, Inc.)
S1 Flpydisk; C:\WINNT\system32\Drivers\Flpydisk.sys [20480 2004-08-04] (Microsoft Corporation)
R0 FltMgr; C:\WINNT\System32\DRIVERS\fltMgr.sys [124800 2004-08-03] (Microsoft Corporation)
U1 Fs_Rec; C:\WINNT\system32\Drivers\Fs_Rec.sys [7936 2002-08-29] (Microsoft Corporation)
R0 Ftdisk; C:\WINNT\System32\DRIVERS\ftdisk.sys [125056 2002-08-29] (Microsoft Corporation)
R3 GEARAspiWDM; C:\WINNT\System32\DRIVERS\GEARAspiWDM.sys [23400 2009-03-19] (GEAR Software Inc.)
R3 Gpc; C:\WINNT\System32\DRIVERS\msgpc.sys [35072 2004-08-03] (Microsoft Corporation)
R3 HDAudBus; C:\WINNT\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows ® Server 2003 DDK provider) [File not signed]
S3 HidUsb; C:\WINNT\System32\DRIVERS\hidusb.sys [9600 2001-08-17] (Microsoft Corporation)
R3 HSF_DPV; C:\WINNT\System32\DRIVERS\hsx_dpv.sys [936448 2005-12-06] (Conexant Systems, Inc.)
R3 HSXHWAZL; C:\WINNT\System32\DRIVERS\hsxhwazl.sys [192512 2005-12-06] (Conexant Systems, Inc.)
R3 HTTP; C:\WINNT\System32\Drivers\HTTP.sys [263552 2009-10-20] (Microsoft Corporation)
R1 i8042prt; C:\WINNT\System32\DRIVERS\i8042prt.sys [52736 2004-08-04] (Microsoft Corporation)
R3 ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [1173468 2006-09-15] (Intel Corporation) [File not signed]
R0 iaStor; C:\WINNT\System32\drivers\iaStor.sys [874240 2005-10-12] (Intel Corporation)
R2 ibmfilter; C:\WINNT\system32\drivers\ibmfilter.sys [63616 2005-04-27] (IBM) [File not signed]
R3 IBMPMDRV; C:\WINNT\System32\DRIVERS\ibmpmdrv.sys [10112 2005-11-11] (Lenovo.)
R1 Imapi; C:\WINNT\System32\DRIVERS\imapi.sys [41856 2004-08-04] (Microsoft Corporation)
R0 IntelIde; C:\WINNT\System32\DRIVERS\intelide.sys [5504 2004-08-03] (Microsoft Corporation)
R1 intelppm; C:\WINNT\System32\DRIVERS\intelppm.sys [36096 2004-08-04] (Microsoft Corporation)
S3 Ip6Fw; C:\WINNT\System32\DRIVERS\Ip6Fw.sys [29056 2004-08-03] (Microsoft Corporation)
R2 iPassP; C:\WINNT\System32\DRIVERS\iPassP.sys [21419 2009-04-25] (Meetinghouse Data Communications) [File not signed]
S3 IpFilterDriver; C:\WINNT\System32\DRIVERS\ipfltdrv.sys [32896 2002-08-29] (Microsoft Corporation)
S3 IpInIp; C:\WINNT\System32\DRIVERS\ipinip.sys [20992 2004-08-03] (Microsoft Corporation)
R3 IpNat; C:\WINNT\System32\DRIVERS\ipnat.sys [134912 2004-08-03] (Microsoft Corporation)
R1 IPSec; C:\WINNT\System32\DRIVERS\ipsec.sys [74752 2004-08-03] (Microsoft Corporation)
S3 IPSECEXT; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155216 2006-05-09] (Nortel Networks NA, Inc.) [File not signed]
R3 IPSECSHM; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155216 2006-05-09] (Nortel Networks NA, Inc.) [File not signed]
R2 irda; C:\WINNT\System32\DRIVERS\irda.sys [87424 2004-08-03] (Microsoft Corporation)
R3 IRENUM; C:\WINNT\System32\DRIVERS\irenum.sys [11264 2004-08-03] (Microsoft Corporation)
R0 isapnp; C:\WINNT\System32\DRIVERS\isapnp.sys [35840 2002-08-29] (Microsoft Corporation)
R1 Kbdclass; C:\WINNT\System32\DRIVERS\kbdclass.sys [24576 2004-08-04] (Microsoft Corporation)
S1 kbdhid; C:\WINNT\System32\DRIVERS\kbdhid.sys [14848 2004-08-03] (Microsoft Corporation)
S3 kmixer; C:\WINNT\System32\drivers\kmixer.sys [171776 2004-08-03] (Microsoft Corporation)
R0 KSecDD; C:\WINNT\system32\Drivers\KSecDD.sys [92544 2009-06-22] (Microsoft Corporation)
R3 MBAMProtector; C:\WINNT\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINNT\system32\drivers\MBAMSwissArmy.sys [110296 2015-04-17] (Malwarebytes Corporation)
R2 mdmxsdk; C:\WINNT\System32\DRIVERS\mdmxsdk.sys [12544 2005-10-05] (Conexant)
R3 mfeapfk; C:\WINNT\System32\drivers\mfeapfk.sys [64168 2007-10-16] (McAfee, Inc.)
R3 mfeavfk; C:\WINNT\System32\drivers\mfeavfk.sys [72680 2007-10-16] (McAfee, Inc.)
R3 mfebopk; C:\WINNT\System32\drivers\mfebopk.sys [33960 2007-10-16] (McAfee, Inc.)
R3 mfehidk; C:\WINNT\System32\drivers\mfehidk.sys [171272 2007-10-16] (McAfee, Inc.)
R1 mferkdk; C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [31784 2007-10-16] (McAfee, Inc.)
R1 mfetdik; C:\WINNT\System32\drivers\mfetdik.sys [51944 2007-10-16] (McAfee, Inc.)
R1 mnmdd; C:\WINNT\system32\Drivers\mnmdd.sys [4224 2002-08-29] (Microsoft Corporation)
R3 Modem; C:\WINNT\system32\Drivers\Modem.sys [30080 2004-08-04] (Microsoft Corporation)
R1 Mouclass; C:\WINNT\System32\DRIVERS\mouclass.sys [23040 2004-08-04] (Microsoft Corporation)
S3 mouhid; C:\WINNT\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation)
R0 MountMgr; C:\WINNT\system32\Drivers\MountMgr.sys [42240 2004-08-03] (Microsoft Corporation)
R3 MRxDAV; C:\WINNT\System32\DRIVERS\mrxdav.sys [179584 2007-12-18] (Microsoft Corporation)
R1 MRxSmb; C:\WINNT\System32\DRIVERS\mrxsmb.sys [454016 2010-02-24] (Microsoft Corporation)
R1 Msfs; C:\WINNT\system32\Drivers\Msfs.sys [19072 2004-08-03] (Microsoft Corporation)
S3 MSKSSRV; C:\WINNT\System32\drivers\MSKSSRV.sys [7552 2004-08-03] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINNT\System32\drivers\MSPCLOCK.sys [5376 2004-08-03] (Microsoft Corporation)
S3 MSPQM; C:\WINNT\System32\drivers\MSPQM.sys [4992 2004-08-03] (Microsoft Corporation)
R3 mssmbios; C:\WINNT\System32\DRIVERS\mssmbios.sys [15488 2004-08-04] (Microsoft Corporation)
R0 Mup; C:\WINNT\system32\Drivers\Mup.sys [107904 2004-08-03] (Microsoft Corporation)
R0 NDIS; C:\WINNT\system32\Drivers\NDIS.sys [182912 2004-08-03] (Microsoft Corporation)
R3 NdisTapi; C:\WINNT\System32\DRIVERS\ndistapi.sys [9600 2002-08-29] (Microsoft Corporation)
R3 Ndisuio; C:\WINNT\System32\DRIVERS\ndisuio.sys [14592 2005-04-19] (Microsoft Corporation)
R3 NdisWan; C:\WINNT\System32\DRIVERS\ndiswan.sys [91776 2004-08-03] (Microsoft Corporation)
R3 NDProxy; C:\WINNT\system32\Drivers\NDProxy.sys [38016 2002-08-29] (Microsoft Corporation)
R1 NetBIOS; C:\WINNT\System32\DRIVERS\netbios.sys [34560 2004-08-03] (Microsoft Corporation)
R1 NetBT; C:\WINNT\System32\DRIVERS\netbt.sys [162816 2004-08-03] (Microsoft Corporation)
R3 NETw3x32; C:\WINNT\System32\DRIVERS\NETw3x32.sys [1709696 2006-09-27] (Intel® Corporation)
R1 Npfs; C:\WINNT\system32\Drivers\Npfs.sys [30848 2004-08-03] (Microsoft Corporation)
R3 NSCIRDA; C:\WINNT\System32\DRIVERS\nscirda.sys [28672 2004-08-03] (National Semiconductor Corporation)
R4 Ntfs; C:\WINNT\system32\Drivers\Ntfs.sys [574592 2004-08-03] (Microsoft Corporation)
R1 Null; C:\WINNT\system32\Drivers\Null.sys [2944 2002-08-29] (Microsoft Corporation)
S3 NwlnkFlt; C:\WINNT\System32\DRIVERS\nwlnkflt.sys [12416 2002-08-29] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINNT\System32\DRIVERS\nwlnkfwd.sys [32512 2002-08-29] (Microsoft Corporation)
S3 Parport; C:\WINNT\System32\DRIVERS\parport.sys [80128 2004-08-04] (Microsoft Corporation)
R0 PartMgr; C:\WINNT\system32\Drivers\PartMgr.sys [18688 2002-08-29] (Microsoft Corporation)
S4 ParVdm; C:\WINNT\system32\Drivers\ParVdm.sys [6784 2002-08-29] (Microsoft Corporation)
R0 PCI; C:\WINNT\System32\DRIVERS\pci.sys [68224 2004-08-03] (Microsoft Corporation)
R0 PCIIde; C:\WINNT\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation)
R0 Pcmcia; C:\WINNT\System32\DRIVERS\pcmcia.sys [119936 2004-08-04] (Microsoft Corporation)
R3 PptpMiniport; C:\WINNT\System32\DRIVERS\raspptp.sys [48384 2004-08-03] (Microsoft Corporation)
S3 prepdrvr; C:\WINNT\system32\CCM\prepdrv.sys [20704 2006-02-09] (Microsoft Corporation)
S4 psadd; C:\WINNT\system32\Drivers\psadd.sys [13184 2007-03-20] (IBM Corporation) [File not signed]
R3 PSched; C:\WINNT\System32\DRIVERS\psched.sys [69120 2004-08-03] (Microsoft Corporation)
R3 Ptilink; C:\WINNT\System32\DRIVERS\ptilink.sys [17792 2002-08-29] (Parallel Technologies, Inc.)
R0 PxHelp20; C:\WINNT\System32\Drivers\PxHelp20.sys [20576 2007-03-20] (Sonic Solutions) [File not signed]
R1 RasAcd; C:\WINNT\System32\DRIVERS\rasacd.sys [8832 2002-08-29] (Microsoft Corporation)
R3 Rasirda; C:\WINNT\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 Rasl2tp; C:\WINNT\System32\DRIVERS\rasl2tp.sys [51328 2004-08-03] (Microsoft Corporation)
R3 RasPppoe; C:\WINNT\System32\DRIVERS\raspppoe.sys [41472 2004-08-03] (Microsoft Corporation)
R3 Raspti; C:\WINNT\System32\DRIVERS\raspti.sys [16512 2002-08-29] (Microsoft Corporation)
R1 Rdbss; C:\WINNT\System32\DRIVERS\rdbss.sys [174592 2006-05-05] (Microsoft Corporation)
R1 RDPCDD; C:\WINNT\System32\DRIVERS\RDPCDD.sys [4224 2002-08-29] (Microsoft Corporation)
R3 rdpdr; C:\WINNT\System32\DRIVERS\rdpdr.sys [196864 2004-08-03] (Microsoft Corporation)
S3 RDPWD; C:\WINNT\system32\Drivers\RDPWD.sys [139528 2005-06-10] (Microsoft Corporation)
R1 redbook; C:\WINNT\System32\DRIVERS\redbook.sys [57472 2004-08-03] (Microsoft Corporation)
S3 Secdrv; C:\WINNT\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 serenum; C:\WINNT\System32\DRIVERS\serenum.sys [15488 2004-08-04] (Microsoft Corporation)
S3 Serial; C:\WINNT\System32\DRIVERS\serial.sys [64896 2004-08-04] (Microsoft Corporation)
S1 Sfloppy; C:\WINNT\system32\Drivers\Sfloppy.sys [11392 2004-08-04] (Microsoft Corporation)
R1 ShockMgr; C:\WINNT\system32\Drivers\ShockMgr.sys [4736 2005-06-20] (Lenovo.) [File not signed]
R0 Shockprf; C:\WINNT\system32\Drivers\Shockprf.sys [85760 2005-11-30] (Lenovo) [File not signed]
R1 Smapint; C:\WINNT\System32\drivers\Smapint.sys [14848 2005-11-30] (Microsoft Corporation) [File not signed]
S3 splitter; C:\WINNT\System32\drivers\splitter.sys [6400 2004-08-03] (Microsoft Corporation)
R0 sr; C:\WINNT\System32\DRIVERS\sr.sys [73472 2004-08-03] (Microsoft Corporation)
R3 Srv; C:\WINNT\System32\DRIVERS\srv.sys [352640 2009-12-31] (Microsoft Corporation)
R3 swenum; C:\WINNT\System32\DRIVERS\swenum.sys [4352 2004-08-04] (Microsoft Corporation)
S3 swmidi; C:\WINNT\System32\drivers\swmidi.sys [54272 2001-08-17] (Microsoft Corporation)
R0 Symmpi; C:\WINNT\System32\DRIVERS\symmpi.sys [99328 2007-03-20] (LSI Logic) [File not signed]
R3 SynTP; C:\WINNT\System32\DRIVERS\SynTP.sys [177664 2005-09-15] (Synaptics, Inc.)
R3 sysaudio; C:\WINNT\System32\drivers\sysaudio.sys [60800 2004-08-03] (Microsoft Corporation)
R1 Tcpip; C:\WINNT\System32\DRIVERS\tcpip.sys [360320 2008-06-20] (Microsoft Corporation)
S3 TcUsb; C:\WINNT\System32\Drivers\tcusb.sys [24832 2004-11-04] (UPEK Inc.)
S3 TDPIPE; C:\WINNT\system32\Drivers\TDPIPE.sys [12040 2004-08-04] (Microsoft Corporation)
R1 TDSMAPI; C:\WINNT\System32\drivers\TDSMAPI.SYS [9343 2005-11-30] () [File not signed]
S3 TDTCP; C:\WINNT\system32\Drivers\TDTCP.sys [21896 2004-08-04] (Microsoft Corporation)
R1 TermDD; C:\WINNT\System32\DRIVERS\termdd.sys [40840 2004-08-04] (Microsoft Corporation)
S3 tpflhlp; c:\drivers\t60\bios\tpflhlp.sys [13360 2007-08-09] (Lenovo Group Limited)
R1 TPHKDRV; C:\WINNT\system32\Drivers\TPHKDRV.sys [17699 2006-02-01] (IBM Corporation) [File not signed]
R1 TPPWRIF; C:\WINNT\System32\drivers\Tppwrif.sys [4442 2005-12-07] () [File not signed]
S4 Udfs; C:\WINNT\system32\Drivers\Udfs.sys [66176 2004-08-03] (Microsoft Corporation)
R3 Update; C:\WINNT\System32\DRIVERS\update.sys [209408 2004-08-03] (Microsoft Corporation)
S3 USBAAPL; C:\WINNT\System32\Drivers\usbaapl.sys [39424 2009-06-05] (Apple, Inc.)
S3 usbaudio; C:\WINNT\System32\drivers\usbaudio.sys [59264 2004-08-03] (Microsoft Corporation)
S3 usbccgp; C:\WINNT\System32\DRIVERS\usbccgp.sys [31616 2004-08-03] (Microsoft Corporation)
R3 usbehci; C:\WINNT\System32\DRIVERS\usbehci.sys [26624 2004-08-03] (Microsoft Corporation)
R3 usbhub; C:\WINNT\System32\DRIVERS\usbhub.sys [57600 2004-08-03] (Microsoft Corporation)
S3 usbscan; C:\WINNT\System32\DRIVERS\usbscan.sys [15104 2004-08-03] (Microsoft Corporation)
S3 USBSTOR; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [26496 2004-08-03] (Microsoft Corporation)
R3 usbuhci; C:\WINNT\System32\DRIVERS\usbuhci.sys [20480 2004-08-04] (Microsoft Corporation)
R1 VgaSave; C:\WINNT\System32\drivers\vga.sys [20992 2004-08-03] (Microsoft Corporation)
R0 VolSnap; C:\WINNT\system32\Drivers\VolSnap.sys [52352 2004-08-03] (Microsoft Corporation)
S3 w39n51; C:\WINNT\System32\DRIVERS\w39n51.sys [1428096 2005-12-05] (Intel® Corporation)
R3 Wanarp; C:\WINNT\System32\DRIVERS\wanarp.sys [34560 2004-08-03] (Microsoft Corporation)
R3 wdmaud; C:\WINNT\System32\drivers\wdmaud.sys [82944 2004-08-03] (Microsoft Corporation)
R3 winachsf; C:\WINNT\System32\DRIVERS\hsx_cnxt.sys [670208 2005-12-06] (Conexant Systems, Inc.)
R1 WS2IFSL; C:\WINNT\System32\drivers\ws2ifsl.sys [12032 2002-08-29] (Microsoft Corporation)
S3 WudfPf; C:\WINNT\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation)
S3 WudfRd; C:\WINNT\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation)
U1 RCHelp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-17 15:16 - 2015-04-17 15:17 - 00000000 ____D () d:\data\administrator.3YFK943Z\Application Data\Mozilla
2015-04-17 15:16 - 2015-04-17 15:16 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Mozilla
2015-04-17 14:51 - 2015-04-17 14:51 - 00000000 __SHD () d:\data\administrator.3YFK943Z\IECompatCache
2015-04-17 14:44 - 2015-04-17 14:44 - 00000000 __SHD () d:\data\administrator.3YFK943Z\PrivacIE
2015-04-17 13:52 - 2015-04-17 13:52 - 00000000 ____D () d:\data\Admin\Application Data\Yahoo!

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-17 15:22 - 2013-04-02 17:07 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\temp
2015-04-17 15:21 - 2014-09-25 14:08 - 00000000 ____D () C:\FRST
2015-04-17 15:21 - 2014-06-18 13:34 - 00000000 ____D () d:\data\administrator.3YFK943Z\My Documents\Downloads
2015-04-17 15:19 - 2009-09-21 09:36 - 00001024 ____H () d:\data\administrator.3YFK943Z\ntuser.dat.LOG
2015-04-17 15:16 - 2009-09-21 09:36 - 00000000 __RHD () d:\data\administrator.3YFK943Z\Application Data
2015-04-17 15:16 - 2009-09-21 09:36 - 00000000 ___HD () d:\data\administrator.3YFK943Z\Local Settings\Application Data
2015-04-17 15:10 - 2014-06-21 10:36 - 00000000 ____D () C:\WINNT\Temp
2015-04-17 15:04 - 2009-09-21 09:36 - 01310720 ____H () d:\data\administrator.3YFK943Z\NTUSER.DAT
2015-04-17 15:00 - 2014-06-18 12:55 - 00000884 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-17 14:52 - 2009-09-21 09:36 - 00000000 __SHD () d:\data\administrator.3YFK943Z\Local Settings\Temporary Internet Files
2015-04-17 14:52 - 2009-09-21 09:36 - 00000000 __SHD () d:\data\administrator.3YFK943Z\Cookies
2015-04-17 14:51 - 2009-09-21 09:36 - 00000000 ____D () d:\data\administrator.3YFK943Z
2015-04-17 14:47 - 2012-04-14 14:35 - 00000826 _____ () C:\WINNT\Tasks\Adobe Flash Player Updater.job
2015-04-17 14:43 - 2014-10-09 16:05 - 00110296 _____ (Malwarebytes Corporation) C:\WINNT\system32\Drivers\MBAMSwissArmy.sys
2015-04-17 14:43 - 2007-03-20 16:43 - 00001024 ____H () d:\data\NetworkService\ntuser.dat.LOG
2015-04-17 14:43 - 2007-03-20 16:43 - 00001024 ____H () d:\data\LocalService\ntuser.dat.LOG
2015-04-17 14:42 - 2014-06-18 12:55 - 00000880 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-17 14:42 - 2009-09-21 09:36 - 00000062 ___SH () d:\data\administrator.3YFK943Z\Local Settings\desktop.ini
2015-04-17 14:42 - 2009-09-21 09:36 - 00000000 __SHD () d:\data\administrator.3YFK943Z\Local Settings\History
2015-04-17 14:42 - 2007-03-20 16:43 - 00000000 ____D () d:\data\NetworkService\Local Settings\Temp
2015-04-17 14:42 - 2006-10-18 12:00 - 01854374 _____ () C:\WINNT\WindowsUpdate.log
2015-04-17 14:42 - 2006-10-18 07:58 - 00000159 _____ () C:\WINNT\wiadebug.log
2015-04-17 14:42 - 2006-10-18 07:58 - 00000049 _____ () C:\WINNT\wiaservc.log
2015-04-17 14:41 - 2007-09-01 04:07 - 00000000 __SHD () C:\WINNT\CSC
2015-04-17 14:41 - 2007-03-20 16:43 - 00000062 ___SH () d:\data\NetworkService\Local Settings\desktop.ini
2015-04-17 14:41 - 2007-03-20 16:43 - 00000062 ___SH () d:\data\LocalService\Local Settings\desktop.ini
2015-04-17 14:41 - 2007-03-20 16:43 - 00000006 ____H () C:\WINNT\Tasks\SA.DAT
2015-04-17 14:09 - 2011-08-30 08:29 - 00001024 ____H () d:\data\Admin\ntuser.dat.LOG
2015-04-17 14:08 - 2014-06-21 10:36 - 00000000 ____D () d:\data\Admin\Local Settings\Temp
2015-04-17 14:08 - 2011-08-30 08:29 - 01310720 ____H () d:\data\Admin\NTUSER.DAT
2015-04-17 14:07 - 2011-08-30 08:29 - 00000000 __SHD () d:\data\Admin\Cookies
2015-04-17 13:53 - 2011-08-30 08:42 - 00000000 ____D () d:\data\Admin\Application Data\Macromedia
2015-04-17 13:52 - 2011-08-30 08:29 - 00000000 __RHD () d:\data\Admin\Application Data
2015-04-17 13:49 - 2011-08-30 08:29 - 00000062 ___SH () d:\data\Admin\Local Settings\desktop.ini
2015-04-17 13:49 - 2011-08-30 08:29 - 00000000 __SHD () d:\data\Admin\Local Settings\Temporary Internet Files
2015-04-17 13:49 - 2011-08-30 08:29 - 00000000 __SHD () d:\data\Admin\Local Settings\History
2015-04-17 13:27 - 2014-06-21 10:36 - 00000000 ____D () d:\data\rainmaker\Local Settings\temp
2015-04-17 13:22 - 2011-09-03 12:52 - 00001024 ____H () d:\data\rainmaker\ntuser.dat.LOG
2015-04-17 13:16 - 2014-06-21 03:03 - 00008177 _____ () C:\WINNT\setupapi.log
2015-04-17 13:13 - 2011-09-03 12:52 - 00000062 ___SH () d:\data\rainmaker\Local Settings\desktop.ini
2015-04-17 13:13 - 2007-03-20 16:43 - 00032600 _____ () C:\WINNT\SchedLgU.Txt
2015-04-17 13:12 - 2012-12-23 21:48 - 00000278 ___SH () d:\data\rainmaker\ntuser.ini
2015-04-17 12:54 - 2007-08-31 14:17 - 02360854 _____ () C:\engine.log
2015-04-17 12:49 - 2009-04-28 03:00 - 00000000 ____D () C:\Quarantine
2015-04-17 12:48 - 2006-10-18 11:51 - 00002206 _____ () C:\WINNT\system32\wpa.dbl
2015-03-20 17:50 - 2011-09-03 12:52 - 00000000 ___HD () d:\data\rainmaker\Recent
2015-03-20 16:29 - 2009-06-26 18:24 - 00001024 ____H () d:\data\tpritcha\ntuser.dat.LOG
2015-03-20 16:29 - 2008-12-02 19:44 - 00001024 ____H () d:\data\stozin\ntuser.dat.LOG
2015-03-20 16:29 - 2008-05-08 00:39 - 00001024 ____H () d:\data\sserebre\ntuser.dat.LOG
2015-03-20 16:29 - 2007-09-01 04:07 - 00001024 ____H () d:\data\wksbuild\ntuser.dat.LOG
2015-03-20 16:29 - 2007-08-31 14:20 - 00001024 ____H () d:\data\tmaloof\ntuser.dat.LOG
2015-03-20 16:29 - 2007-03-20 16:44 - 00001024 ____H () d:\data\Administrator\ntuser.dat.LOG

==================== Files in the root of some directories =======

2014-06-19 16:22 - 2014-06-19 16:22 - 0003584 _____ () d:\data\administrator.3YFK943Z\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-09-21 09:36 - 2007-03-20 17:19 - 0000118 _____ () d:\data\administrator.3YFK943Z\Local Settings\Application Data\fusioncache.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINNT\explorer.exe => File is digitally signed
C:\WINNT\system32\winlogon.exe => File is digitally signed
C:\WINNT\system32\svchost.exe => File is digitally signed
C:\WINNT\system32\services.exe => File is digitally signed
C:\WINNT\system32\User32.dll => File is digitally signed
C:\WINNT\system32\userinit.exe => File is digitally signed
C:\WINNT\system32\rpcss.dll => File is digitally signed
C:\WINNT\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 04
Ran by administrator at 2015-04-17 15:22:47
Running from d:\data\administrator.3YFK943Z\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4C06 - VPN 5.01 (HKLM\...\{C5D854EC-B8C9-4DF6-BE66-EBD66090DE4E}) (Version: 1.0.970 - RBC - 4C06)
6F02 - Windows Update Agent 2.0 x32 (HKLM\...\{69BD5ED9-F72C-4A70-B00D-DA348E710B0D}) (Version: 5.8.0.2694 - RBC - 6F02)
6F02 - Windows Update Agent 3.0 (HKLM\...\{A1E4084A-D61E-487B-83C8-53DBD5A95E60}) (Version: 3.0.1047 - RBC - 6F02)
6F90 - MSI Team Tools  (HKLM\...\{AC92E21F-481A-439E-A364-935790374469}) (Version: 1.0.1010 - RBC - 6F90)
6FGL - CorporateBranding - FONTS Only (HKLM\...\{C791C4C2-3227-479D-B586-B226A509EBF2}) (Version: 2.01.00 - RBC COE)
6N85 - MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - RBC - 6N85)
6N89 - Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - RBC - 6N89 (Adobe Systems, Inc.))
6N95 - J2SE Runtime Environment 5.0 Update 11 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150110}) (Version: 1.5.0.110 - RBC - 6N95 (Sun Microsystems, Inc.))
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader 8.1.7 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.7 - RBC - 5D01 (Adobe Systems Incorporated))
Apple Mobile Device Support (HKLM\...\{8355F970-601D-442D-A79B-1D7DB4F24CAD}) (Version: 2.5.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Bloomberg DDE Server (HKLM\...\Bloomberg DDE Server) (Version:  - )
Bloomberg Excel Tools (HKLM\...\Bloomberg Excel Tools) (Version:  - )
Bloomberg Keyboard v8.5 (HKLM\...\Bloomberg Keyboard v8.5) (Version: v8.5 - Bloomberg L.P.)
Bloomberg PFM Upload Tool for Microsoft Excel (HKLM\...\Bloomberg PFM Upload Tool for Microsoft Excel) (Version:  - )
Bloomberg Report Viewer (CR) (HKLM\...\Bloomberg Report Viewer_is1) (Version: 1.0 - Bloomberg L.P.)
Bloomberg SFD Data Dictionary (HKLM\...\Bloomberg SFD Data Dictionary) (Version:  - )
Bloomberg, V.09.07.07 (HKLM\...\Bloomberg, V.09.07.07) (Version:  - )
Borland Database Engine (HKLM\...\{7719052E-B34A-4805-9B6E-E4BC2FCB0CC0}) (Version: 5.2 - LoanPerformance)
Client for Microsoft Office SharePoint Portal Server 2003 (HKLM\...\{21B9D2F9-1CE7-4CDA-9D0D-28EB96565D25}) (Version: 11.0.5704.0 - Microsoft)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6215.1000 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
IBM Rescue and Recovery with Rapid Restore (HKLM\...\{11783F13-C3A9-44A8-929B-21A476F65272}) (Version: 2.04.0182.011 - IBM)
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.141 - InterVideo Inc.)
iPassConnect (HKLM\...\{AB6FFA58-F491-11D3-8951-000000034735}) (Version:  - )
ISavEr (HKLM\...\{F1422DAA-0829-09A1-7536-73936CAB8FFA}) (Version:  - Isavver) <==== ATTENTION
iTunes (HKLM\...\{5D601655-6D54-4384-B52C-17EC5385FBBD}) (Version: 8.2.0.23 - Apple Inc.)
Liquid XML Studio 2010 (HKLM\...\Liquid XML Studio 2010) (Version: 8.0.6.1970 - Liquid Technologies Limited)
Liquid XML Studio 2010 (Version: 8.0.6.1970 - Liquid Technologies Limited) Hidden
LoanPerformance RiskModel 3.1.6 (HKLM\...\{A58D887D-A71D-4C08-A21B-30585EA4CB48}) (Version: 3.1.6 - LoanPerformance)
LoanPerformance RiskModel 4.0 (HKLM\...\{70B2220F-2DB7-4A20-AA83-2ABC7087487B}) (Version: 4.0.3 - LoanPerformance)
LoanPerformance RiskModel 4.0 (HKLM\...\{CA44D7AD-8EB6-4F35-9CC5-59079CAD7113}) (Version: 4.0.3 - LoanPerformance)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee AntiSpyware Enterprise Module (HKLM\...\McAfee Anti-Spyware Enterprise Module) (Version: 8.5.0.163 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM\...\{35C03C04-3F1F-42C2-A989-A757EE691F65}) (Version: 8.6.0 - McAfee, Inc.)
Microsoft .NET Framework (English) v1.0.3705 (HKLM\...\Microsoft .NET Framework Full v1.0.3705 (1033)) (Version:  - )
Microsoft .NET Framework 1.0 Hotfix (KB891864) (HKLM\...\M891864) (Version:  - )
Microsoft .NET Framework 1.0 Hotfix (KB928367) (HKLM\...\M928367) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Hotfix (KB891865) (HKLM\...\M891865) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB953297) (HKLM\...\M953297) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft External Out of Office Assistant (HKLM\...\externaloof) (Version:  - )
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPROR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Viewer 2003 (English) (HKLM\...\{90520409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.3709.5614 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 2.0.30523.8 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{2243F21A-E132-44F7-BA13-024D0845C815}) (Version: 8.05.1704 - Microsoft Corporation)
Microsoft SQL Server Management Studio Express (HKLM\...\{A4512736-8D63-4298-9271-5329931FA46B}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{BF251EAF-8697-4E89-BF09-C998F97BBC40}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1CBE3804-20DF-48DA-B048-895C206E80A5}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
NK04 - VirusScan (HKLM\...\{CB8BC782-6143-423F-8458-BEA64FB868E5}) (Version: 1.1.1020 - RBC - NK04)
Nortel Networks TunnelGuard (HKLM\...\{5650A422-0789-473F-B2C7-6C3D10CC9FFB}) (Version: 2.0.0.0 - Nortel Networks)
QuickTime (HKLM\...\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}) (Version: 7.62.14.0 - Apple Inc.)
Remote Access VPN Client (HKLM\...\{EF964A78-078C-11D1-B7A7-0000C0134CE6}) (Version:  - )
Remove Hidden Data Tool (HKLM\...\{90F80409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6058.0 - Microsoft Corporation)
Safari (HKLM\...\{C5C649A8-1D21-4C83-9B08-7B3752E580F4}) (Version: 4.30.17.0 - Apple Inc.)
SMS Advanced Client (Version: 2.50.4160.2000 - Microsoft Corporation) Hidden
Snapshot Viewer (HKLM\...\{880D04DD-660B-4F4F-940A-F4DB6C95DE35}) (Version: 1.0.850 - RBC - 6N02)
Sothink Flash Downloader for Browser (HKLM\...\{888DEFB8-CFCE-43FE-A7C8-9B18C4450719}_is1) (Version:  - SourceTec Software Co., LTD)
Sothink SWF Catcher (HKLM\...\{49273419-5179-4866-9F71-5CF346F302CF}_is1) (Version: 2.6 - SourceTec Software Co., LTD)
Sothink SWF Decompiler (HKLM\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.3 - SourceTec Software Co., LTD)
Sothink SWF Editor (HKLM\...\{0BF1DE3D-31B9-417F-A915-4BCC5AAEE3CD}_is1) (Version: 1.3 - SourceTec Software Co., LTD)
TextPad 5 (HKLM\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.3.1 - Helios)
ThinkPad Configuration (HKLM\...\{FC081D4D-DF1B-4CF1-B530-027E4118D846}) (Version: 1.51 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 1.16 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.33 - )
ThinkPad Power Manager (HKLM\...\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}) (Version: 1.12 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 7.5.17.18 - )
ThinkPad UltraNav Wizard (HKLM\...\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}) (Version: 3.03 - )
ThinkVantage Active Protection System (HKLM\...\{72806716-7088-41B2-8FA6-717A2A164DAB}) (Version: 1.40 - )
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version:  - WebEx Communications, Inc)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Hotfix - KB873333 (HKLM\...\KB873333) (Version: 20050114.005213 - Microsoft Corporation)
Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation)
Windows XP Hotfix - KB883667 (HKLM\...\KB883667) (Version: 20040812.104354 - Microsoft Corporation)
Windows XP Hotfix - KB885250 (HKLM\...\KB885250) (Version: 20050118.202711 - Microsoft Corporation)
Windows XP Hotfix - KB885453 (HKLM\...\KB885453) (Version: 20040924.183555 - Microsoft Corporation)
Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation)
Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation)
Windows XP Hotfix - KB888113 (HKLM\...\KB888113) (Version: 20041116.131036 - Microsoft Corporation)
Windows XP Hotfix - KB888302 (HKLM\...\KB888302) (Version: 20041207.111426 - Microsoft Corporation)
Windows XP Hotfix - KB890047 (HKLM\...\KB890047) (Version: 20041221.124506 - Microsoft Corporation)
Windows XP Hotfix - KB890175 (HKLM\...\KB890175) (Version: 20041201.233338 - Microsoft Corporation)
Windows XP Hotfix - KB890859 (HKLM\...\KB890859) (Version: 1 - Microsoft Corporation)
Windows XP Hotfix - KB891781 (HKLM\...\KB891781) (Version: 20050110.165439 - Microsoft Corporation)
Windows XP Hotfix - KB893066 (HKLM\...\KB893066) (Version: 1 - Microsoft Corporation)
Windows XP Hotfix - KB893086 (HKLM\...\KB893086) (Version: 1 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip v9.0 (HKLM\...\{B233F2BB-F1D0-460F-88E0-5C19C9132B1A}) (Version: 9.0.930 - RBC - KC10)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
YES1 - Sygate Personal Firewall   (HKLM\...\{AD93A3B7-3AE5-4A99-B9DD-236075A747BE}) (Version: 1.0.970 - RBC)
YKG1 - Centra Client (HKLM\...\{5FC0907C-69A4-4DED-95C8-54F58784C8E7}) (Version: 1.0.970 - RBC - YKG1)
YKJ2 - Central Configuration Utility (HKLM\...\{95AACF74-B3F5-463B-85D8-D2B76339E735}) (Version: 1.0.1010 - RBC - YKJ2)
YLM2 - RBC Enterprise Library (HKLM\...\{4D95051A-A4EE-4EC9-816C-6461A09BF79D}) (Version: 1.0.930 - RBC - YLM2)
YLM7 - RBC Enterprise Library 2.0 (HKLM\...\{71F5D26D-4836-4124-85AE-48D3DB450DB9}) (Version: 1.0.970 - RBC - YLM7)
YND1 - Symantec Enterprise Vault Outlook Add-In (HKLM\...\{68E9F885-3B73-4884-A598-31FC2C7F8E63}) (Version: 7.5.1250 - RBC - YND1 (Symantec Corporation))
YNX3 - Desktop/Laptop Cisco Wireless Drivers (HKLM\...\{D3E95890-DE97-4A4C-89DC-6056A62619AE}) (Version: 1.0.980 - RBC - YNX3)
YNX4 - Intel Wireless Drivers (HKLM\...\{1B0FAEF9-0E29-41AB-BDBF-E443DB5DE609}) (Version: 1.0.1010 - RBC - YNX4)
YRU4 - Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4693 - )
YSOG - T60 BIOS Code (HKLM\...\{FDB42124-1AAA-42E4-B6D5-46652BF58150}) (Version: 1.0.1010 - RBC - YSOG)
YSOK - CMOS Files (HKLM\...\{96434172-9754-4BC9-A317-10E69F1349FC}) (Version: 1.0.980 - RBC - YSOK)
Zinio Reader 4 (HKLM\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.2.3972 - Zinio LLC)
Zinio Reader 4 (Version: 4.2.3972 - Zinio LLC) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list restore points.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-10-18 11:49 - 2014-06-21 08:27 - 00000098 ____A C:\WINNT\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINNT\Tasks\Adobe Flash Player Updater.job => C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINNT\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINNT\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINNT\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2007-09-01 02:55 - 2006-02-01 16:09 - 00024576 ____N () C:\WINNT\system32\tphklock.dll
2007-09-01 02:54 - 2006-02-01 16:09 - 00028672 ____N () C:\WINNT\system32\notifyf2.dll
2007-09-01 02:55 - 2005-11-11 02:33 - 00073782 ____N () C:\WINNT\system32\ibmpmsvc.exe
2005-10-06 23:18 - 2005-10-06 23:18 - 00385024 ____N () C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
2009-04-25 11:37 - 2007-12-14 15:06 - 00120128 _____ () C:\Program Files\Network Associates\Common Framework\naXML2_71.dll
2009-04-25 11:37 - 2007-12-14 15:06 - 00156992 _____ () C:\Program Files\Network Associates\Common Framework\naisign2.DLL
2006-11-30 08:50 - 2006-11-30 08:50 - 00149080 _____ () C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 01159289 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\client\jvm.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00028787 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\hpi.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00057449 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\verify.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00102511 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\java.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00053360 ____R () c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\zip.dll
2003-02-20 16:42 - 2003-02-20 16:42 - 00057451 ____R () C:\Program Files\Nortel Networks\TunnelGuard\jre\bin\net.dll
2005-09-06 16:50 - 2005-09-06 16:50 - 00077824 ____N () C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIcon.DLL
2014-06-18 16:36 - 2014-02-21 13:16 - 00265216 _____ () C:\Program Files\Bitcasa\ExplorerMenu.dll
2014-06-18 16:36 - 2014-02-21 13:06 - 02064896 _____ () C:\Program Files\Bitcasa\bitcasaui.dll
2007-09-01 03:59 - 2005-12-07 02:12 - 00036864 ____N () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
2007-09-01 03:59 - 2005-12-07 02:12 - 00073728 ____N () C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
2007-09-01 02:55 - 2006-02-01 16:09 - 00094208 ____N () C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
2009-04-25 19:16 - 2006-11-06 14:00 - 00651264 _____ () C:\Program Files\iPass\iPassConnect\LIBEAY32.dll
2007-09-01 02:55 - 2006-02-01 16:09 - 00077824 ____N () C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
2011-08-30 08:46 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2011-08-30 08:45 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files\Yahoo!\Messenger\pcre.dll
2015-02-17 15:26 - 2015-02-17 15:26 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3510421623-2965073675-2411060337-1007\Control Panel\Desktop\\Wallpaper -> C:\WINNT\RBCVGA.BMP
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Admin (S-1-5-21-3510421623-2965073675-2411060337-1014 - Administrator - Enabled) => d:\data\Admin
administrator (S-1-5-21-3510421623-2965073675-2411060337-1007 - Administrator - Enabled) => d:\data\administrator.3YFK943Z
ASPNET (S-1-5-21-3510421623-2965073675-2411060337-1003 - Limited - Enabled)
Guest (S-1-5-21-3510421623-2965073675-2411060337-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3510421623-2965073675-2411060337-1005 - Limited - Disabled)
rainmaker (S-1-5-21-3510421623-2965073675-2411060337-1012 - Administrator - Enabled) => d:\data\rainmaker
rbcadmin (S-1-5-21-3510421623-2965073675-2411060337-500 - Administrator - Enabled) => d:\data\Administrator
rbc_troppus (S-1-5-21-3510421623-2965073675-2411060337-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2015 02:47:45 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: This operation returned because the timeout period expired.

Error: (04/17/2015 02:45:00 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/17/2015 02:45:00 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/17/2015 02:44:59 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/17/2015 02:44:30 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: This network connection does not exist.

Error: (04/17/2015 02:44:30 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/17/2015 02:44:25 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: This operation returned because the timeout period expired.

Error: (04/17/2015 02:44:10 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/17/2015 02:44:10 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/17/2015 02:43:12 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: This operation returned because the timeout period expired.


System errors:
=============
Error: (04/17/2015 02:41:48 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.4 for the Network Card with network address 001B773DA319 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (04/17/2015 02:41:40 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain OAK due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (04/17/2015 01:50:46 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.4 for the Network Card with network address 0013024D5413 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (04/17/2015 01:48:59 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain OAK due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (04/17/2015 01:16:11 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (04/17/2015 01:13:31 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain OAK due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (04/17/2015 01:05:57 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Error: (04/17/2015 00:51:03 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (04/17/2015 00:50:55 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (04/17/2015 00:48:50 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain OAK due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ Duo CPU T2400 @ 1.83GHz
Percentage of memory in use: 38%
Total physical RAM: 1526.36 MB
Available physical RAM: 933.14 MB
Total Pagefile: 4225.84 MB
Available Pagefile: 3512.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.17 MB

==================== Drives ================================

Drive c: (COE) (Fixed) (Total:60.45 GB) (Free:22.1 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (DATA) (Fixed) (Total:32.7 GB) (Free:4.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 93.2 GB) (Disk ID: DAEEECAE)
Partition 1: (Active) - (Size=60.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=32.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi angelbreath_1999, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 
  • Uninstall Google Chrome

    Google Chome has been set to Development-Build as shown in your log. Unless this setting was applied by youself, we need to re-install this software to prevent malware from installing extensions. Please follow the steps outlined below:

    1. Export bookmarks that you wish to preserve.
    2. Please login to your Google Sync account and scroll down until you find "Stop and Clear" button and click on the button. At the prompt click on "Ok".
    3. Uninstall Google Chrome via control-panel.
    • Attention: When asked for user data or settings, you must remove this also so please check the box.
    4. Re-install Google Chrome after the PC is malware free.
 
  • Step #1 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
    • ISavEr
    • McAfee Security Scan Plus
 
  • Step #2 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      CreateRestorePoint:
      CloseProcesses:
      EmptyTemp:
      HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
      HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
      SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-21-3510421623-2965073675-2411060337-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      CMD: netsh winsock reset
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #3 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart;
    • Copy and Paste the contents of this log in your reply.
 
  • Step #4 Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link 1
    Download Link 2
    • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
    • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
    • Please be patient as the tool cleans your system;
    • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Required Log(s):
    • FRST Fix Log
    • AdwCleaner Log
    • Junkware Removal Tool Log
Regards,
Valinorum
  • 0

#3
angelbreath_1999

angelbreath_1999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Thank you so much for the reply & help.

 

I proceeded to remove Chrome and the other two applications you denoted above.   When I went to run the FRST fix, the process ran and then the PC displayed a blue error screen and required a restart.  Error was:  Stop: 0x000000F4 (0x00000003, 0x88937020, 0x88937194, 0x05D1658).

 

When I restarted, there was the log saved to my desktop.  Just wanted to confirm that I should proceed with Step 3 given the error above. 

 

Thanks

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-04-2015
Ran by rainmaker at 2015-04-19 08:53:49 Run:5
Running from d:\data\rainmaker\Desktop
Loaded Profiles: rainmaker & jolcese &  (Available profiles: administrator & rainmaker & Admin & jolcese & rbcadmin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3510421623-2965073675-2411060337-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CMD: netsh winsock reset
End
*****************
 


  • 0

#4
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Proceed from Step 2.
  • 0

#5
angelbreath_1999

angelbreath_1999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

OK,  here are the other two logs

 

# AdwCleaner v4.201 - Logfile created 19/04/2015 at 09:10:27
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Local]
# Operating system : Microsoft Windows XP Service Pack 2 (x86)
# Username : rainmaker - 3YFK943Z
# Running from : d:\data\rainmaker\Desktop\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : YahooAUService

***** [ Files / Folders ] *****

Folder Deleted : d:\data\All Users\Application Data\Yahoo! Companion
Folder Deleted : d:\data\All Users\Application Data\3eda283a8b7b0d3d
Folder Deleted : d:\data\rainmaker\Local Settings\Application Data\visi_coupon
Folder Deleted : d:\data\rainmaker\Start Menu\Programs\FLV Player
Folder Deleted : d:\data\jolcese\Application Data\Mozilla\Firefox\Profiles\sk4x57o6.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\WINNT\system32\config\pastalea.evt
File Deleted : d:\data\jolcese\Application Data\Mozilla\Firefox\Profiles\sk4x57o6.default\user.js
File Deleted : d:\data\jolcese\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage
File Deleted : d:\data\jolcese\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
Key Deleted : HKU\.DEFAULT\Software\Microsoft\KanarCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{10A0E600-D246-BD63-F465-4C849C688998}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Data Deleted : HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings [ProxySettingsPerUser] - 0

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v

[d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - Deleted [Startup_URLs] : hxxp://search.easylifeapp.com/
[d:\data\jolcese\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[d:\data\jolcese\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [12898 bytes] - [14/01/2014 13:44:38]
AdwCleaner[R1].txt - [22179 bytes] - [23/03/2014 22:17:10]
AdwCleaner[R2].txt - [6971 bytes] - [25/03/2014 21:05:38]
AdwCleaner[R3].txt - [2535 bytes] - [21/06/2014 08:33:59]
AdwCleaner[R4].txt - [27360 bytes] - [27/09/2014 14:24:57]
AdwCleaner[R5].txt - [5830 bytes] - [19/04/2015 09:05:56]
AdwCleaner[S0].txt - [13294 bytes] - [14/01/2014 13:46:37]
AdwCleaner[S1].txt - [6005 bytes] - [25/03/2014 21:07:22]
AdwCleaner[S2].txt - [2638 bytes] - [21/06/2014 08:44:53]
AdwCleaner[S3].txt - [27563 bytes] - [27/09/2014 15:05:06]
AdwCleaner[S4].txt - [5845 bytes] - [19/04/2015 09:10:27]

########## EOF - d:\AdwCleaner\AdwCleaner[S4].txt - [5904  bytes] ##########
 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.8 (04.17.2015:1)
OS: Microsoft Windows XP x86
Ran by rainmaker on 2015/04/19 at  9:15:22.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015/04/19 at  9:19:53.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#6
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
I require you to perform the FRST fix as well. After you have done so, reset your web-browser.
  • 0

#7
angelbreath_1999

angelbreath_1999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

I previously provided the FRST log in my post related to the blue screen error.  Here it is.  Also performed broswer resets on Firefox and IE, Chrome is not installed.  Still getting in browser ads- ie Fix Windows XP in minutes, or She Ellen Cry, etc.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-04-2015
Ran by rainmaker at 2015-04-19 08:53:49 Run:5
Running from d:\data\rainmaker\Desktop
Loaded Profiles: rainmaker & jolcese &  (Available profiles: administrator & rainmaker & Admin & jolcese & rbcadmin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3510421623-2965073675-2411060337-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CMD: netsh winsock reset
End
*****************
 


  • 0

#8
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Please re-do the FRST fix part. Let's see if it runs okay this time.
  • 0

#9
angelbreath_1999

angelbreath_1999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Hi.  Same blue screen error upon running fix with FRST.  Here is the log after restart.  Please advise

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-04-2015 01
Ran by rainmaker at 2015-04-23 06:18:59 Run:6
Running from d:\data\rainmaker\Desktop
Loaded Profiles: rainmaker (Available profiles: administrator & rainmaker & Admin & jolcese & rbcadmin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3510421623-2965073675-2411060337-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CMD: netsh winsock reset
End
*****************
 


  • 0

#10
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Use the following fixlist:-
Start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3510421623-2965073675-2411060337-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
End

  • 0

Advertisements


#11
angelbreath_1999

angelbreath_1999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

I ran the updated fix.  Got a similar blue screen about 30 secs after starting the run.  Log below

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-04-2015 01
Ran by rainmaker at 2015-04-24 21:38:20 Run:7
Running from d:\data\rainmaker\Desktop
Loaded Profiles: rainmaker (Available profiles: administrator & rainmaker & Admin & jolcese & rbcadmin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3510421623-2965073675-2411060337-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
End
*****************
 


  • 0

#12
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
I am sorry you are facing this. Can you delete your version of FRST and re-download it from here. Re-run the fix afterwards. If it fails, I will notify the author and try a new approach.
  • 0

#13
angelbreath_1999

angelbreath_1999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Hi.  I re-downloaded from your link and ran the fix again.  Same error.  Here is the log from the last run.  Please advise.  Thanks!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-04-2015
Ran by rainmaker at 2015-04-26 17:11:25 Run:8
Running from d:\data\rainmaker\Desktop
Loaded Profiles: rainmaker (Available profiles: administrator & rainmaker & Admin & jolcese & rbcadmin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3510421623-2965073675-2411060337-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
End
*****************
 


  • 0

#14
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
  • Step #5 Run Zoek
    Temporary disable your security software i.e. anti-virus, anti-malware. Peruse this if you are unsure. Download Zoek.exe by smeenk from one of the following locations listed below --
    Download Link #1
    Download Link #2
    • Right-click and choose Run as administrator to run the program.
      • Note: The program may not appear instantaneously. Await few minutes for the program to start if that happens
    • Copy and Paste the following content inside the code box into Zoek's box --
      autoclean;
      emptyalltemp;
      startupall;
      filesrcm; 
      hijackthis;
      firefoxlook;
      chromelook;
      skipfix-iedefaults;
      silentrunners;
      
    • Close all open Windows including your web-browser.
    • Click on Run Script.
    • Your system may reboot and a log file will open which is also located in your systemdrive.
    • Copy and Paste the contents of the log in your next reply.
 
  • Required Log(s):
    • Zoek Log
Regards,
Valinorum
  • 0

#15
angelbreath_1999

angelbreath_1999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Ok,  Here is the log.

 

Zoek.exe v5.0.0.0 Updated 23-04-2015
Tool run by rainmaker on 2015/04/27 at 19:55:34.20.

Running in: Normal Mode Internet Access Detected
Launched: d:\data\rainmaker\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

d:\zoek-results2014-06-21-193321.log    13309 bytes
d:\zoek-results2014-09-27-192422.log    1230 bytes

==== Empty Folders Check ======================

C:\Program Files\Messenger deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
d:\data\tpritcha\Application Data\Google deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3510421623-2965073675-2411060337-1012\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\Messenger not found
C:\Program Files\ComPlus Applications deleted
C:\Program Files\WindowsUpdate deleted
d:\data\rainmaker\AppData\LocalLow\{1D2F45C0-E723-C694-063B-A958023E9A1B} deleted
C:\Program Files\Price Check by AOL deleted
d:\data\Admin\Application Data\Yahoo! deleted
d:\data\administrator.3YFK943Z\Application Data\Yahoo! deleted
d:\data\jolcese\Application Data\Yahoo! deleted
d:\data\NetworkService\Application Data\Yahoo! deleted
d:\data\rainmaker\Application Data\Yahoo! deleted
d:\data\ALLUSE~1\APPLIC~1\Yahoo! deleted
d:\data\ALLUSE~1\APPLIC~1\InstallMate deleted
d:\data\rainmaker\Local Settings\Application Data\Price Check by AOL deleted
d:\data\rainmaker\AppData\LocalLow\{14FECF05-07E6-F00A-022B-972661DBF6D7} deleted
d:\data\rainmaker\AppData\LocalLow\{AF65D59C-F293-541E-232A-5DEFC263D618} deleted
C:\WINNT\system32\GroupPolicy\ADM deleted
C:\WINNT\system32\GroupPolicy\User deleted
d:\data\Admin\Application Data\Mozilla\Firefox\Profiles\ilojflhm.default\extensions\staged deleted
"d:\data\rainmaker\Application Data\Axro\gioka.pet" deleted
"d:\data\rainmaker\Application Data\Axro" deleted
"C:\minint" not deleted

==== Files Recently Created / Modified ======================

====== C:\WINNT ====
====== d:\data\RAINMA~1\LOCALS~1\Temp ====
2015-04-25 01:36:54    C36FC18F9E69D4CFE1E485711463D838    273008    ----a-w-    d:\data\rainmaker\Local Settings\temp\MozUpdater\bgupdate-1\updater.exe
2015-04-25 01:36:53    C36FC18F9E69D4CFE1E485711463D838    273008    ----a-w-    d:\data\rainmaker\Local Settings\temp\MozUpdater\bgupdate\updater.exe
2015-04-23 10:17:28    100E1D3D6F0C9F7FD7172E5584BDF877    1139200    ----a-w-    d:\data\rainmaker\Local Settings\temp\Temporary Internet Files\Content.IE5\L40YIX6P\FRST[1].exe
2015-04-19 13:14:16    FDD26A402322F212DCA153FF8B1FFB6E    78816    ----a-w-    d:\data\rainmaker\Local Settings\temp\jrt\tweaking.com_registry_backup_portable\pcwintech_tasksch.dll
2015-04-19 13:14:16    E0DC8C6BBC787B972A9A468648DBFD85    1008128    ----a-w-    d:\data\rainmaker\Local Settings\temp\jrt\libiconv2.dll
2015-04-19 13:14:16    DC7A3BC0FC185CD68848DC6F7D7B026B    40960    ----a-w-    d:\data\rainmaker\Local Settings\temp\jrt\tweaking.com_registry_backup_portable\SSubTmr6.dll
2015-04-19 13:14:16    D202BAA425176287017FFE1FB5D1B77C    103424    ----a-w-    d:\data\rainmaker\Local Settings\temp\jrt\libintl3.dll
2015-04-19 13:14:16    A107DE2D120C0571B544EEC53D1971AB    1406208    ----a-w-    d:\data\rainmaker\Local Settings\temp\jrt\tweaking.com_registry_backup_portable\TweakingRegistryBackup.exe
2015-04-19 13:14:16    57CAC848FA14AE38F14F9441F8933282    140288    ----a-w-    d:\data\rainmaker\Local Settings\temp\jrt\pcre3.dll
2015-04-19 13:14:16    547C43567AB8C08EB30F6C6BACB479A3    79360    ----a-w-    d:\data\rainmaker\Local Settings\temp\jrt\regex2.dll
2015-04-19 13:14:16    1B128828BF5E4353811B6DA58156B7F4    6656    ----a-w-    d:\data\rainmaker\Local Settings\temp\jrt\tweaking.com_registry_backup_portable\files\dosdev.exe
2015-04-19 12:48:29    D7AD0AD3162BCD50E1D2E462E8C748EA    264488    ----a-w-    d:\data\rainmaker\Local Settings\temp\MSS\3.8.150.1\McInstallerRes.dll
2015-04-19 12:48:29    9BD51360CB8F1A2206642599D40FD258    419048    ----a-w-    d:\data\rainmaker\Local Settings\temp\MSS\3.8.150.1\mcbrwsr2.dll
2015-04-19 12:48:29    7A5A07D9A323DFD9097C9CF39E6802E6    153760    ----a-w-    d:\data\rainmaker\Local Settings\temp\MSS\3.8.150.1\McInstallerRes_LD.dll
2015-04-19 12:48:29    26FD227409FB73C4D958602B8A3EFFA0    577632    ----a-w-    d:\data\rainmaker\Local Settings\temp\MSS\3.8.150.1\McInstallerStartup.dll
2015-04-19 12:48:28    74557BFD04530E512DBB9C151C4DA110    499384    ----a-w-    d:\data\rainmaker\Local Settings\temp\MSS\3.8.150.1\McUICnt.exe
====== Java Cache =====
====== C:\WINNT\system32 =====
====== C:\WINNT\system32\drivers =====
====== C:\WINNT\Tasks ======
====== C:\WINNT\Temp ======
======= C:\Program Files =====
======= d: =====
====== d:\data\rainmaker\Application Data ======
2015-04-20 00:12:04    --------    d-----w-    d:\data\rainmaker\Application Data\Liquid Technologies Ltd
2015-04-20 00:12:00    --------    d-----w-    d:\data\rainmaker\Local Settings\Application Data\Liquid_Technologies_Ltd
2015-04-18 01:16:17    --------    d-----w-    d:\data\jolcese\Local Settings\Application Data\Mozilla
2015-04-18 01:16:16    --------    d-----w-    d:\data\jolcese\Application Data\Mozilla
2015-04-18 01:15:35    --------    d-----w-    d:\data\jolcese\Application Data\Adobe
2015-04-18 01:15:33    --------    d-----w-    d:\data\jolcese\Local Settings\Application Data\Apple Computer
2015-04-18 01:15:26    --------    d-----w-    d:\data\jolcese\Start Menu\Programs\Accessories\System Tools
2015-04-18 01:15:20    --------    d-----w-    d:\data\jolcese\Local Settings\Application Data\Google
2015-04-18 01:15:11    --------    d-----w-    d:\data\jolcese\Application Data\Identities
2015-04-18 01:15:07    88CF0FF92A4A9FA7BD9B7513B2E9E22B    62    --sha-w-    d:\data\jolcese\Application Data\desktop.ini
2015-04-18 01:15:07    0FF833EADAFF7ABB3638106652D272EA    118    ----a-w-    d:\data\jolcese\Local Settings\Application Data\fusioncache.dat
2015-04-18 01:15:07    --------    d-s---w-    d:\data\jolcese\Application Data\Microsoft
2015-04-18 01:15:07    --------    d-----w-    d:\data\jolcese\Local Settings\Application Data\Microsoft
2015-04-18 01:15:07    --------    d-----w-    d:\data\jolcese\Local Settings\Application Data\ApplicationHistory
2015-04-18 01:15:07    --------    d-----w-    d:\data\jolcese\Local Settings\Application Data\Adobe
2015-04-18 01:15:07    --------    d-----w-    d:\data\jolcese\Application Data\Sun
2015-04-18 01:15:07    --------    d-----r-    d:\data\jolcese\Start Menu\Programs\Startup
2015-04-18 01:15:07    --------    d-----r-    d:\data\jolcese\Start Menu\Programs\Accessories\Entertainment
2015-04-18 01:15:07    --------    d-----r-    d:\data\jolcese\Start Menu\Programs\Accessories\Accessibility
2015-04-18 01:15:07    --------    d-----r-    d:\data\jolcese\Start Menu\Programs\Accessories
2015-04-18 01:15:07    --------    d-----r-    d:\data\jolcese\Start Menu\Programs
2015-04-17 19:16:56    --------    d-----w-    d:\data\administrator.3YFK943Z\Local Settings\Application Data\Mozilla
2015-04-17 19:16:55    --------    d-----w-    d:\data\administrator.3YFK943Z\Application Data\Mozilla
====== d:\data\rainmaker ======
2015-04-26 21:10:42    2F24BBB7DD02F57E529D72389608A784    1140736    ----a-w-    d:\data\rainmaker\Desktop\FRST.exe
2015-04-20 10:24:20    --------    d-sh--w-    d:\data\rainmaker\IECompatCache
2015-04-19 13:03:57    2B75AC0607AA0D16A0BCBD41C2BA03EB    2686254    ----a-w-    d:\data\rainmaker\Desktop\JRT.exe
2015-04-19 13:02:49    0EFDC1550592DC0C4E73AFFB54B35C3E    2217984    ----a-w-    d:\data\rainmaker\Desktop\adwcleaner_4.201.exe
2015-04-18 01:53:07    --------    d-sh--w-    d:\data\jolcese\IECompatCache
2015-04-18 01:28:54    --------    d-sh--w-    d:\data\jolcese\PrivacIE
2015-04-18 01:15:27    --------    d-sh--w-    d:\data\jolcese\IETldCache
2015-04-18 01:15:07    CBDA6984D2ECC537AEF07205AE001013    178    --sha-w-    d:\data\jolcese\ntuser.ini
2015-04-18 01:15:07    --------    d-sh--w-    d:\data\jolcese\Cookies
2015-04-18 01:15:07    --------    d--h--w-    d:\data\jolcese\Templates
2015-04-18 01:15:07    --------    d--h--w-    d:\data\jolcese\PrintHood
2015-04-18 01:15:07    --------    d--h--w-    d:\data\jolcese\NetHood
2015-04-18 01:15:07    --------    d--h--w-    d:\data\jolcese\Local Settings
2015-04-18 01:15:07    --------    d--h--r-    d:\data\jolcese\SendTo
2015-04-18 01:15:07    --------    d--h--r-    d:\data\jolcese\Recent
2015-04-18 01:15:07    --------    d--h--r-    d:\data\jolcese\Application Data
2015-04-18 01:15:07    --------    d-----w-    d:\data\jolcese\Desktop
2015-04-18 01:15:07    --------    d-----r-    d:\data\jolcese\Start Menu
2015-04-18 01:15:07    --------    d-----r-    d:\data\jolcese\My Documents
2015-04-18 01:15:07    --------    d-----r-    d:\data\jolcese\Favorites
2015-04-17 18:51:01    --------    d-sh--w-    d:\data\administrator.3YFK943Z\IECompatCache
2015-04-17 18:44:55    --------    d-sh--w-    d:\data\administrator.3YFK943Z\PrivacIE

====== C: exe-files ==
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t"

[HKEY_USERS\S-1-5-21-3510421623-2965073675-2411060337-1012\Software\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo\PROGRA~1\Yahoo\MESSEN~1\YahooMessenger.exe -quiet"
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe"
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe /StartedFromRunKey"
"igfxtray"="C:\WINNT\system32\igfxtray.exe"
"igfxhkcmd"="C:\WINNT\system32\hkcmd.exe"
"igfxpers"="C:\WINNT\system32\igfxpers.exe"
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe"
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"TpShocks"="TpShocks.exe"
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE /STANDALONE"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Bitcasa"="C:\Program Files\Bitcasa\BitcasaBoot.exe C:\Program Files\Bitcasa\Bitcasa.exe /startup"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo\PROGRA~1\Yahoo\MESSEN~1\YahooMessenger.exe -quiet"
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe"

==== Task Scheduler Jobs ======================

C:\WINNT\tasks\Adobe Flash Player Updater.job --a------ C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015/01/19 01:53 PM]
C:\WINNT\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files\AppleC:oftware Update\SoftwareUpdate.exe []
C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [2008/11/05 12:16 PM]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\ell8rda7.default-1429525268921
8560995C727974F27F2A1CE68909FEB9    - C:\WINNT\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll -    Shockwave Flash
1F8FFDE82C52353906244AFDC6BAF2AB    - C:\Program Files\VideoLAN\VLC\npvlc.dll -    VLC Web Plugin
564F5EF61C9FE7C550DC835A30613B80    - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll -    QuickTime Plug-in 7.6.2
90AFC2C40D3C619C547175714BE109DC    - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll -    QuickTime Plug-in 7.6.2
DDFF7CA7EB4B0CE71C078B9792611F36    - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -    QuickTime Plug-in 7.6.2
05DBAF8576E4352337EA739E67814286    - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -    QuickTime Plug-in 7.6.2
883B281C2D59D08CDE3A3A1651D0D84A    - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -    QuickTime Plug-in 7.6.2
B61E3EC88212B4B82A36EED8C41F10FF    - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -    QuickTime Plug-in 7.6.2
51BCB411CA018ED7ABA582D3C3028324    - C:\Program Files\QuickTime\Plugins\npqtplugin.dll -    QuickTime Plug-in 7.6.2
138EF7ED9CB97497F1113A9FA06CA0B7    - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll -    Adobe Acrobat
E7AF1F6D89354BDB810A8523613EA2C3    - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -    iTunes Application Detector
AB87EEFFD18F2BAAFC274E7075EA6C67    - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -    Windows Presentation Foundation / Windows Presentation Foundation
1EA1284CC67E46152F462DDE78F6FF6A    - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll -    Silverlight Plug-In
B3EFFE7C6EDBA9A754158B8EA2BF7BBA    - C:\Program Files\Windows Media Player\npdsplay.dll -    Windows Media Player Plug-in Dynamic Link Library
509335C61594A73AB32E1B572AEE61A8    - C:\Program Files\Windows Media Player\npdrmv2.dll -    Microsoft® DRM
6D8F27BEE96589722EE485324FDD88D9    - C:\Program Files\Windows Media Player\npwmsdrm.dll -    Microsoft® DRM
508D57F520299A58FD3479BED6056E81    - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrlui.dll -    Silverlight Plug-In


==== Fake Chromium Profiles Check ======================

Fake profile d:\data\Admin\Local Settings\Application Data\Google\Chrome SxS deleted
Fake profile d:\data\Admin\Local Settings\Application Data\Comodo\Dragon deleted
Fake profile d:\data\Administrator\Local Settings\Application Data\Google\Chrome deleted
Fake profile d:\data\Administrator\Local Settings\Application Data\Google\Chrome SxS deleted
Fake profile d:\data\Administrator\Local Settings\Application Data\Comodo\Dragon deleted
Fake profile d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome SxS deleted
Fake profile d:\data\administrator.3YFK943Z\Local Settings\Application Data\Comodo\Dragon deleted
Fake profile d:\data\ASPNET\Local Settings\Application Data\Google\Chrome deleted
Fake profile d:\data\ASPNET\Local Settings\Application Data\Google\Chrome SxS deleted
Fake profile d:\data\ASPNET\Local Settings\Application Data\Comodo\Dragon deleted
Fake profile d:\data\Guest\Local Settings\Application Data\Google\Chrome deleted
Fake profile d:\data\Guest\Local Settings\Application Data\Google\Chrome SxS deleted
Fake profile d:\data\Guest\Local Settings\Application Data\Comodo\Dragon deleted
Fake profile d:\data\HelpAssistant\Local Settings\Application Data\Google\Chrome deleted
Fake profile d:\data\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS deleted
Fake profile d:\data\HelpAssistant\Local Settings\Application Data\Comodo\Dragon deleted
Fake profile d:\data\rainmaker\Local Settings\Application Data\Google\Chrome SxS deleted
Fake profile d:\data\rainmaker\Local Settings\Application Data\Comodo\Dragon deleted
Fake profile d:\data\rbc_troppus\Local Settings\Application Data\Google\Chrome deleted
Fake profile d:\data\rbc_troppus\Local Settings\Application Data\Google\Chrome SxS deleted
Fake profile d:\data\rbc_troppus\Local Settings\Application Data\Comodo\Dragon deleted

==== Chromium Look ======================


Google Docs - Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Mini Notepad - Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apjhdoaiejppfmijnkopdcpjcngdlffj
YouTube - Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Facepad for Facebook - Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgaknhmchnjaphondjciheacngggiclo
Google Search - Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
YouTube Flags - Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeammepjjllhpcfnkohocddkmdejjebc
Best Save - Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifkgichhpmabepjkbkmfeclembjdbpml
Google Wallet - Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Responsive Web Design Tester - Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg
Gmail - Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Mini Notepad - administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apjhdoaiejppfmijnkopdcpjcngdlffj
Google Voice Search Hotword (Beta) - administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Facepad for Facebook - administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgaknhmchnjaphondjciheacngggiclo
Google Search - administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
YouTube Flags - administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeammepjjllhpcfnkohocddkmdejjebc
Yahoo Toolbar for Chrome - administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag
Best Save - administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifkgichhpmabepjkbkmfeclembjdbpml
Google Wallet - administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Responsive Web Design Tester - administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg
Gmail - administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - jolcese\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - jolcese\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - jolcese\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - jolcese\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Gmail - jolcese\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Mini Notepad - rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apjhdoaiejppfmijnkopdcpjcngdlffj
Google Voice Search Hotword (Beta) - rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Facepad for Facebook - rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgaknhmchnjaphondjciheacngggiclo
YouTube Flags - rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeammepjjllhpcfnkohocddkmdejjebc
Google Wallet - rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Responsive Web Design Tester - rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg

==== Chromium Startpages ======================

d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/"

d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",


==== Chromium Fix ======================

d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag deleted successfully
d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eihhgekonheiliaidomffpplfhecmkag_0.localstorage deleted successfully
d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eihhgekonheiliaidomffpplfhecmkag_0.localstorage-journal deleted successfully
d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apjhdoaiejppfmijnkopdcpjcngdlffj deleted successfully
d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apjhdoaiejppfmijnkopdcpjcngdlffj deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apjhdoaiejppfmijnkopdcpjcngdlffj deleted successfully
d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_apjhdoaiejppfmijnkopdcpjcngdlffj_0.localstorage deleted successfully
d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_apjhdoaiejppfmijnkopdcpjcngdlffj_0.localstorage-journal deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_apjhdoaiejppfmijnkopdcpjcngdlffj_0.localstorage deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_apjhdoaiejppfmijnkopdcpjcngdlffj_0.localstorage-journal deleted successfully
d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgaknhmchnjaphondjciheacngggiclo deleted successfully
d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgaknhmchnjaphondjciheacngggiclo deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgaknhmchnjaphondjciheacngggiclo deleted successfully
d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cgaknhmchnjaphondjciheacngggiclo_0.localstorage deleted successfully
d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cgaknhmchnjaphondjciheacngggiclo_0.localstorage-journal deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cgaknhmchnjaphondjciheacngggiclo_0.localstorage deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cgaknhmchnjaphondjciheacngggiclo_0.localstorage-journal deleted successfully
d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeammepjjllhpcfnkohocddkmdejjebc deleted successfully
d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeammepjjllhpcfnkohocddkmdejjebc deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeammepjjllhpcfnkohocddkmdejjebc deleted successfully
d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eeammepjjllhpcfnkohocddkmdejjebc_0.localstorage deleted successfully
d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eeammepjjllhpcfnkohocddkmdejjebc_0.localstorage-journal deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eeammepjjllhpcfnkohocddkmdejjebc_0.localstorage deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eeammepjjllhpcfnkohocddkmdejjebc_0.localstorage-journal deleted successfully
d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifkgichhpmabepjkbkmfeclembjdbpml deleted successfully
d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifkgichhpmabepjkbkmfeclembjdbpml deleted successfully
d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifkgichhpmabepjkbkmfeclembjdbpml_0.localstorage deleted successfully
d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifkgichhpmabepjkbkmfeclembjdbpml_0.localstorage-journal deleted successfully
d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg deleted successfully
d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg deleted successfully
d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_objclahbaimlfnbjdeobicmmlnbhamkg_0.localstorage deleted successfully
d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_objclahbaimlfnbjdeobicmmlnbhamkg_0.localstorage-journal deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_objclahbaimlfnbjdeobicmmlnbhamkg_0.localstorage deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_objclahbaimlfnbjdeobicmmlnbhamkg_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE8SRC"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\8809d5e4-a032-420c-b003-d791e0d8e254 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{880D04DD-660B-4F4F-940A-F4DB6C95DE35} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DD40D088B066F4F449A04FBDC659ED53 deleted successfully

==== HijackThis Entries ======================

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Bitcasa] C:\Program Files\Bitcasa\BitcasaBoot.exe "C:\Program Files\Bitcasa\Bitcasa.exe" /startup
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3510421623-2965073675-2411060337-1012\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-3510421623-2965073675-2411060337-1012\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: TunnelGuard Tray Monitor.lnk = C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com/?fr=fp-yie8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oak.fg.rbc.com
O17 - HKLM\Software\..\Telephony: DomainName = oak.fg.rbc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = oak.fg.rbc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = oak.fg.rbc.com,rbccm.com,ln.rbccm.com,rbcds.com,gm.rbcds.com,ny.rbcds.com,rbc1.royalbank.com,fg.rbc.com,uklon.fg.rbc.com,pine.fg.rbc.com,rbc.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = oak.fg.rbc.com,rbccm.com,ln.rbccm.com,rbcds.com,gm.rbcds.com,ny.rbcds.com,rbc1.royalbank.com,fg.rbc.com,uklon.fg.rbc.com,pine.fg.rbc.com,rbc.com
O21 - SSODL: EldosMountNotificator-cbfs5 - {2FDAFB24-B169-4275-A542-BBBF7E571352} - C:\WINNT\system32\cbfsMntNtf5.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {2FDAFB24-B169-4275-A542-BBBF7E571352} - C:\WINNT\system32\cbfsMntNtf5.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\system32\DWRCS.EXE
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nexxia\Extranet_serv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lan Discover Agent (magaService) - Unknown owner - c:\Program Files\Sygate\SSA\maga\maga.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINNT\System32\TPHDEXLG.EXE
O23 - Service: Nortel Networks TunnelGuard (tunnelguardservice) - Alexandria Software Consulting - c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe

==== Silent Runners ======================


==== Empty IE Cache ======================

d:\data\Admin\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
d:\data\Admin\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
d:\data\administrator.3YFK943Z\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully
d:\data\administrator.3YFK943Z\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
d:\data\jolcese\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
d:\data\jolcese\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
d:\data\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
d:\data\rainmaker\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
d:\data\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
d:\data\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
d:\data\rainmaker\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

d:\data\administrator.3YFK943Z\Local Settings\Application Data\Mozilla\Firefox\Profiles\fe3pt8sv.default\cache2 emptied successfully
d:\data\jolcese\Local Settings\Application Data\Mozilla\Firefox\Profiles\sk4x57o6.default\cache2 emptied successfully
d:\data\rainmaker\Local Settings\Application Data\Mozilla\Firefox\Profiles\ell8rda7.default-1429525268921\cache2 emptied successfully

==== Empty Chrome Cache ======================

d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
d:\data\jolcese\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=375 folders=116 14983653 bytes)

==== Empty Temp Folders ======================

d:\data\Admin\Local Settings\Temp emptied successfully
d:\data\Administrator\Local Settings\temp emptied successfully
d:\data\administrator.3YFK943Z\Local Settings\temp emptied successfully
d:\data\Default User\Local Settings\Temp emptied successfully
d:\data\jolcese\Local Settings\Temp emptied successfully
d:\data\LocalService\Local Settings\temp will be emptied at reboot
d:\data\NetworkService\Local Settings\Temp will be emptied at reboot
d:\data\rainmaker\Local Settings\temp will be emptied at reboot
d:\data\sserebre\Local Settings\temp emptied successfully
d:\data\stozin\Local Settings\temp emptied successfully
d:\data\tmaloof\Local Settings\temp emptied successfully
d:\data\tpritcha\Local Settings\temp emptied successfully
d:\data\wksbuild\Local Settings\temp emptied successfully
C:\WINNT\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINNT\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"d:\data\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat" not found
"d:\data\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"d:\data\rainmaker\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat" not found
"d:\data\NetworkService\Local Settings\Temp\Perflib_Perfdata_220.dat" not found
"C:\minint"  not deleted
"d:\data\LocalService\Local Settings\temp\Cookies" deleted
"d:\data\LocalService\Local Settings\temp\History" deleted
"d:\data\LocalService\Local Settings\temp\Temporary Internet Files" deleted

==== EOF on 2015/04/27 at 21:21:01.28 ======================
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP