OK, here is all the detail you requested. Seems to be running better thus far. Noticed far less pop-ups and browsers seem faster. PC does not seem like its always running, like it was.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by rainmaker at 2014-03-23 22:11:59 Run:1
Running from D:\data\rainmaker\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
(Cool Mirage) C:\Program Files\1clickmoviedownloader.com\MovieDownloader.exe
C:\Program Files\1clickmoviedownloader.com
() C:\Program Files\GrabRez\updateGrabRez.exe
() C:\Program Files\GrabRez\bin\utilGrabRez.exe
C:\Program Files\GrabRez
(Iminent) C:\Program Files\Common Files\Umbrella\Umbrella260.exe
(Iminent) C:\Program Files\Common Files\Umbrella
(Smart PC Solutions) C:\Program Files\PC Speed Maximizer\SPMSmartScan.exe
(Smart PC Solutions) C:\Program Files\PC Speed Maximizer
(Cherished Technololgy LIMITED) d:\data\All Users\Application Data\WPM\wprotectmanager.exe
(Cherished Technololgy LIMITED) d:\data\All Users\Application Data\IePluginService\PluginService.exe
d:\data\All Users\Application Data\WPM
d:\data\All Users\Application Data\IePluginService
() C:\Program Files\Mobogenie\MgAssist.exe
() C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\Mobogenie
() C:\Program Files\Re-markit-soft\Re-markit_wd.exe
C:\Program Files\Re-markit-soft
() C:\Program Files\Re-markit-soft\Re-markit157.exe
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe [764096 2014-03-12] ()
HKLM\...\Runonce: [hugefiles2] - [X]
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [UIHost] logonui.exe [x ] ()
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon] - "C:\WINNT\system32\Rundll32.exe" "d:\data\rainmaker\Application Data\ValueApps\CH\TBVerifier.dll",RunConduitFloatingPlugin lcnnhcneegeeojhgpfijnlnocjdmlaon
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [PC Speed Maximizer] - C:\Program Files\PC Speed Maximizer\SPMLauncher.exe [134768 2014-02-21] (Smart PC Solutions)
d:\data\rainmaker\Application Data\ValueApps
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.key-find....Y0J293RLJ293RLX
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.key-find....Y0J293RLJ293RLX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.key-find....Y0J293RLJ293RLX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.key-find....q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.key-find....q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.key-find....Y0J293RLJ293RLX
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
http://www.key-find....Y0J293RLJ293RLX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
http://www.key-find....q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
http://www.key-find....q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
http://www.key-find....q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
http://www.key-find....q={searchTerms}
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL =
http://search.condui...rchTerms}&SSPV=
BHO: iminent Helper Object - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files\IminentToolbar\1.8.28.3\bh\iminent.dll (Iminent)
C:\Program Files\IminentToolbar
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
C:\Program Files\SupTab
BHO: Media View - {6a62326e-a555-4ce2-a187-f034ea6a08d8} - C:\Program Files\MediaViewV1\MediaViewV1alpha893\ie\MediaViewV1alpha893.dll ()
C:\Program Files\MediaViewV1
BHO: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll (Conduit Ltd.)
C:\Program Files\Conduit
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Minibar.InternetExplorer.BHOx86.dll (SIEN)
C:\Program Files\Iminent
BHO: TidyNetwork - {C0CB31EC-3EFF-359B-C453-F3E943B02C20} - C:\Program Files\TidyNetwork\petn.dll ()
C:\Program Files\TidyNetwork
BHO: GrabRez - {e1420d09-acc8-4efd-9965-e7ae3c5b977c} - C:\Program Files\GrabRez\GrabRezbho.dll (GrabRez)
C:\Program Files\GrabRez
BHO: Media Watch - {f90da889-3d73-46dd-b885-28d014abf887} - C:\Program Files\MediaWatchV1\MediaWatchV1home478\ie\MediaWatchV1home478.dll ()
C:\Program Files\MediaWatchV1
Toolbar: HKLM - Iminent Toolbar - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files\IminentToolbar\1.8.28.3\iminentTlbr.dll (Iminent)
Toolbar: HKCU - AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
FF DefaultSearchEngine: key-find
FF SelectedSearchEngine: key-find
FF Homepage: hxxp://www.key-find.com/?type=hp&ts=1395518393&from=amt&uid=HTS721010G9SA00_MPDZN7Y0J293RLJ293RLX
FF SearchPlugin: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\conduit-search.xml
FF SearchPlugin: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\iminent.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\key-find.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\StartWeb.xml
FF Extension: Iminent Toolbar - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\
[email protected] [2014-03-22]
FF Extension: TidyNetwork - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\TidyNetwork@TidyNetwork [2014-03-22]
FF Extension: Value Apps - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} [2014-03-22]
FF Extension: Price Check by AOL - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\{1DEC6447-C74F-4886-9002-202C27C703F1}.xpi [2012-09-17]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\MediaViewV1\MediaViewV1alpha893\ff
FF Extension: Media View - C:\Program Files\MediaViewV1\MediaViewV1alpha893\ff [2014-02-28]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\MediaViewV1\MediaViewV1alpha1095\ff
FF Extension: Media View - C:\Program Files\MediaViewV1\MediaViewV1alpha1095\ff [2014-03-15]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\MediaWatchV1\MediaWatchV1home478\ff
FF Extension: Media Watch - C:\Program Files\MediaWatchV1\MediaWatchV1home478\ff [2014-03-22]
FF HKCU\...\Firefox\Extensions: [{77601b4f-338e-4abf-b114-dd2c0929031b}] - C:\Program Files\Re-markit-soft\157.xpi
FF Extension: Re-markit - C:\Program Files\Re-markit-soft\157.xpi [2014-03-22]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe
http://www.key-find....Y0J293RLJ293RLX
D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjkggmndenlgcghfeaiflpbmbomhmaem
D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel
D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jdnbooglimgbkldcjceioecgifemmgno
D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lbeblclcidlaiilbpcfodbfjkahgamli
D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon
D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojjacahpggheelkpkjdkiiadpbfippic
CHR HKLM\...\Chrome\Extension: [bjkggmndenlgcghfeaiflpbmbomhmaem] - C:\Program Files\MediaViewV1\MediaViewV1alpha1095\ch\MediaViewV1alpha1095.crx [2014-02-26]
CHR HKLM\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - "C:\Program Files\Iminent\Iminent.crx" [2014-02-26]
CHR HKLM\...\Chrome\Extension: [lbeblclcidlaiilbpcfodbfjkahgamli] - C:\Program Files\MediaViewV1\MediaViewV1alpha893\ch\MediaViewV1alpha893.crx [2014-02-26]
CHR HKLM\...\Chrome\Extension: [ojjacahpggheelkpkjdkiiadpbfippic] - C:\Program Files\MediaWatchV1\MediaWatchV1home478\ch\MediaWatchV1home478.crx [2014-03-20]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-03-22]
R2 IePluginService; d:\data\All Users\Application Data\IePluginService\PluginService.exe [515584 2014-03-17] (Cherished Technololgy LIMITED)
d:\data\All Users\Application Data\IePluginService
R2 MgAssistService; C:\Program Files\Mobogenie\MgAssist.exe [70848 2014-03-12] ()
C:\Program Files\Mobogenie
R2 Re-markit; C:\Program Files\Re-markit-soft\Re-markit157.exe [197120 2014-03-22] ()
C:\Program Files\Re-markit-soft
R2 SProtection; C:\Program Files\Common Files\Umbrella\Umbrella260.exe [2930496 2014-03-17] (Iminent)
C:\Program Files\Common Files\Umbrella
R2 Update GrabRez; C:\Program Files\GrabRez\updateGrabRez.exe [348440 2014-03-20] ()
C:\Program Files\GrabRez
R2 Util GrabRez; C:\Program Files\GrabRez\bin\utilGrabRez.exe [348440 2014-03-20] ()
S2 WinkHandler; C:\Program Files\Iminent\WinkHandler.exe [425792 2014-03-17] ()
C:\Program Files\Iminent
R2 Wpm; d:\data\All Users\Application Data\WPM\wprotectmanager.exe [496640 2014-03-22] (Cherished Technololgy LIMITED)
d:\data\All Users\Application Data\WPM
2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\My Documents\PC Speed Maximizer
2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\Application Data\PC Speed Maximizer
2014-03-22 16:00 - 2014-03-22 16:16 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:01 - 00000374 _____ () C:\WINNT\Tasks\Re-markit_wd.job
2014-03-22 16:00 - 2014-03-22 16:01 - 00000000 ____D () C:\Program Files\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:00 - 00000603 _____ () D:\data\rainmaker\Desktop\Mobogenie.lnk
2014-03-22 16:00 - 2014-03-22 16:00 - 00000376 _____ () C:\WINNT\Tasks\Re-markit Update.job
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\Start Menu\Programs\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\My Documents\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () C:\Program Files\Re-markit-soft
2014-03-22 15:59 - 2014-03-23 12:59 - 00000514 _____ () C:\WINNT\Tasks\TidyNetwork Update.job
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\TidyNetwork
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\SupTab
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\key-find
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\All Users\Application Data\WPM
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\All Users\Application Data\IePluginService
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () C:\Program Files\TidyNetwork
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () C:\Program Files\SupTab
2014-03-22 15:57 - 2014-03-22 15:57 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Conduit
2014-03-22 15:57 - 2014-03-22 15:57 - 00000000 ____D () D:\data\rainmaker\Application Data\ValueApps
2014-03-22 15:57 - 2014-03-22 15:57 - 00000000 ____D () C:\Program Files\Conduit
2014-03-22 15:49 - 2014-03-22 15:49 - 00000669 _____ () D:\data\rainmaker\Desktop\PC Speed Maximizer.lnk
2014-03-22 15:49 - 2014-03-22 15:49 - 00000000 ____D () D:\data\All Users\Start Menu\Programs\PC Speed Maximizer
2014-03-22 15:49 - 2014-03-22 15:49 - 00000000 ____D () C:\Program Files\PC Speed Maximizer
2014-03-22 15:48 - 2014-03-22 15:58 - 00000000 ____D () D:\data\rainmaker\Application Data\IminentToolbar
2014-03-22 15:48 - 2014-03-22 15:48 - 00000000 ____D () C:\Program Files\IminentToolbar
2014-03-22 15:48 - 2014-03-22 15:48 - 00000000 ____D () C:\Program Files\Iminent
2014-03-22 15:48 - 2014-03-22 15:48 - 00000000 ____D () C:\Program Files\Common Files\Umbrella
2014-02-28 13:21 - 2014-03-15 17:21 - 00000000 ____D () C:\Program Files\MediaViewV1
2014-03-23 12:59 - 2014-03-22 15:59 - 00000514 _____ () C:\WINNT\Tasks\TidyNetwork Update.job
2014-03-22 17:21 - 2014-03-22 17:21 - 00000000 ____D () C:\Program Files\MediaWatchV1
2014-03-22 16:16 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Mobogenie
2014-03-06 06:15 - 2014-02-12 23:44 - 00000000 ____D () C:\Program Files\SearchProtect
D:\data\Admin\PKI_INST.BAT
D:\data\administrator.3YFK943Z\PKI_INST.BAT
D:\data\NetworkService\PKI_INST.BAT
D:\data\rainmaker\PKI_INST.BAT
D:\data\stozin\PKI_INST.BAT
D:\data\tpritcha\PKI_INST.BAT
d:\data\rainmaker\Local Settings\temp\setup__5043.exe
d:\data\rainmaker\Local Settings\temp\setup__5043.exe
Task: C:\WINNT\Tasks\AmiUpdXp.job => d:\data\rainmaker\Application Data\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\WINNT\Tasks\Re-markit Update.job => C:\Program Files\Re-markit-soft\ReMar.exe <==== ATTENTION
Task: C:\WINNT\Tasks\Re-markit_wd.job => C:\Program Files\Re-markit-soft\Re-markit_wd.exe <==== ATTENTION
Task: C:\WINNT\Tasks\TidyNetwork Update.job => d:\data\rainmaker\Local Settings\Application Data\TidyNetwork\petnupdate.exe
End
*****************
C:\Program Files\1clickmoviedownloader.com\MovieDownloader.exe => No running process found
"C:\Program Files\1clickmoviedownloader.com" directory move:
Could not move "C:\Program Files\1clickmoviedownloader.com" directory. => Scheduled to move on reboot.
C:\Program Files\GrabRez\updateGrabRez.exe => No running process found
C:\Program Files\GrabRez\bin\utilGrabRez.exe => No running process found
"C:\Program Files\GrabRez" => File/Directory not found.
C:\Program Files\Common Files\Umbrella\Umbrella260.exe => No running process found
C:\Program Files\Common Files\Umbrella => No running process found
C:\Program Files\PC Speed Maximizer\SPMSmartScan.exe => No running process found
C:\Program Files\PC Speed Maximizer => No running process found
d:\data\All Users\Application Data\WPM\wprotectmanager.exe => No running process found
[225064] d:\data\All Users\Application Data\IePluginService\PluginService.exe => Process closed successfully.
D:\data\All Users\Application Data\WPM => Moved successfully.
D:\data\All Users\Application Data\IePluginService => Moved successfully.
C:\Program Files\Mobogenie\MgAssist.exe => No running process found
C:\Program Files\Mobogenie\DaemonProcess.exe => No running process found
"C:\Program Files\Mobogenie" => File/Directory not found.
C:\Program Files\Re-markit-soft\Re-markit_wd.exe => No running process found
"C:\Program Files\Re-markit-soft" => File/Directory not found.
C:\Program Files\Re-markit-soft\Re-markit157.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\hugefiles2 => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon => Value deleted successfully.
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\Software\Microsoft\Windows\CurrentVersion\Run\\PC Speed Maximizer => Value not found.
"D:\data\rainmaker\Application Data\ValueApps" directory move:
Could not move "D:\data\rainmaker\Application Data\ValueApps\CH\TBVerifier.dll" => Scheduled to move on reboot.
Could not move "D:\data\rainmaker\Application Data\ValueApps" directory. => Scheduled to move on reboot.
C:\WINNT\system32\GroupPolicy\Machine => Moved successfully.
C:\WINNT\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} => Value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{460C3D19-B3D4-4964-A550-77D263B0CCCB} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112BA211-334C-4A90-90EC-2AD1CDAB287C} => Key not found.
HKCR\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C} => Key not found.
C:\Program Files\IminentToolbar => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key deleted successfully.
HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key deleted successfully.
C:\Program Files\SupTab => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a62326e-a555-4ce2-a187-f034ea6a08d8} => Key not found.
HKCR\CLSID\{6a62326e-a555-4ce2-a187-f034ea6a08d8} => Key not found.
C:\Program Files\MediaViewV1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346} => Key not found.
HKCR\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346} => Key not found.
C:\Program Files\Conduit => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} => Key not found.
HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} => Key not found.
C:\Program Files\Iminent => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0CB31EC-3EFF-359B-C453-F3E943B02C20} => Key not found.
HKCR\CLSID\{C0CB31EC-3EFF-359B-C453-F3E943B02C20} => Key not found.
"C:\Program Files\TidyNetwork" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e1420d09-acc8-4efd-9965-e7ae3c5b977c} => Key not found.
HKCR\CLSID\{e1420d09-acc8-4efd-9965-e7ae3c5b977c} => Key not found.
"C:\Program Files\GrabRez" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f90da889-3d73-46dd-b885-28d014abf887} => Key not found.
HKCR\CLSID\{f90da889-3d73-46dd-b885-28d014abf887} => Key not found.
C:\Program Files\MediaWatchV1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{1FAFD711-ABF9-4F6A-8130-5166C7371427} => Value not found.
HKCR\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => Value deleted successfully.
HKCR\CLSID\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\conduit-search.xml => Moved successfully.
d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\iminent.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\key-find.xml => Moved successfully.
"C:\Program Files\mozilla firefox\browser\searchplugins\StartWeb.xml" => not found.
d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\
[email protected] => not found.
d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\TidyNetwork@TidyNetwork => not found.
d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} => Moved successfully.
d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\{1DEC6447-C74F-4886-9002-202C27C703F1}.xpi => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\
[email protected] => Value not found.
C:\Program Files\MediaViewV1\MediaViewV1alpha893\ff => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\
[email protected] => Value not found.
C:\Program Files\MediaViewV1\MediaViewV1alpha1095\ff => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\
[email protected] => Value not found.
C:\Program Files\MediaWatchV1\MediaWatchV1home478\ff => not found.
HKCU\Software\Mozilla\Firefox\Extensions\\{77601b4f-338e-4abf-b114-dd2c0929031b} => Value not found.
C:\Program Files\Re-markit-soft\157.xpi => not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.
"D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjkggmndenlgcghfeaiflpbmbomhmaem" => File/Directory not found.
"D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel" => File/Directory not found.
"D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jdnbooglimgbkldcjceioecgifemmgno" => File/Directory not found.
"D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lbeblclcidlaiilbpcfodbfjkahgamli" => File/Directory not found.
"D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon" => File/Directory not found.
"D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojjacahpggheelkpkjdkiiadpbfippic" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\bjkggmndenlgcghfeaiflpbmbomhmaem => Key not found.
"C:\Program Files\MediaViewV1\MediaViewV1alpha1095\ch\MediaViewV1alpha1095.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl => Key not found.
""C:\Program Files\Iminent\Iminent.crx"" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\lbeblclcidlaiilbpcfodbfjkahgamli => Key not found.
"C:\Program Files\MediaViewV1\MediaViewV1alpha893\ch\MediaViewV1alpha893.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\ojjacahpggheelkpkjdkiiadpbfippic => Key not found.
"C:\Program Files\MediaWatchV1\MediaWatchV1home478\ch\MediaWatchV1home478.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma => Key deleted successfully.
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crx => Moved successfully.
IePluginService => Service deleted successfully.
"d:\data\All Users\Application Data\IePluginService" => File/Directory not found.
MgAssistService => Service not found.
"C:\Program Files\Mobogenie" => File/Directory not found.
Re-markit => Service not found.
"C:\Program Files\Re-markit-soft" => File/Directory not found.
SProtection => Service not found.
"C:\Program Files\Common Files\Umbrella" => File/Directory not found.
Update GrabRez => Service not found.
"C:\Program Files\GrabRez" => File/Directory not found.
Util GrabRez => Service not found.
WinkHandler => Service not found.
"C:\Program Files\Iminent" => File/Directory not found.
Wpm => Service not found.
"d:\data\All Users\Application Data\WPM" => File/Directory not found.
"2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\My Documents\PC Speed Maximizer" => File/Directory not found.
"2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\Application Data\PC Speed Maximizer" => File/Directory not found.
"2014-03-22 16:00 - 2014-03-22 16:16 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Mobogenie" => File/Directory not found.
"C:\WINNT\Tasks\Re-markit_wd.job" => File/Directory not found.
"C:\Program Files\Mobogenie" => File/Directory not found.
"2014-03-22 16:00 - 2014-03-22 16:00 - 00000603 _____ () D:\data\rainmaker\Desktop\Mobogenie.lnk" => File/Directory not found.
"C:\WINNT\Tasks\Re-markit Update.job" => File/Directory not found.
"2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\Start Menu\Programs\Mobogenie" => File/Directory not found.
"2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\My Documents\Mobogenie" => File/Directory not found.
"C:\Program Files\Re-markit-soft" => File/Directory not found.
"C:\WINNT\Tasks\TidyNetwork Update.job" => File/Directory not found.
"2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\TidyNetwork" => File/Directory not found.
"2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\SupTab" => File/Directory not found.
"2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\key-find" => File/Directory not found.
"2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\All Users\Application Data\WPM" => File/Directory not found.
"2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\All Users\Application Data\IePluginService" => File/Directory not found.
"C:\Program Files\TidyNetwork" => File/Directory not found.
"C:\Program Files\SupTab" => File/Directory not found.
"2014-03-22 15:57 - 2014-03-22 15:57 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Conduit" => File/Directory not found.
"2014-03-22 15:57 - 2014-03-22 15:57 - 00000000 ____D () D:\data\rainmaker\Application Data\ValueApps" => File/Directory not found.
"C:\Program Files\Conduit" => File/Directory not found.
"2014-03-22 15:49 - 2014-03-22 15:49 - 00000669 _____ () D:\data\rainmaker\Desktop\PC Speed Maximizer.lnk" => File/Directory not found.
"2014-03-22 15:49 - 2014-03-22 15:49 - 00000000 ____D () D:\data\All Users\Start Menu\Programs\PC Speed Maximizer" => File/Directory not found.
"C:\Program Files\PC Speed Maximizer" => File/Directory not found.
"2014-03-22 15:48 - 2014-03-22 15:58 - 00000000 ____D () D:\data\rainmaker\Application Data\IminentToolbar" => File/Directory not found.
"C:\Program Files\IminentToolbar" => File/Directory not found.
"C:\Program Files\Iminent" => File/Directory not found.
"C:\Program Files\Common Files\Umbrella" => File/Directory not found.
"C:\Program Files\MediaViewV1" => File/Directory not found.
"C:\WINNT\Tasks\TidyNetwork Update.job" => File/Directory not found.
"C:\Program Files\MediaWatchV1" => File/Directory not found.
"2014-03-22 16:16 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Mobogenie" => File/Directory not found.
"C:\Program Files\SearchProtect" => File/Directory not found.
D:\data\Admin\PKI_INST.BAT => Moved successfully.
D:\data\administrator.3YFK943Z\PKI_INST.BAT => Moved successfully.
D:\data\NetworkService\PKI_INST.BAT => Moved successfully.
D:\data\rainmaker\PKI_INST.BAT => Moved successfully.
D:\data\stozin\PKI_INST.BAT => Moved successfully.
D:\data\tpritcha\PKI_INST.BAT => Moved successfully.
d:\data\rainmaker\Local Settings\temp\setup__5043.exe => Moved successfully.
"d:\data\rainmaker\Local Settings\temp\setup__5043.exe" => File/Directory not found.
C:\WINNT\Tasks\AmiUpdXp.job not found.
C:\WINNT\Tasks\Re-markit Update.job not found.
C:\WINNT\Tasks\Re-markit_wd.job not found.
C:\WINNT\Tasks\TidyNetwork Update.job not found.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-23 22:14:50)<=
C:\Program Files\1clickmoviedownloader.com => Is moved successfully.
D:\data\rainmaker\Application Data\ValueApps\CH\TBVerifier.dll => Moved successfully.
D:\data\rainmaker\Application Data\ValueApps => Moved successfully.
==== End of Fixlog ====
# AdwCleaner v3.022 - Report created 23/03/2014 at 22:17:10
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : rainmaker - 3YFK943Z
# Running from : D:\data\rainmaker\Desktop\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\user.js
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Found : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Found : d:\END
Folder Found : d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\
[email protected]
Folder Found d:\data\NetworkService\Local Settings\Application Data\SearchProtect
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\RAINMA~1\LOCALS~1\Temp\Iminent
Folder Found d:\data\rainmaker\Application Data\IminentToolbar
Folder Found d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\ValueApps
Folder Found d:\data\rainmaker\Application Data\SupTab
Folder Found d:\data\rainmaker\Application Data\SwvUpdater
Folder Found d:\data\rainmaker\Local Settings\Application Data\Conduit
Folder Found d:\data\rainmaker\Local Settings\Application Data\cool_mirage
Folder Found d:\data\rainmaker\Local Settings\Application Data\Mobogenie
Folder Found d:\data\rainmaker\Local Settings\Application Data\SearchProtect
Folder Found d:\data\rainmaker\Local Settings\Application Data\webplayer
Folder Found d:\data\rainmaker\My Documents\Mobogenie
Folder Found d:\data\rainmaker\My Documents\PC Speed Maximizer
***** [ Shortcuts ] *****
Shortcut Found : d:\data\rainmaker\Start Menu\Programs\FLV Player\Uninstall.lnk ( _?=d:\data\rainmaker\Local Settings\Application Data\WebPlayer\FLV Player )
***** [ Registry ] *****
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Found : HKCU\Software\Webplayer
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\Iminent
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Found : HKLM\Software\supTab
Key Found : HKLM\Software\supWPM
Key Found : HKLM\Software\Wpm
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [
[email protected]]
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\prefs.js ]
Line Found : user_pref("extensions.iminent.admin", false);
Line Found : user_pref("extensions.iminent.aflt", "orgnl");
Line Found : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Line Found : user_pref("extensions.iminent.autoRvrt", "false");
Line Found : user_pref("extensions.iminent.cntry", "US");
Line Found : user_pref("extensions.iminent.dfltLng", "");
Line Found : user_pref("extensions.iminent.excTlbr", false);
Line Found : user_pref("extensions.iminent.ffxUnstlRst", false);
Line Found : user_pref("extensions.iminent.hdrMd5", "16C755C0A66C3CFB3CD290DD65FC8853");
Line Found : user_pref("extensions.iminent.id", "00da752d000000000000444553544200");
Line Found : user_pref("extensions.iminent.instlDay", "16151");
Line Found : user_pref("extensions.iminent.instlRef", "");
Line Found : user_pref("extensions.iminent.lastVrsnTs", "1.8.28.315:48:44");
Line Found : user_pref("extensions.iminent.newTab", false);
Line Found : user_pref("extensions.iminent.prdct", "iminent");
Line Found : user_pref("extensions.iminent.prtnrId", "iminent");
Line Found : user_pref("extensions.iminent.rvrt", "false");
Line Found : user_pref("extensions.iminent.sg", "none");
Line Found : user_pref("extensions.iminent.smplGrp", "none");
Line Found : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Line Found : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Line Found : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Line Found : user_pref("extensions.iminent.vrsnTs", "1.8.28.315:48:44");
Line Found : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Line Found : user_pref("iminent.LayoutId", "1");
Line Found : user_pref("iminent.adapters", "{\"iminent\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"AdapterKey\":\"iminent\",\"v\":true,\"p\":0,\"t\":1,\"th\":0.275,\"expireTime\":\"139551773824286400\"[...]
Line Found : user_pref("iminent.enabledAds", "false");
Line Found : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//i.iminentjs.info/imitin/javascript.js\",\"queryS[...]
Line Found : user_pref("iminent.newtabredirect", "true");
Line Found : user_pref("iminent.nomsi", "true");
Line Found : user_pref("iminent.registerToolbarEvent101", "1395517955112");
Line Found : user_pref("iminent.searchindex", "1");
Line Found : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
Line Found : user_pref("iminent.version", "8.10.2.1");
Line Found : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.10.2.1\",\"InstallEventCTime\":1395600279734}");
Line Found : user_pref("valueApps.ct3316263./9B+7E.:2z527.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E/x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E06CG5EL8:", "6E6D686D6E6B70737470");
Line Found : user_pref("valueApps.ct3316263./9B+7E06CG5EL8:.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E73747176797A76242F4B49474F42357D5D5C3D");
Line Found : user_pref("valueApps.ct3316263./9B+7E06CG5EL;8I:K.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B+7E0x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E1x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E2x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E31;CJ7FK;KG#8QKEF)TIL.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E3x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E6x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E7x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E9x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E:x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E;x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E<x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E>x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7E?x305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7EAx305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Found : user_pref("valueApps.ct3316263./9B+7EBE3G=;D9N9=D.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B+7EBx305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7ECx305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B+7EDx305.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263./9B-0?3G>D", "6B6B3D6942426E6F7A44797974207B78497A257B52217D2A53552523272D5B2A2E31315C");
Line Found : user_pref("valueApps.ct3316263./9B-0?3G>D.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B-0?3G@6:5;", "");
Line Found : user_pref("valueApps.ct3316263./9B-0?3G@6:5;.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B-0?3GFA7EF", "2B2E2C3D");
Line Found : user_pref("valueApps.ct3316263./9B-0?3GFA7EF.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");
Line Found : user_pref("valueApps.ct3316263./9B-3=3ECCJA=F>.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
Line Found : user_pref("valueApps.ct3316263./9B/>01=9A6K6<IM;
[email protected]", false);
Line Found : user_pref("valueApps.ct3316263./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Found : user_pref("valueApps.ct3316263./9B3=>@44I48?.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B5BA==9CJAG", "6A3C696A6C433F447A7572797647794D794F4E2221");
Line Found : user_pref("valueApps.ct3316263./9B5BA==9CJAG.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B6B11G4C56B>F;P;ANR@P", "6E6D686D6E6B6F73736F747374");
Line Found : user_pref("valueApps.ct3316263./9B6B11G4C56B>F;P;
[email protected]", false);
Line Found : user_pref("valueApps.ct3316263./
[email protected];7B=?OFB>>RHIQS", "393F352F3E");
Line Found : user_pref("valueApps.ct3316263./
[email protected];7B=?OFB>>RHIQS.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B9643G3/9E", "6A");
Line Found : user_pref("valueApps.ct3316263./9B9643G3/9E.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B;45>:BI9I7IE", "2B2E2C3D");
Line Found : user_pref("valueApps.ct3316263./9B;45>:BI9I7IE.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B<:222H64<", "393F352F3E");
Line Found : user_pref("valueApps.ct3316263./9B<:222H64<.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B<:222H64<L8DAJ", "6D70706E7674727975762A797272797A75207E");
Line Found : user_pref("valueApps.ct3316263./9B<:222H64<L8DAJ.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B=+03EH8H8J?:", "4443");
Line Found : user_pref("valueApps.ct3316263./9B=+03EH8H8J?:.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Found : user_pref("valueApps.ct3316263./9B?+E2A52D8.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9B?B0D:8AJ62<H", "6D");
Line Found : user_pref("valueApps.ct3316263./9B?B0D:8AJ62<H.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263./9BA@0<0BI6A7GN:6@L?", "6C");
Line Found : user_pref("valueApps.ct3316263./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.PG_ENABLE", "74727565");
Line Found : user_pref("valueApps.ct3316263.PG_ENABLE.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.SF_JUST_INSTALLED", "46414C5345");
Line Found : user_pref("valueApps.ct3316263.SF_JUST_INSTALLED.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.SF_USER_ID", "6369645F32323332303134313631313435333936393333");
Line Found : user_pref("valueApps.ct3316263.SF_USER_ID.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263._key_cl_active", "39656563346130622D303533362D343034302D393037642D656637376465656366346333");
Line Found : user_pref("valueApps.ct3316263._key_cl_active.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.cb_experience_000", "39");
Line Found : user_pref("valueApps.ct3316263.cb_experience_000.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.cb_firstuse0100", "31");
Line Found : user_pref("valueApps.ct3316263.cb_firstuse0100.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.cb_user_id_000", "43423232393239373034353734315F313339353539373132343739385F46697265666F78");
Line Found : user_pref("valueApps.ct3316263.cb_user_id_000.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.cbfirsttime", "536174204D617220323220323031342031363A30313A313320474D542D3034303020284561737465726E205374616E646172642054696D6529");
Line Found : user_pref("valueApps.ct3316263.cbfirsttime.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.impression_session_counter", "33");
Line Found : user_pref("valueApps.ct3316263.impression_session_counter.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.impression_session_id", "2233303432383239622D663734352D343739662D626561322D36356563323161643430653422");
Line Found : user_pref("valueApps.ct3316263.impression_session_id.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.impression_session_last_active", "31333935363234343535333637");
Line Found : user_pref("valueApps.ct3316263.impression_session_last_active.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_appStateReportTime", "31333935363234343531343130");
Line Found : user_pref("valueApps.ct3316263.mam_gk_appStateReportTime.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_appState_Clarity_Active", "6F6E");
Line Found : user_pref("valueApps.ct3316263.mam_gk_appState_Clarity_Active.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_appsConfig.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Found : user_pref("valueApps.ct3316263.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_calledSetupService", "31");
Line Found : user_pref("valueApps.ct3316263.mam_gk_calledSetupService.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_currentVersion", "312E31332E302E3137");
Line Found : user_pref("valueApps.ct3316263.mam_gk_currentVersion.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_first_time", "31");
Line Found : user_pref("valueApps.ct3316263.mam_gk_first_time.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_lastInstallationSessionGuid", "7B32613736666234642D353936622D346632392D623863352D6664633837303739323237617D");
Line Found : user_pref("valueApps.ct3316263.mam_gk_lastInstallationSessionGuid.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_lastLoginTime", "31333935363234343531373731");
Line Found : user_pref("valueApps.ct3316263.mam_gk_lastLoginTime.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_localization.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263.mam_gk_mamEnabled", "74727565");
Line Found : user_pref("valueApps.ct3316263.mam_gk_mamEnabled.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_settings1.13.0.17.storedInFile", true);
Line Found : user_pref("valueApps.ct3316263.mam_gk_showWelcomeGadget", "66616C7365");
Line Found : user_pref("valueApps.ct3316263.mam_gk_showWelcomeGadget.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_stamp", "313034335F30");
Line Found : user_pref("valueApps.ct3316263.mam_gk_stamp.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_userBornDate", "3230313430333232");
Line Found : user_pref("valueApps.ct3316263.mam_gk_userBornDate.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_userId", "62653439653366302D333736362D343264632D396336642D346431353664323761663230");
Line Found : user_pref("valueApps.ct3316263.mam_gk_userId.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.mam_gk_user_approval_interacted", "");
Line Found : user_pref("valueApps.ct3316263.mam_gk_user_approval_interacted.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.rematchGround-country-code", "22555322");
Line Found : user_pref("valueApps.ct3316263.rematchGround-country-code.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.rematchGround.upstairs", "7B22687474703A2F2F66617374636F6E74656E742E636F6E647569742E636F6D2F646F776E6C6F61645F6F66666572732E68746D6C3F637469643D6374333331363236337E62313[...]
Line Found : user_pref("valueApps.ct3316263.rematchGround.upstairs.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.rematchagent-is-test-user", "66616C7365");
Line Found : user_pref("valueApps.ct3316263.rematchagent-is-test-user.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.rematchagent-matkot-user-id", "22313339353531373437333437343536323334353622");
Line Found : user_pref("valueApps.ct3316263.rematchagent-matkot-user-id.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.rematchagent-periodic-reports", "7B2270696E675F30223A5B313339353632343435343135362C31343430303030305D7D");
Line Found : user_pref("valueApps.ct3316263.rematchagent-periodic-reports.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.rematchagent-user-id", "2266643061656139362D643065382D343238662D386366342D36336433656164653566643722");
Line Found : user_pref("valueApps.ct3316263.rematchagent-user-id.storedInFile", false);
Line Found : user_pref("valueApps.ct3316263.url_history0001.storedInFile", true);
[ File : d:\data\Admin\Application Data\Mozilla\Firefox\Profiles\ilojflhm.default\prefs.js ]
-\\ Google Chrome v
[ File : d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [12898 octets] - [14/01/2014 13:44:38]
AdwCleaner[R1].txt - [21976 octets] - [23/03/2014 22:17:10]
AdwCleaner[S0].txt - [13294 octets] - [14/01/2014 13:46:37]
########## EOF - d:\AdwCleaner\AdwCleaner[R1].txt - [22098 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by rainmaker on 2014/03/23 at 22:20:26.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "d:\data\rainmaker\Application Data\swvupdater"
Successfully deleted: [Folder] "d:\data\rainmaker\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "d:\data\rainmaker\Local Settings\Application Data\cool_mirage"
Successfully deleted: [Folder] "d:\data\rainmaker\Local Settings\Application Data\mobogenie"
Successfully deleted: [Folder] "d:\data\rainmaker\Local Settings\Application Data\searchprotect"
Failed to delete: [Folder] "d:\data\rainmaker\Local Settings\Application Data\webplayer"
~~~ FireFox
Successfully deleted: [File] d:\data\rainmaker\Application Data\mozilla\firefox\profiles\0gqxbqod.default\user.js
Successfully deleted the following from d:\data\rainmaker\Application Data\mozilla\firefox\profiles\0gqxbqod.default\prefs.js
user_pref("iminent.adapters", "{\"iminent\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"AdapterKey\":\"iminent\",\"v\":true,\"p\":0,\"t\":1,\"th\":0.275,\"expireTime
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014/03/23 at 22:28:37.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by rainmaker (administrator) on 3YFK943Z on 23-03-2014 22:29:24
Running from D:\data\rainmaker\Desktop
Microsoft Windows XP Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version:
http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\WINNT\System32\smss.exe
(Microsoft Corporation) C:\WINNT\system32\csrss.exe
(Microsoft Corporation) C:\WINNT\system32\winlogon.exe
(Microsoft Corporation) C:\WINNT\system32\services.exe
(Microsoft Corporation) C:\WINNT\system32\lsass.exe
() C:\WINNT\system32\ibmpmsvc.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\System32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\spoolsv.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(DameWare Development LLC) C:\WINNT\system32\DWRCS.EXE
() C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
(DameWare Development) C:\WINNT\system32\DWRCST.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Lenovo.) C:\WINNT\System32\TPHDEXLG.EXE
(Alexandria Software Consulting) c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(IBM Corp.) C:\IBMTOOLS\UTILS\ibmprc.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
(Intel Corporation) C:\WINNT\system32\igfxtray.exe
(Intel Corporation) C:\WINNT\system32\hkcmd.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\McTray.exe
(Intel Corporation) C:\WINNT\system32\igfxpers.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\WINNT\system32\rundll32.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\WINNT\System32\alg.exe
(Lenovo, Ltd. and IBM Corporation.) C:\WINNT\system32\TpShocks.exe
() C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
() C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BitTorrent Inc.) C:\Program Files\BitTorrent\BitTorrent.exe
(Microsoft Corporation) C:\WINNT\system32\ctfmon.exe
() D:\data\rainmaker\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe
(Nortel Networks) C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\WINNT\system32\wuauclt.exe
(Google Inc.) D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINNT\explorer.exe
(Google Inc.) D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IBMPRC] - C:\IBMTOOLS\UTILS\ibmprc.exe [90112 2005-04-27] (IBM Corp.)
HKLM\...\Run: [McAfeeUpdaterUI] - C:\Program Files\Network Associates\Common Framework\UdaterUI.exe [136512 2007-12-14] (McAfee, Inc.)
HKLM\...\Run: [igfxtray] - C:\WINNT\system32\igfxtray.exe [94208 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] - C:\WINNT\system32\hkcmd.exe [77824 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] - C:\WINNT\system32\igfxpers.exe [118784 2006-09-15] (Intel Corporation)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-12-15] (Analog Devices, Inc.)
HKLM\...\Run: [PWRMGRTR] - C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL [151552 2005-12-07] (Lenovo Group Limited)
HKLM\...\Run: [BLOG] - C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL [208896 2005-12-07] ()
HKLM\...\Run: [SynTPLpr] - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [110592 2005-09-15] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [512000 2005-09-15] (Synaptics, Inc.)
HKLM\...\Run: [TpShocks] - C:\WINNT\system32\TpShocks.exe [106496 2005-11-07] (Lenovo, Ltd. and IBM Corporation.)
HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [94208 2006-02-01] ()
HKLM\...\Run: [SmcService] - C:\Program Files\Sygate\SSA\Smc.exe [2635480 2006-07-25] (Sygate Technologies, Inc.)
HKLM\...\Run: [ShStatEXE] - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [111952 2007-10-16] (McAfee, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [413696 2009-05-26] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [292136 2009-06-05] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\WINNT\system32\userinit.exe,
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [UIHost] logonui.exe [x ] ()
Winlogon\Notify\crypt32chain: C:\WINNT\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINNT\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINNT\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINNT\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINNT\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINNT\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\tpfnf2: C:\WINNT\system32\notifyf2.dll ()
Winlogon\Notify\tphotkey: C:\WINNT\system32\tphklock.dll ()
Winlogon\Notify\wlballoon: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434528 2006-10-26] (Microsoft Corporation)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [BitTorrent] - C:\Program Files\BitTorrent\BitTorrent.exe [882520 2013-05-16] (BitTorrent Inc.)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6591800 2012-02-22] (Yahoo! Inc.)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [ctfmon.exe] - C:\WINNT\system32\ctfmon.exe [15360 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [Google Update] - d:\data\rainmaker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-07-03] (Google Inc.)
HKU\S-1-5-21-3510421623-2965073675-2411060337-1012\...\Run: [FLV Player] - D:\data\rainmaker\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe [202752 2012-10-26] ()
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\PROGRA~1\SupTab\SEARCH~1.DLL File Not Found
Startup: D:\data\All Users\Start Menu\Programs\Startup\TunnelGuard Tray Monitor.lnk
ShortcutTarget: TunnelGuard Tray Monitor.lnk -> C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE (Nortel Networks)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...t/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macr...ash/swflash.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\system32\shell32.dll [8460288 2007-10-25] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - d:\data\rainmaker\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\aol-search.xml
FF Extension: Quick Start - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\
[email protected] [2014-03-22]
FF Extension: Firebug - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\Extensions\
[email protected] [2012-12-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [
[email protected]] - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\
[email protected]
FF Extension: Quick Start - d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\
[email protected] [2014-03-22]
Chrome:
=======
CHR HomePage: hxxp://www.key-find.com/?type=hp&ts=1395624075&from=amt&uid=HTS721010G9SA00_MPDZN7Y0J293RLJ293RLX
CHR RestoreOnStartup: "sync": {
"suppress_start"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (MicrosoftĂ® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (MicrosoftĂ® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Google Update) - d:\data\rainmaker\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - d:\data\rainmaker\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Extension: (Google Wallet) - D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-14]
CHR StartMenuInternet: Google Chrome - D:\data\rainmaker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
S3 AdobeFlashPlayerUpdateSvc; C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-04-14] (Adobe Systems Incorporated)
S4 Alerter; C:\WINNT\system32\alrsvc.dll [17408 2004-08-04] (Microsoft Corporation)
R3 ALG; C:\WINNT\System32\alg.exe [44544 2004-08-04] (Microsoft Corporation)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.)
S3 AppMgmt; C:\WINNT\System32\appmgmts.dll [167936 2004-08-04] (Microsoft Corporation)
S3 aspnet_state; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
R2 AudioSrv; C:\WINNT\System32\audiosrv.dll [42496 2004-08-04] (Microsoft Corporation)
S3 BITS; C:\WINNT\system32\qmgr.dll [382464 2004-08-04] (Microsoft Corporation)
S2 Browser; C:\WINNT\System32\browser.dll [77312 2004-08-04] (Microsoft Corporation)
S2 CcmExec; C:\WINNT\system32\CCM\CcmExec.exe [578784 2006-02-09] (Microsoft Corporation)
S3 CiSvc; C:\WINNT\system32\cisvc.exe [5632 2004-08-04] (Microsoft Corporation)
S3 ClipSrv; C:\WINNT\system32\clipsrv.exe [33280 2004-08-04] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S3 COMSysApp; C:\WINNT\system32\dllhost.exe [5120 2004-08-04] (Microsoft Corporation)
R2 CryptSvc; C:\WINNT\System32\cryptsvc.dll [60416 2004-08-04] (Microsoft Corporation)
R2 DcomLaunch; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINNT\System32\dhcpcsvc.dll [111616 2006-05-19] (Microsoft Corporation)
S3 dmadmin; C:\WINNT\System32\dmadmin.exe [224768 2004-08-04] (Microsoft Corp., Veritas Software)
S3 dmserver; C:\WINNT\System32\dmserver.dll [23552 2004-08-04] (Microsoft Corp.)
R2 Dnscache; C:\WINNT\System32\dnsrslvr.dll [45568 2008-02-20] (Microsoft Corporation)
R2 DWMRCS; C:\WINNT\system32\DWRCS.EXE [222720 2007-07-25] (DameWare Development LLC)
R2 ERSvc; C:\WINNT\System32\ersvc.dll [23040 2004-08-04] (Microsoft Corporation)
R2 Eventlog; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINNT\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
S3 ExtranetAccess; C:\Program Files\Nexxia\Extranet_serv.exe [835584 2006-05-09] (Nortel Networks NA, Inc.)
S3 FastUserSwitchingCompatibility; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
R2 helpsvc; C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll [38912 2004-08-04] (Microsoft Corporation)
R2 HidServ; C:\WINNT\System32\hidserv.dll [21504 2004-08-04] (Microsoft Corporation)
S3 HTTPFilter; C:\WINNT\System32\w3ssl.dll [15872 2004-08-04] (Microsoft Corporation)
R2 IBM Rapid Restore Ultra Service; C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [385024 2005-10-06] ()
R2 IBMPMSVC; C:\WINNT\system32\ibmpmsvc.exe [73782 2005-11-11] ()
S3 idsvc; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINNT\system32\imapi.exe [150016 2004-08-04] (Microsoft Corporation)
S3 iPassConnectEngine; C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe [1310720 2006-11-30] (iPass, Inc.)
R3 iPassPeriodicUpdateApp; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe [126976 2006-11-29] (iPass, Inc.)
R2 iPassPeriodicUpdateService; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe [86016 2006-11-29] (iPass, Inc.)
S4 Irmon; C:\WINNT\System32\irmon.dll [27136 2004-08-03] (Microsoft Corporation)
R2 lanmanserver; C:\WINNT\System32\srvsvc.dll [96768 2004-12-07] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINNT\System32\wkssvc.dll [134144 2009-06-10] (Microsoft Corporation)
R2 LmHosts; C:\WINNT\System32\lmhsvc.dll [13824 2004-08-04] (Microsoft Corporation)
S3 magaService; c:\Program Files\Sygate\SSA\maga\maga.exe [323658 2006-07-25] (Sygate Technologies, Inc.)
R2 McAfeeFramework; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [103744 2007-12-14] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144704 2007-10-16] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54608 2007-10-16] (McAfee, Inc.)
S4 Messenger; C:\WINNT\System32\msgsvc.dll [33792 2004-08-04] (Microsoft Corporation)
S3 mnmsrvc; C:\WINNT\system32\mnmsrvc.exe [32768 2004-08-04] (Microsoft Corporation)
S3 MSDTC; C:\WINNT\system32\msdtc.exe [6144 2004-08-04] (Microsoft Corporation)
S2 MSIServer; C:\WINNT\System32\msiexec.exe [78848 2005-05-03] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
S4 NetDDE; C:\WINNT\system32\netdde.exe [111104 2004-08-04] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINNT\system32\netdde.exe [111104 2004-08-04] (Microsoft Corporation)
R2 Netlogon; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
R3 Netman; C:\WINNT\System32\netman.dll [197632 2005-08-22] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [132096 2008-07-29] (Microsoft Corporation)
R3 Nla; C:\WINNT\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 NtmsSvc; C:\WINNT\system32\ntmssvc.dll [435200 2004-08-04] (Microsoft Corporation)
R2 PlugPlay; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
S4 PolicyAgent; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 RasAuto; C:\WINNT\System32\rasauto.dll [89088 2004-08-04] (Microsoft Corporation)
R3 RasMan; C:\WINNT\System32\rasmans.dll [181248 2006-06-22] (Microsoft Corporation)
S3 RDSessMgr; C:\WINNT\system32\sessmgr.exe [140800 2004-08-04] (Microsoft Corporation)
S4 RemoteAccess; C:\WINNT\System32\mprdim.dll [49152 2002-08-29] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINNT\system32\regsvc.dll [59904 2004-08-04] (Microsoft Corporation)
S3 RpcLocator; C:\WINNT\system32\locator.exe [75264 2004-08-04] (Microsoft Corporation)
R2 RpcSs; C:\WINNT\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINNT\system32\rsvp.exe [132608 2002-08-29] (Microsoft Corporation)
R2 SamSs; C:\WINNT\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation)
S3 SCardSvr; C:\WINNT\System32\SCardSvr.exe [95744 2004-08-04] (Microsoft Corporation)
R2 Schedule; C:\WINNT\system32\schedsvc.dll [190976 2004-08-04] (Microsoft Corporation)
R2 seclogon; C:\WINNT\System32\seclogon.dll [18944 2004-08-04] (Microsoft Corporation)
R2 SENS; C:\WINNT\system32\sens.dll [38912 2004-08-04] (Microsoft Corporation)
R2 SharedAccess; C:\WINNT\System32\ipnathlp.dll [331264 2004-08-04] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
S4 SmcService; c:\Program Files\Sygate\SSA\smc.exe [2635480 2006-07-25] (Sygate Technologies, Inc.)
R2 Spooler; C:\WINNT\system32\spoolsv.exe [57856 2005-06-10] (Microsoft Corporation)
R2 srservice; C:\WINNT\system32\srsvc.dll [170496 2004-08-04] (Microsoft Corporation)
R3 SSDPSRV; C:\WINNT\System32\ssdpsrv.dll [71680 2004-08-04] (Microsoft Corporation)
R2 stisvc; C:\WINNT\system32\wiaservc.dll [333824 2006-12-19] (Microsoft Corporation)
S3 SwPrv; C:\WINNT\system32\dllhost.exe [5120 2004-08-04] (Microsoft Corporation)
S3 SysmonLog; C:\WINNT\system32\smlogsvc.exe [89600 2004-08-04] (Microsoft Corporation)
R3 TapiSrv; C:\WINNT\System32\tapisrv.dll [249344 2005-07-08] (Microsoft Corporation)
R3 TermService; C:\WINNT\System32\termsrv.dll [295424 2004-08-04] (Microsoft Corporation)
R2 Themes; C:\WINNT\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation)
S3 TlntSvr; C:\WINNT\system32\tlntsvr.exe [73216 2004-08-04] (Microsoft Corporation)
R2 TPHDEXLGSVC; C:\WINNT\System32\TPHDEXLG.EXE [77824 2005-06-20] (Lenovo.)
R2 TrkWks; C:\WINNT\system32\trkwks.dll [90624 2004-08-04] (Microsoft Corporation)
R2 tunnelguardservice; c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe [53248 2005-09-06] (Alexandria Software Consulting)
S3 upnphost; C:\WINNT\System32\upnphost.dll [185344 2007-02-05] (Microsoft Corporation)
S3 UPS; C:\WINNT\System32\ups.exe [18432 2004-08-04] (Microsoft Corporation)
S3 VSS; C:\WINNT\System32\vssvc.exe [289792 2004-08-04] (Microsoft Corporation)
R2 W32Time; C:\WINNT\system32\w32time.dll [174592 2004-08-04] (Microsoft Corporation)
R2 WebClient; C:\WINNT\System32\webclnt.dll [68096 2006-01-03] (Microsoft Corporation)
R2 winmgmt; C:\WINNT\system32\wbem\WMIsvc.dll [144896 2004-08-04] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINNT\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
S3 Wmi; C:\WINNT\System32\advapi32.dll [617984 2009-02-09] (Microsoft Corporation)
S3 WmiApSrv; C:\WINNT\system32\wbem\wmiapsrv.exe [126464 2004-08-04] (Microsoft Corporation)
S2 wscsvc; C:\WINNT\system32\wscsvc.dll [81408 2004-08-04] (Microsoft Corporation)
R2 wuauserv; C:\WINNT\system32\wuauserv.dll [6656 2004-08-04] (Microsoft Corporation)
S3 WudfSvc; C:\WINNT\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
R2 WZCSVC; C:\WINNT\System32\wzcsvc.dll [474624 2005-04-20] (Microsoft Corporation)
S3 xmlprov; C:\WINNT\System32\xmlprov.dll [129536 2004-08-04] (Microsoft Corporation)
S3 PsaSrv; C:\WINNT\system32\PsaSrv.exe [X]
==================== Drivers (Whitelisted) ====================
R0 ACPI; C:\WINNT\System32\DRIVERS\ACPI.sys [187776 2004-08-04] (Microsoft Corporation)
R0 ACPIEC; C:\WINNT\System32\DRIVERS\ACPIEC.sys [11648 2002-08-29] (Microsoft Corporation)
R3 ADIHdAudAddService; C:\WINNT\System32\drivers\ADIHdAud.sys [173056 2005-12-15] (Analog Devices, Inc.)
R3 AEAudioService; C:\WINNT\System32\drivers\AEAudio.sys [152960 2005-12-15] (Andrea Electronics Corporation)
S3 aec; C:\WINNT\System32\drivers\aec.sys [142464 2004-08-03] (Microsoft Corporation)
R1 AFD; C:\WINNT\System32\drivers\afd.sys [138368 2008-08-14] (Microsoft Corporation)
R0 ANCSQ; C:\WINNT\System32\drivers\ANCSQ.sys [6912 2005-04-27] (IBM Corp.)
S3 AsyncMac; C:\WINNT\System32\DRIVERS\asyncmac.sys [14336 2004-08-03] (Microsoft Corporation)
R0 atapi; C:\WINNT\System32\DRIVERS\atapi.sys [95360 2004-08-03] (Microsoft Corporation)
S3 Atmarpc; C:\WINNT\System32\DRIVERS\atmarpc.sys [59904 2004-08-03] (Microsoft Corporation)
R3 atmeltpm; C:\WINNT\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.)
R3 audstub; C:\WINNT\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R1 Beep; C:\WINNT\system32\Drivers\Beep.sys [4224 2002-08-29] (Microsoft Corporation)
S4 cbidf2k; C:\WINNT\system32\Drivers\cbidf2k.sys [13952 2002-08-29] (Microsoft Corporation)
S1 Cdaudio; C:\WINNT\system32\Drivers\Cdaudio.sys [18688 2002-08-29] (Microsoft Corporation)
R4 Cdfs; C:\WINNT\system32\Drivers\Cdfs.sys [63744 2004-08-03] (Microsoft Corporation)
R1 Cdrom; C:\WINNT\System32\DRIVERS\cdrom.sys [49536 2004-08-04] (Microsoft Corporation)
R3 CmBatt; C:\WINNT\System32\DRIVERS\CmBatt.sys [14080 2004-08-03] (Microsoft Corporation)
R0 Compbatt; C:\WINNT\System32\DRIVERS\compbatt.sys [9344 2001-08-17] (Microsoft Corporation)
R0 Disk; C:\WINNT\System32\DRIVERS\disk.sys [36352 2004-08-04] (Microsoft Corporation)
S4 dmboot; C:\WINNT\System32\drivers\dmboot.sys [799744 2004-08-03] (Microsoft Corp., Veritas Software)
S4 dmio; C:\WINNT\System32\drivers\dmio.sys [153344 2004-08-03] (Microsoft Corp., Veritas Software)
S4 dmload; C:\WINNT\System32\drivers\dmload.sys [5888 2002-08-29] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINNT\System32\drivers\DMusic.sys [52864 2004-08-03] (Microsoft Corporation)
S3 drmkaud; C:\WINNT\System32\drivers\drmkaud.sys [2944 2004-08-03] (Microsoft Corporation)
R3 DwMirror; C:\WINNT\System32\DRIVERS\DamewareMini.sys [2944 2007-02-07] (DameWare Development, Inc.)
R1 dwvkbd; C:\WINNT\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
R3 e1express; C:\WINNT\System32\DRIVERS\e1e5132.sys [181760 2006-01-22] (Intel Corporation)
R3 Eacfilt; C:\WINNT\System32\DRIVERS\eacfilt.sys [24521 2006-05-09] (Nortel Networks)
R2 EGATHDRV; C:\WINNT\SYSTEM32\EGATHDRV.SYS [5427 2005-04-27] (IBM Corporation)
S4 Fastfat; C:\WINNT\system32\Drivers\Fastfat.sys [143360 2004-08-03] (Microsoft Corporation)
S1 Fdc; C:\WINNT\system32\Drivers\Fdc.sys [27392 2004-08-04] (Microsoft Corporation)
R1 Fips; C:\WINNT\system32\Drivers\Fips.sys [34944 2002-08-29] (Microsoft Corporation)
S3 FLMCKUSB; C:\WINNT\System32\Drivers\FLMckUSB.sys [69810 2004-12-15] (AuthenTec, Inc.)
S1 Flpydisk; C:\WINNT\system32\Drivers\Flpydisk.sys [20480 2004-08-04] (Microsoft Corporation)
R0 FltMgr; C:\WINNT\System32\DRIVERS\fltMgr.sys [124800 2004-08-03] (Microsoft Corporation)
U1 Fs_Rec; C:\WINNT\system32\Drivers\Fs_Rec.sys [7936 2002-08-29] (Microsoft Corporation)
R0 Ftdisk; C:\WINNT\System32\DRIVERS\ftdisk.sys [125056 2002-08-29] (Microsoft Corporation)
R3 GEARAspiWDM; C:\WINNT\System32\DRIVERS\GEARAspiWDM.sys [23400 2009-03-19] (GEAR Software Inc.)
R3 Gpc; C:\WINNT\System32\DRIVERS\msgpc.sys [35072 2004-08-03] (Microsoft Corporation)
R3 HDAudBus; C:\WINNT\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows ® Server 2003 DDK provider)
S3 HidUsb; C:\WINNT\System32\DRIVERS\hidusb.sys [9600 2001-08-17] (Microsoft Corporation)
R3 HSF_DPV; C:\WINNT\System32\DRIVERS\hsx_dpv.sys [936448 2005-12-06] (Conexant Systems, Inc.)
R3 HSXHWAZL; C:\WINNT\System32\DRIVERS\hsxhwazl.sys [192512 2005-12-06] (Conexant Systems, Inc.)
R3 HTTP; C:\WINNT\System32\Drivers\HTTP.sys [263040 2004-08-04] (Microsoft Corporation)
R1 i8042prt; C:\WINNT\System32\DRIVERS\i8042prt.sys [52736 2004-08-04] (Microsoft Corporation)
R3 ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [1173468 2006-09-15] (Intel Corporation)
R0 iaStor; C:\WINNT\System32\drivers\iaStor.sys [874240 2005-10-12] (Intel Corporation)
R2 ibmfilter; C:\WINNT\system32\drivers\ibmfilter.sys [63616 2005-04-27] (IBM)
R3 IBMPMDRV; C:\WINNT\System32\DRIVERS\ibmpmdrv.sys [10112 2005-11-11] (Lenovo.)
R1 Imapi; C:\WINNT\System32\DRIVERS\imapi.sys [41856 2004-08-04] (Microsoft Corporation)
R0 IntelIde; C:\WINNT\System32\DRIVERS\intelide.sys [5504 2004-08-03] (Microsoft Corporation)
R1 intelppm; C:\WINNT\System32\DRIVERS\intelppm.sys [36096 2004-08-04] (Microsoft Corporation)
S3 Ip6Fw; C:\WINNT\System32\DRIVERS\Ip6Fw.sys [29056 2004-08-03] (Microsoft Corporation)
R2 iPassP; C:\WINNT\System32\DRIVERS\iPassP.sys [21419 2009-04-25] (Meetinghouse Data Communications)
S3 IpFilterDriver; C:\WINNT\System32\DRIVERS\ipfltdrv.sys [32896 2002-08-29] (Microsoft Corporation)
S3 IpInIp; C:\WINNT\System32\DRIVERS\ipinip.sys [20992 2004-08-03] (Microsoft Corporation)
R3 IpNat; C:\WINNT\System32\DRIVERS\ipnat.sys [134912 2004-08-03] (Microsoft Corporation)
R1 IPSec; C:\WINNT\System32\DRIVERS\ipsec.sys [74752 2004-08-03] (Microsoft Corporation)
S3 IPSECEXT; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155216 2006-05-09] (Nortel Networks NA, Inc.)
R3 IPSECSHM; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155216 2006-05-09] (Nortel Networks NA, Inc.)
R2 irda; C:\WINNT\System32\DRIVERS\irda.sys [87424 2004-08-03] (Microsoft Corporation)
R3 IRENUM; C:\WINNT\System32\DRIVERS\irenum.sys [11264 2004-08-03] (Microsoft Corporation)
R0 isapnp; C:\WINNT\System32\DRIVERS\isapnp.sys [35840 2002-08-29] (Microsoft Corporation)
R1 Kbdclass; C:\WINNT\System32\DRIVERS\kbdclass.sys [24576 2004-08-04] (Microsoft Corporation)
S1 kbdhid; C:\WINNT\System32\DRIVERS\kbdhid.sys [14848 2004-08-03] (Microsoft Corporation)
R3 kmixer; C:\WINNT\System32\drivers\kmixer.sys [171776 2004-08-03] (Microsoft Corporation)
R0 KSecDD; C:\WINNT\system32\Drivers\KSecDD.sys [92032 2004-08-03] (Microsoft Corporation)
R2 mdmxsdk; C:\WINNT\System32\DRIVERS\mdmxsdk.sys [12544 2005-10-05] (Conexant)
R3 mfeapfk; C:\WINNT\System32\drivers\mfeapfk.sys [64168 2007-10-16] (McAfee, Inc.)
R3 mfeavfk; C:\WINNT\System32\drivers\mfeavfk.sys [72680 2007-10-16] (McAfee, Inc.)
R3 mfebopk; C:\WINNT\System32\drivers\mfebopk.sys [33960 2007-10-16] (McAfee, Inc.)
R3 mfehidk; C:\WINNT\System32\drivers\mfehidk.sys [171272 2007-10-16] (McAfee, Inc.)
R1 mferkdk; C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [31784 2007-10-16] (McAfee, Inc.)
R1 mfetdik; C:\WINNT\System32\drivers\mfetdik.sys [51944 2007-10-16] (McAfee, Inc.)
R1 mnmdd; C:\WINNT\system32\Drivers\mnmdd.sys [4224 2002-08-29] (Microsoft Corporation)
R3 Modem; C:\WINNT\system32\Drivers\Modem.sys [30080 2004-08-04] (Microsoft Corporation)
R1 Mouclass; C:\WINNT\System32\DRIVERS\mouclass.sys [23040 2004-08-04] (Microsoft Corporation)
S3 mouhid; C:\WINNT\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation)
R0 MountMgr; C:\WINNT\system32\Drivers\MountMgr.sys [42240 2004-08-03] (Microsoft Corporation)
R3 MRxDAV; C:\WINNT\System32\DRIVERS\mrxdav.sys [179584 2007-12-18] (Microsoft Corporation)
R1 MRxSmb; C:\WINNT\System32\DRIVERS\mrxsmb.sys [453632 2008-10-24] (Microsoft Corporation)
R1 Msfs; C:\WINNT\system32\Drivers\Msfs.sys [19072 2004-08-03] (Microsoft Corporation)
S3 MSKSSRV; C:\WINNT\System32\drivers\MSKSSRV.sys [7552 2004-08-03] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINNT\System32\drivers\MSPCLOCK.sys [5376 2004-08-03] (Microsoft Corporation)
S3 MSPQM; C:\WINNT\System32\drivers\MSPQM.sys [4992 2004-08-03] (Microsoft Corporation)
R3 mssmbios; C:\WINNT\System32\DRIVERS\mssmbios.sys [15488 2004-08-04] (Microsoft Corporation)
R0 Mup; C:\WINNT\system32\Drivers\Mup.sys [107904 2004-08-03] (Microsoft Corporation)
R0 NDIS; C:\WINNT\system32\Drivers\NDIS.sys [182912 2004-08-03] (Microsoft Corporation)
R3 NdisTapi; C:\WINNT\System32\DRIVERS\ndistapi.sys [9600 2002-08-29] (Microsoft Corporation)
R3 Ndisuio; C:\WINNT\System32\DRIVERS\ndisuio.sys [14592 2005-04-19] (Microsoft Corporation)
R3 NdisWan; C:\WINNT\System32\DRIVERS\ndiswan.sys [91776 2004-08-03] (Microsoft Corporation)
R3 NDProxy; C:\WINNT\system32\Drivers\NDProxy.sys [38016 2002-08-29] (Microsoft Corporation)
R1 NetBIOS; C:\WINNT\System32\DRIVERS\netbios.sys [34560 2004-08-03] (Microsoft Corporation)
R1 NetBT; C:\WINNT\System32\DRIVERS\netbt.sys [162816 2004-08-03] (Microsoft Corporation)
R3 NETw3x32; C:\WINNT\System32\DRIVERS\NETw3x32.sys [1709696 2006-09-27] (Intel® Corporation)
R1 Npfs; C:\WINNT\system32\Drivers\Npfs.sys [30848 2004-08-03] (Microsoft Corporation)
R3 NSCIRDA; C:\WINNT\System32\DRIVERS\nscirda.sys [28672 2004-08-03] (National Semiconductor Corporation)
R4 Ntfs; C:\WINNT\system32\Drivers\Ntfs.sys [574592 2004-08-03] (Microsoft Corporation)
R1 Null; C:\WINNT\system32\Drivers\Null.sys [2944 2002-08-29] (Microsoft Corporation)
S3 NwlnkFlt; C:\WINNT\System32\DRIVERS\nwlnkflt.sys [12416 2002-08-29] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINNT\System32\DRIVERS\nwlnkfwd.sys [32512 2002-08-29] (Microsoft Corporation)
S3 Parport; C:\WINNT\System32\DRIVERS\parport.sys [80128 2004-08-04] (Microsoft Corporation)
R0 PartMgr; C:\WINNT\system32\Drivers\PartMgr.sys [18688 2002-08-29] (Microsoft Corporation)
S4 ParVdm; C:\WINNT\system32\Drivers\ParVdm.sys [6784 2002-08-29] (Microsoft Corporation)
R0 PCI; C:\WINNT\System32\DRIVERS\pci.sys [68224 2004-08-03] (Microsoft Corporation)
R0 PCIIde; C:\WINNT\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation)
R0 Pcmcia; C:\WINNT\System32\DRIVERS\pcmcia.sys [119936 2004-08-04] (Microsoft Corporation)
R3 PptpMiniport; C:\WINNT\System32\DRIVERS\raspptp.sys [48384 2004-08-03] (Microsoft Corporation)
S3 prepdrvr; C:\WINNT\system32\CCM\prepdrv.sys [20704 2006-02-09] (Microsoft Corporation)
S4 psadd; C:\WINNT\system32\Drivers\psadd.sys [13184 2007-03-20] (IBM Corporation)
R3 PSched; C:\WINNT\System32\DRIVERS\psched.sys [69120 2004-08-03] (Microsoft Corporation)
R3 Ptilink; C:\WINNT\System32\DRIVERS\ptilink.sys [17792 2002-08-29] (Parallel Technologies, Inc.)
R0 PxHelp20; C:\WINNT\System32\Drivers\PxHelp20.sys [20576 2007-03-20] (Sonic Solutions)
R1 RasAcd; C:\WINNT\System32\DRIVERS\rasacd.sys [8832 2002-08-29] (Microsoft Corporation)
R3 Rasirda; C:\WINNT\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 Rasl2tp; C:\WINNT\System32\DRIVERS\rasl2tp.sys [51328 2004-08-03] (Microsoft Corporation)
R3 RasPppoe; C:\WINNT\System32\DRIVERS\raspppoe.sys [41472 2004-08-03] (Microsoft Corporation)
R3 Raspti; C:\WINNT\System32\DRIVERS\raspti.sys [16512 2002-08-29] (Microsoft Corporation)
R1 Rdbss; C:\WINNT\System32\DRIVERS\rdbss.sys [174592 2006-05-05] (Microsoft Corporation)
R1 RDPCDD; C:\WINNT\System32\DRIVERS\RDPCDD.sys [4224 2002-08-29] (Microsoft Corporation)
R3 rdpdr; C:\WINNT\System32\DRIVERS\rdpdr.sys [196864 2004-08-03] (Microsoft Corporation)
S3 RDPWD; C:\WINNT\system32\Drivers\RDPWD.sys [139528 2005-06-10] (Microsoft Corporation)
R1 redbook; C:\WINNT\System32\DRIVERS\redbook.sys [57472 2004-08-03] (Microsoft Corporation)
S3 Secdrv; C:\WINNT\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 serenum; C:\WINNT\System32\DRIVERS\serenum.sys [15488 2004-08-04] (Microsoft Corporation)
S3 Serial; C:\WINNT\System32\DRIVERS\serial.sys [64896 2004-08-04] (Microsoft Corporation)
S1 Sfloppy; C:\WINNT\system32\Drivers\Sfloppy.sys [11392 2004-08-04] (Microsoft Corporation)
R1 ShockMgr; C:\WINNT\system32\Drivers\ShockMgr.sys [4736 2005-06-20] (Lenovo.)
R0 Shockprf; C:\WINNT\system32\Drivers\Shockprf.sys [85760 2005-11-30] (Lenovo)
R1 Smapint; C:\WINNT\System32\drivers\Smapint.sys [14848 2005-11-30] (Microsoft Corporation)
S3 splitter; C:\WINNT\System32\drivers\splitter.sys [6400 2004-08-03] (Microsoft Corporation)
R0 sr; C:\WINNT\System32\DRIVERS\sr.sys [73472 2004-08-03] (Microsoft Corporation)
R3 Srv; C:\WINNT\System32\DRIVERS\srv.sys [333184 2008-12-11] (Microsoft Corporation)
R3 swenum; C:\WINNT\System32\DRIVERS\swenum.sys [4352 2004-08-04] (Microsoft Corporation)
S3 swmidi; C:\WINNT\System32\drivers\swmidi.sys [54272 2001-08-17] (Microsoft Corporation)
R0 Symmpi; C:\WINNT\System32\DRIVERS\symmpi.sys [99328 2007-03-20] (LSI Logic)
R3 SynTP; C:\WINNT\System32\DRIVERS\SynTP.sys [177664 2005-09-15] (Synaptics, Inc.)
R3 sysaudio; C:\WINNT\System32\drivers\sysaudio.sys [60800 2004-08-03] (Microsoft Corporation)
R1 Tcpip; C:\WINNT\System32\DRIVERS\tcpip.sys [360320 2008-06-20] (Microsoft Corporation)
S3 TcUsb; C:\WINNT\System32\Drivers\tcusb.sys [24832 2004-11-04] (UPEK Inc.)
S3 TDPIPE; C:\WINNT\system32\Drivers\TDPIPE.sys [12040 2004-08-04] (Microsoft Corporation)
R1 TDSMAPI; C:\WINNT\System32\drivers\TDSMAPI.SYS [9343 2005-11-30] ()
S3 TDTCP; C:\WINNT\system32\Drivers\TDTCP.sys [21896 2004-08-04] (Microsoft Corporation)
R0 Teefer; C:\WINNT\System32\Drivers\Teefer.sys [61008 2006-07-25] (Sygate Technologies, Inc.)
R1 TermDD; C:\WINNT\System32\DRIVERS\termdd.sys [40840 2004-08-04] (Microsoft Corporation)
S3 tpflhlp; c:\drivers\t60\bios\tpflhlp.sys [13360 2007-08-09] (Lenovo Group Limited)
R1 TPHKDRV; C:\WINNT\system32\Drivers\TPHKDRV.sys [17699 2006-02-01] (IBM Corporation)
R1 TPPWRIF; C:\WINNT\System32\drivers\Tppwrif.sys [4442 2005-12-07] ()
S4 Udfs; C:\WINNT\system32\Drivers\Udfs.sys [66176 2004-08-03] (Microsoft Corporation)
R3 Update; C:\WINNT\System32\DRIVERS\update.sys [209408 2004-08-03] (Microsoft Corporation)
S3 USBAAPL; C:\WINNT\System32\Drivers\usbaapl.sys [39424 2009-06-05] (Apple, Inc.)
S3 usbaudio; C:\WINNT\System32\drivers\usbaudio.sys [59264 2004-08-03] (Microsoft Corporation)
S3 usbccgp; C:\WINNT\System32\DRIVERS\usbccgp.sys [31616 2004-08-03] (Microsoft Corporation)
R3 usbehci; C:\WINNT\System32\DRIVERS\usbehci.sys [26624 2004-08-03] (Microsoft Corporation)
R3 usbhub; C:\WINNT\System32\DRIVERS\usbhub.sys [57600 2004-08-03] (Microsoft Corporation)
S3 usbscan; C:\WINNT\System32\DRIVERS\usbscan.sys [15104 2004-08-03] (Microsoft Corporation)
S3 USBSTOR; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [26496 2004-08-03] (Microsoft Corporation)
R3 usbuhci; C:\WINNT\System32\DRIVERS\usbuhci.sys [20480 2004-08-04] (Microsoft Corporation)
R1 VgaSave; C:\WINNT\System32\drivers\vga.sys [20992 2004-08-03] (Microsoft Corporation)
R0 VolSnap; C:\WINNT\system32\Drivers\VolSnap.sys [52352 2004-08-03] (Microsoft Corporation)
S3 w39n51; C:\WINNT\System32\DRIVERS\w39n51.sys [1428096 2005-12-05] (Intel® Corporation)
R3 Wanarp; C:\WINNT\System32\DRIVERS\wanarp.sys [34560 2004-08-03] (Microsoft Corporation)
R3 wdmaud; C:\WINNT\System32\drivers\wdmaud.sys [82944 2004-08-03] (Microsoft Corporation)
R2 wg3n; C:\WINNT\SYSTEM32\Drivers\wg3n.sys [14952 2006-07-25] (Sygate Technologies, Inc.)
R2 wg4n; C:\WINNT\SYSTEM32\Drivers\wg4n.sys [14952 2006-07-25] (Sygate Technologies, Inc.)
R2 wg5n; C:\WINNT\SYSTEM32\Drivers\wg5n.sys [14952 2006-07-25] (Sygate Technologies, Inc.)
R2 wg6n; C:\WINNT\SYSTEM32\Drivers\wg6n.sys [14952 2006-07-25] (Sygate Technologies, Inc.)
R3 winachsf; C:\WINNT\System32\DRIVERS\hsx_cnxt.sys [670208 2005-12-06] (Conexant Systems, Inc.)
R1 wpsdrvnt; C:\WINNT\system32\drivers\wpsdrvnt.sys [21075 2006-07-25] (Sygate Technologies, Inc.)
R1 WS2IFSL; C:\WINNT\System32\drivers\ws2ifsl.sys [12032 2002-08-29] (Microsoft Corporation)
S3 WudfPf; C:\WINNT\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation)
S3 WudfRd; C:\WINNT\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U1 RCHelp;
S4 vsdatant; [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-23 22:29 - 2014-03-23 22:29 - 00044845 _____ () D:\data\rainmaker\Desktop\FRST.txt
2014-03-23 22:28 - 2014-03-23 22:28 - 00002141 _____ () D:\data\rainmaker\Desktop\JRT.txt
2014-03-23 22:19 - 2014-03-23 22:19 - 00022179 _____ () D:\data\rainmaker\Desktop\AdwCleaner[R1].txt
2014-03-23 22:16 - 2014-03-23 22:16 - 01950720 _____ () D:\data\rainmaker\Desktop\adwcleaner.exe
2014-03-23 22:11 - 2014-03-23 22:15 - 00029867 _____ () D:\data\rainmaker\Desktop\Fixlog.txt
2014-03-23 13:56 - 2014-03-23 22:29 - 00000000 ____D () C:\FRST
2014-03-23 13:53 - 2014-03-23 13:54 - 01145856 _____ (Farbar) D:\data\rainmaker\Desktop\FRST.exe
2014-03-22 16:38 - 2014-03-22 16:38 - 00113070 _____ () D:\data\rainmaker\Desktop\OTL.Txt
2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\My Documents\PC Speed Maximizer
2014-03-22 16:01 - 2014-03-22 16:01 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\cache
2014-03-22 16:01 - 2014-03-22 16:01 - 00000000 ____D () D:\data\rainmaker\.android
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\My Documents\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 _____ () D:\data\rainmaker\daemonprocess.txt
2014-03-22 15:59 - 2014-03-23 21:22 - 00000000 ____D () D:\data\rainmaker\Application Data\key-find
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\SupTab
2014-03-22 15:49 - 2014-03-23 22:21 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\WebPlayer
2014-03-22 15:49 - 2014-03-22 15:52 - 00002096 _____ () D:\data\rainmaker\Desktop\FLV Player.lnk
2014-03-22 15:49 - 2014-03-22 15:49 - 00000000 ____D () D:\data\rainmaker\Start Menu\Programs\FLV Player
2014-03-22 15:48 - 2014-03-22 15:58 - 00000000 ____D () D:\data\rainmaker\Application Data\IminentToolbar
2014-02-28 13:21 - 2014-03-23 22:15 - 00000008 __RSH () D:\data\rainmaker\ntuser.pol
==================== One Month Modified Files and Folders =======
2014-03-23 22:29 - 2014-03-23 22:29 - 00044845 _____ () D:\data\rainmaker\Desktop\FRST.txt
2014-03-23 22:29 - 2014-03-23 13:56 - 00000000 ____D () C:\FRST
2014-03-23 22:29 - 2013-04-02 17:07 - 00000000 ____D () D:\data\rainmaker\Local Settings\temp
2014-03-23 22:29 - 2011-09-03 12:52 - 00001024 ____H () D:\data\rainmaker\ntuser.dat.LOG
2014-03-23 22:29 - 2011-09-03 12:52 - 00000000 __SHD () D:\data\rainmaker\Cookies
2014-03-23 22:29 - 2011-09-03 12:52 - 00000000 ____D () D:\data\rainmaker\Desktop
2014-03-23 22:28 - 2014-03-23 22:28 - 00002141 _____ () D:\data\rainmaker\Desktop\JRT.txt
2014-03-23 22:28 - 2011-09-03 12:52 - 00000000 ___HD () D:\data\rainmaker\Recent
2014-03-23 22:25 - 2011-09-04 14:56 - 00000000 ____D () D:\data\rainmaker\Application Data\BitTorrent
2014-03-23 22:25 - 2011-09-04 14:55 - 00000000 ____D () D:\data\rainmaker\My Documents\Downloads
2014-03-23 22:21 - 2014-03-22 15:49 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\WebPlayer
2014-03-23 22:21 - 2011-09-03 12:52 - 00000000 ___HD () D:\data\rainmaker\Local Settings\Application Data
2014-03-23 22:21 - 2011-09-03 12:52 - 00000000 ___HD () D:\data\rainmaker\Application Data
2014-03-23 22:19 - 2014-03-23 22:19 - 00022179 _____ () D:\data\rainmaker\Desktop\AdwCleaner[R1].txt
2014-03-23 22:18 - 2014-01-14 14:00 - 01038974 _____ (Thisisu) D:\data\rainmaker\Desktop\JRT.exe
2014-03-23 22:16 - 2014-03-23 22:16 - 01950720 _____ () D:\data\rainmaker\Desktop\adwcleaner.exe
2014-03-23 22:16 - 2007-03-20 16:43 - 00001024 ____H () D:\data\NetworkService\ntuser.dat.LOG
2014-03-23 22:16 - 2007-03-20 16:43 - 00001024 ____H () D:\data\LocalService\ntuser.dat.LOG
2014-03-23 22:15 - 2014-03-23 22:11 - 00029867 _____ () D:\data\rainmaker\Desktop\Fixlog.txt
2014-03-23 22:15 - 2014-02-28 13:21 - 00000008 __RSH () D:\data\rainmaker\ntuser.pol
2014-03-23 22:15 - 2011-09-03 12:52 - 00000000 ____D () D:\data\rainmaker
2014-03-23 22:14 - 2011-09-03 12:52 - 00000062 ___SH () D:\data\rainmaker\Local Settings\desktop.ini
2014-03-23 22:14 - 2007-03-20 16:43 - 00000062 ___SH () D:\data\NetworkService\Local Settings\desktop.ini
2014-03-23 22:14 - 2007-03-20 16:43 - 00000062 ___SH () D:\data\LocalService\Local Settings\desktop.ini
2014-03-23 22:14 - 2007-03-20 16:43 - 00000006 ____H () C:\WINNT\Tasks\SA.DAT
2014-03-23 22:14 - 2006-10-18 12:00 - 01224170 _____ () C:\WINNT\WindowsUpdate.log
2014-03-23 22:14 - 2006-10-18 11:51 - 00002206 _____ () C:\WINNT\system32\wpa.dbl
2014-03-23 22:14 - 2006-10-18 07:58 - 00000159 _____ () C:\WINNT\wiadebug.log
2014-03-23 22:14 - 2006-10-18 07:58 - 00000049 _____ () C:\WINNT\wiaservc.log
2014-03-23 22:13 - 2012-05-13 14:55 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-23 22:13 - 2011-09-03 12:52 - 11010048 ____H () D:\data\rainmaker\NTUSER.DAT
2014-03-23 22:13 - 2007-03-20 16:43 - 00262144 ____H () D:\data\NetworkService\NTUSER.DAT
2014-03-23 22:13 - 2007-03-20 16:43 - 00262144 ____H () D:\data\LocalService\NTUSER.DAT
2014-03-23 22:13 - 2007-03-20 16:43 - 00032628 _____ () C:\WINNT\SchedLgU.Txt
2014-03-23 22:13 - 2007-03-20 16:43 - 00000000 ____D () D:\data\NetworkService\Local Settings\Temp
2014-03-23 22:12 - 2012-12-23 21:48 - 00000278 ___SH () D:\data\rainmaker\ntuser.ini
2014-03-23 22:12 - 2011-08-30 08:29 - 00000000 ____D () D:\data\Admin
2014-03-23 22:12 - 2009-09-21 09:36 - 00000000 ____D () D:\data\administrator.3YFK943Z
2014-03-23 22:12 - 2009-06-26 18:24 - 00000000 ____D () D:\data\tpritcha
2014-03-23 22:12 - 2008-12-02 19:44 - 00000000 ____D () D:\data\stozin
2014-03-23 22:12 - 2007-03-20 17:11 - 00000000 ___HD () C:\WINNT\system32\GroupPolicy
2014-03-23 22:12 - 2007-03-20 16:43 - 00000000 __SHD () D:\data\NetworkService
2014-03-23 22:12 - 2006-10-18 07:56 - 00000000 __RHD () D:\data\All Users\Application Data
2014-03-23 22:04 - 2012-07-03 08:22 - 00000958 _____ () C:\WINNT\Tasks\GoogleUpdateTaskUserS-1-5-21-3510421623-2965073675-2411060337-1012UA.job
2014-03-23 22:04 - 2012-07-03 08:22 - 00000906 _____ () C:\WINNT\Tasks\GoogleUpdateTaskUserS-1-5-21-3510421623-2965073675-2411060337-1012Core.job
2014-03-23 21:47 - 2012-04-14 14:35 - 00000826 _____ () C:\WINNT\Tasks\Adobe Flash Player Updater.job
2014-03-23 21:25 - 2006-10-18 07:56 - 00000000 ____D () D:\data\All Users\Start Menu\Programs
2014-03-23 21:25 - 2006-10-18 07:56 - 00000000 ____D () D:\data\All Users\Desktop
2014-03-23 21:23 - 2011-09-03 12:52 - 00000000 ___RD () D:\data\rainmaker\Start Menu\Programs
2014-03-23 21:22 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\key-find
2014-03-23 21:22 - 2012-12-15 17:44 - 00000625 _____ () D:\data\All Users\Desktop\Mozilla Firefox.lnk
2014-03-23 21:22 - 2011-11-27 18:26 - 00000625 _____ () D:\data\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-23 21:22 - 2011-09-03 12:52 - 00000692 _____ () D:\data\rainmaker\Start Menu\Programs\Internet Explorer.lnk
2014-03-23 21:22 - 2011-09-03 12:52 - 00000656 _____ () D:\data\rainmaker\Desktop\Launch Internet Explorer Browser.lnk
2014-03-23 21:22 - 2009-10-19 09:01 - 00000625 _____ () D:\data\All Users\Desktop\b.lnk
2014-03-23 19:56 - 2009-10-26 14:15 - 00001324 _____ () C:\WINNT\system32\d3d9caps.dat
2014-03-23 13:54 - 2014-03-23 13:53 - 01145856 _____ (Farbar) D:\data\rainmaker\Desktop\FRST.exe
2014-03-22 23:01 - 2007-08-31 14:17 - 02307302 _____ () C:\engine.log
2014-03-22 20:57 - 2011-08-30 08:29 - 00001024 ____H () D:\data\Admin\ntuser.dat.LOG
2014-03-22 20:57 - 2009-09-21 09:36 - 00001024 ____H () D:\data\administrator.3YFK943Z\ntuser.dat.LOG
2014-03-22 20:57 - 2009-06-26 18:24 - 00001024 ____H () D:\data\tpritcha\ntuser.dat.LOG
2014-03-22 20:57 - 2008-12-02 19:44 - 00001024 ____H () D:\data\stozin\ntuser.dat.LOG
2014-03-22 20:57 - 2008-05-08 00:39 - 00001024 ____H () D:\data\sserebre\ntuser.dat.LOG
2014-03-22 20:57 - 2007-09-01 04:07 - 00001024 ____H () D:\data\wksbuild\ntuser.dat.LOG
2014-03-22 20:57 - 2007-08-31 14:20 - 00001024 ____H () D:\data\tmaloof\ntuser.dat.LOG
2014-03-22 20:57 - 2007-03-20 16:44 - 00001024 ____H () D:\data\Administrator\ntuser.dat.LOG
2014-03-22 16:38 - 2014-03-22 16:38 - 00113070 _____ () D:\data\rainmaker\Desktop\OTL.Txt
2014-03-22 16:05 - 2014-03-22 16:05 - 00000000 ____D () D:\data\rainmaker\My Documents\PC Speed Maximizer
2014-03-22 16:05 - 2011-09-03 12:52 - 00000000 ___RD () D:\data\rainmaker\My Documents
2014-03-22 16:01 - 2014-03-22 16:01 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\cache
2014-03-22 16:01 - 2014-03-22 16:01 - 00000000 ____D () D:\data\rainmaker\.android
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 ____D () D:\data\rainmaker\My Documents\Mobogenie
2014-03-22 16:00 - 2014-03-22 16:00 - 00000000 _____ () D:\data\rainmaker\daemonprocess.txt
2014-03-22 15:59 - 2014-03-22 15:59 - 00000000 ____D () D:\data\rainmaker\Application Data\SupTab
2014-03-22 15:58 - 2014-03-22 15:48 - 00000000 ____D () D:\data\rainmaker\Application Data\IminentToolbar
2014-03-22 15:52 - 2014-03-22 15:49 - 00002096 _____ () D:\data\rainmaker\Desktop\FLV Player.lnk
2014-03-22 15:49 - 2014-03-22 15:49 - 00000000 ____D () D:\data\rainmaker\Start Menu\Programs\FLV Player
2014-03-22 15:48 - 2011-09-04 14:56 - 00000000 ____D () D:\data\rainmaker\Local Settings\Application Data\Temp
2014-03-22 15:37 - 2011-08-30 20:58 - 00002101 _____ () D:\data\All Users\Desktop\Safari.lnk
2014-03-20 17:27 - 2009-06-17 14:10 - 00000284 _____ () C:\WINNT\Tasks\AppleSoftwareUpdate.job
2014-03-18 03:57 - 2009-04-28 03:00 - 00000000 ____D () C:\Quarantine
Some content of TEMP:
====================
D:\data\rainmaker\Local Settings\temp\D1395517211.exe
D:\data\rainmaker\Local Settings\temp\dlLogic.exe
D:\data\rainmaker\Local Settings\temp\EnableExtDll.dll
D:\data\rainmaker\Local Settings\temp\FLVPlayerSetup.exe
D:\data\rainmaker\Local Settings\temp\IMsetup.exe
D:\data\rainmaker\Local Settings\temp\nsb38.exe
D:\data\rainmaker\Local Settings\temp\nse32.exe
D:\data\rainmaker\Local Settings\temp\nsf35.exe
D:\data\rainmaker\Local Settings\temp\nsiA9F.exe
D:\data\rainmaker\Local Settings\temp\nsn2F.exe
D:\data\rainmaker\Local Settings\temp\nso3E.exe
D:\data\rainmaker\Local Settings\temp\nsx3B.exe
D:\data\rainmaker\Local Settings\temp\PCSpeedMaximizer.exe
D:\data\rainmaker\Local Settings\temp\set-app.exe
D:\data\rainmaker\Local Settings\temp\setapp.exe
D:\data\rainmaker\Local Settings\temp\SPSetup.exe
D:\data\rainmaker\Local Settings\temp\TidyNetwork.exe
D:\data\rainmaker\Local Settings\temp\Updater.exe
==================== Bamital & volsnap Check =================
C:\WINNT\explorer.exe => MD5 is legit
C:\WINNT\system32\winlogon.exe => MD5 is legit
C:\WINNT\system32\svchost.exe => MD5 is legit
C:\WINNT\system32\services.exe
[2006-10-18 11:50] - [2009-02-06 06:22] - 0110592 ____N (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd
C:\WINNT\system32\User32.dll
[2008-12-13 01:23] - [2007-03-08 11:36] - 0577536 ____A (Microsoft Corporation) b409909f6e2e8a7067076ed748abf1e7
C:\WINNT\system32\userinit.exe => MD5 is legit
C:\WINNT\system32\rpcss.dll
[2009-06-13 01:22] - [2009-02-09 06:01] - 0401408 ____A (Microsoft Corporation) 24b5d53b9accc1e2edcf0a878d6659d4
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINNT\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================