Jump to content

mzmaxey

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by mzmaxey

  1. Hello, I am getting a intermittent popup saying that a malicious website was blocked. The IP address is 91.205.157.48 Here it my First.txt log: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2014 01Ran by HP_Administrator (administrator) on SCRUBGENIE on 24-08-2014 04:13:24Running from C:\Documents and Settings\HP_Administrator\My Documents\DownloadsPlatform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)Internet Explorer Version 7Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe(Adobe Systems) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Microsoft) C:\WINDOWS\arservice.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe(Just Develop It) C:\Program Files\JustCloud\BackupStack.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe(JustCloud.com) C:\Program Files\JustCloud\JustCloud.exe(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe() C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe() C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe(Dropbox, Inc.) C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe(Flexera Software, Inc.) C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe(RealNetworks, Inc.) C:\Program Files\Real\realplayer\Update\realsched.exe(IObit) C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupHKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitHKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [296096 2012-07-21] (RealNetworks, Inc.)HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2014-02-06] (Realtek Semiconductor Corp.)HKLM\...\Run: [nwiz] => nwiz.exe /installHKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM\...\Run: [PlantronicsURE.exe] => C:\Program Files\Plantronics\PlantronicsURE\PlantronicsURE.exe [625040 2013-10-30] (Plantronics, Inc.)HKLM\...\Run: [PlantronicsBatteryStatus.exe] => C:\Program Files\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe [356752 2013-10-30] (Plantronics, Inc.)HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKLM\...\Run: [iSUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)HKLM\...\Run: [iSUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM\...\Run: [iObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-06-23] (IObit)HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0HKLM\...\Policies\Explorer: [NoResolveSearch] 1HKU\S-1-5-21-3296975347-651706224-2527284978-1007\...\Run: [Google Update] => C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2013-07-12] (Google Inc.)HKU\S-1-5-21-3296975347-651706224-2527284978-1007\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-21] (Google Inc.)HKU\S-1-5-21-3296975347-651706224-2527284978-1007\...\Run: [Advanced SystemCare 7] => C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)HKU\S-1-5-21-3296975347-651706224-2527284978-1007\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0HKU\S-1-5-21-3296975347-651706224-2527284978-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2013-07-12] (Google Inc.)HKU\S-1-5-21-3296975347-651706224-2527284978-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-21] (Google Inc.)HKU\S-1-5-21-3296975347-651706224-2527284978-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Advanced SystemCare 7] => C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)HKU\S-1-5-21-3296975347-651706224-2527284978-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0HKU\S-1-5-21-3296975347-651706224-2527284978-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)HKU\S-1-5-21-3296975347-651706224-2527284978-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeHKU\S-1-5-21-3296975347-651706224-2527284978-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)HKU\S-1-5-21-3296975347-651706224-2527284978-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)HKU\S-1-5-21-3296975347-651706224-2527284978-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [avg_spchecker] => "C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe" /startHKU\S-1-5-21-3296975347-651706224-2527284978-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)HKU\S-1-5-21-3296975347-651706224-2527284978-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)HKU\S-1-5-21-3296975347-651706224-2527284978-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [avg_spchecker] => "C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe" /startStartup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 11.lnkShortcutTarget: Snagit 11.lnk -> C:\Program Files\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)Startup: C:\Documents and Settings\Asha\Start Menu\Programs\Startup\PinMcLnk.lnkShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnkShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnkShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\PinMcLnk.lnkShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\JustCloud.lnkShortcutTarget: JustCloud.lnk -> C:\Program Files\JustCloud\JustCloud.exe (JustCloud.com)ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)BootExecute: autocheck autochk * 搀渀挀氀攀愀渀⸀攀砀攀C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktopHKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: hpWebHelper Class -> {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)Toolbar: HKCU - No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No FileToolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/sdccommon/download/tgctlsr.cabDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cabDPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cabDPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cabDPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cabDPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cabDPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cabDPF: {8E27C92B-1264-101C-8A2F-040224009C02} http://www.selfhelpworks.com/mscal.ocxDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocxDPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cabDPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://remote.elliemae.com/dana-cached/setup/JuniperSetupSP1.cabDPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cabDPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.elistingengine.com/rns/XUpload.ocxDPF: {EAC4DA12-B6EA-4A51-B455-1B506043C718} http://www.docedge.com/dtviewer.cabDPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cabDPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cabHandler: linkscanner - No CLSID Value - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [294400 2007-02-05] (Microsoft Corporation)ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Hosts: 199.189.127.1 vpn01.elliemae.com ###Cisco AnyConnect VPN client modified this file. Please do not modify contents until this comment is removed.Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 FireFox:========FF ProfilePath: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\u5rtwcim.default-1391836799151FF SelectedSearchEngine: GoogleFF Homepage: hxxp://www.yahoo.com/FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)FF Plugin: @nbc.com/DirectPlayer -> C:\Program Files\NBC Direct\npDirectPlayerMozilla.dll (NBC Universal)FF Plugin: @real.com/nppl3260;version=15.0.5.109 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprjplug;version=15.0.5.109 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpplugin;version=15.0.5.109 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Extension: Ads Removal - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\u5rtwcim.default-1391836799151\Extensions\adremoveext@adremoveext.net [2014-06-26]FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\u5rtwcim.default-1391836799151\Extensions\ascsurfingprotection@iobit.com [2014-05-14]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-29]FF HKLM\...\Firefox\Extensions: [flashplugin@idm] - C:\Documents and Settings\HP_Administrator\Application Data\IDM\bin\flashFF Extension: IDM FlashPlugin - C:\Documents and Settings\HP_Administrator\Application Data\IDM\bin\flash [2010-02-07]FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-21]FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Documents and Settings\HP_Administrator\Application Data\Move NetworksFF Extension: Move Media Player - C:\Documents and Settings\HP_Administrator\Application Data\Move Networks [2007-09-28]FF HKCU\...\Firefox\Extensions: [flashplugin@idm] - C:\Documents and Settings\HP_Administrator\Application Data\IDM\bin\flash Chrome: =======CHR HomePage: hxxp://www.yahoo.com/CHR StartupUrls: "https://www.google.com/"CHR Extension: (Google Docs) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-11]CHR Extension: (Google Drive) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-10]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (YouTube) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-24]CHR Extension: (Google Search) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-10]CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-06-11]CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]CHR Extension: (Gmail) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-10]CHR HKLM\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-09-26]CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-07-21]CHR HKCU\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-09-26] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2007-04-21] (Adobe Systems) [File not signed]R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)R2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-02] (Microsoft)R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)R2 BackupStack; C:\Program Files\JustCloud\BackupStack.exe [36424 2014-06-18] (Just Develop It)R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [431472 2008-11-21] (Juniper Networks)R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-08-25] (Macrovision Europe Ltd.) [File not signed]S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-03-28] (Oracle Corporation)R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2010-07-21] (Hewlett-Packard Company) [File not signed]S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [0 2014-05-14] () [File not signed]R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1542560 2010-08-17] (Microsoft Corp.)R2 MSSQL$EMMSDE; C:\Program Files\Microsoft SQL Server\EMMSDE\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [555408 2013-03-26] (Cisco Systems, Inc.)S2 vToolbarUpdater15.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 acsint; C:\WINDOWS\System32\DRIVERS\acsint.sys [39888 2013-03-26] (Cisco Systems, Inc.)R3 acsmux; C:\WINDOWS\System32\DRIVERS\acsmux.sys [58320 2013-03-26] (Cisco Systems, Inc.)R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2013-11-17] (Advanced Micro Devices)S3 aracpi; C:\WINDOWS\System32\DRIVERS\aracpi.sys [22784 2005-08-02] (Microsoft Corporation)R3 arhidfltr; C:\WINDOWS\System32\DRIVERS\arhidfltr.sys [19200 2005-08-02] (Microsoft Corporation)R3 arkbcfltr; C:\WINDOWS\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-02] (Microsoft Corporation)R3 armoucfltr; C:\WINDOWS\System32\DRIVERS\armoucfltr.sys [4992 2005-08-02] (Microsoft Corporation)R3 ARPolicy; C:\WINDOWS\System32\DRIVERS\arpolicy.sys [10112 2005-08-02] (Microsoft Corporation)R1 ASPI32; C:\WINDOWS\system32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec) [File not signed]R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [190232 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [34592 2013-04-21] (AVG Technologies)R3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [2432 2005-08-19] (Sonic Solutions) [File not signed]R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [2560 2005-08-19] (Sonic Solutions) [File not signed]S1 cdudf_xp; C:\WINDOWS\system32\Drivers\cdudf_xp.sys [241280 2007-04-19] (Roxio) [File not signed]R3 CXFALCON; C:\WINDOWS\System32\drivers\cxfalcon.sys [82048 2006-04-20] (Conexant Systems, Inc.)R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [23552 2008-11-21] (Juniper Networks)R3 dvd_2K; C:\WINDOWS\system32\Drivers\dvd_2K.sys [25930 2002-12-17] (Roxio) [File not signed]R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389432 2007-04-10] (Symantec Corporation)R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [247968 2013-03-23] (IObit)R3 HSX_DP; C:\WINDOWS\System32\DRIVERS\HSX_DP.sys [936448 2005-12-06] (Conexant Systems, Inc.)S3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46848 2013-07-16] (Microsoft Corporation)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-24] (Malwarebytes Corporation)R2 MCSTRM; C:\WINDOWS\system32\Drivers\MCSTRM.sys [8413 2008-01-22] (RealNetworks, Inc.) [File not signed]S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]S3 mmc_2K; C:\WINDOWS\system32\Drivers\mmc_2K.sys [30630 2002-12-17] (Roxio) [File not signed]S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2013-11-17] (NVIDIA Corporation)R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2013-11-17] (NVIDIA Corporation)R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2013-11-17] (NVIDIA Corporation)R1 pwd_2k; C:\WINDOWS\system32\Drivers\pwd_2k.sys [139674 2002-12-17] (Roxio) [File not signed]R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [31776 2013-11-19] (IObit.com)S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [15808 2014-06-04] (IObit)R2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2006-09-13] (Symantec Corporation)R1 UdfReadr_xp; C:\WINDOWS\system32\Drivers\UdfReadr_xp.sys [206464 2002-12-17] (Roxio) [File not signed]R3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [17360 2013-11-19] (IObit.com)S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [41984 2010-04-19] (Apple, Inc.) [File not signed]R3 winachsx; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [670208 2005-12-06] (Conexant Systems, Inc.)S0 ftsata2; system32\DRIVERS\ftsata2.sys [X]S3 MREMP50; No ImagePathS3 MREMPR5; No ImagePathS3 MRENDIS5; No ImagePathS3 MRESP50; No ImagePathU5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation)U0 Pml Driver HPZ12; No ImagePathS0 PxHelp20; System32\Drivers\PxHelp20.sys [X]U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePathU3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-24 04:12 - 2014-08-24 04:14 - 00000000 ____D () C:\FRST2014-08-24 03:51 - 2014-08-24 03:51 - 00000280 _____ () C:\WINDOWS\Tasks\SmartDefrag3_Update.job2014-08-24 03:50 - 2014-08-24 03:50 - 00000062 _____ () C:\Documents and Settings\HP_Administrator\employment attorney.txt2014-08-23 07:54 - 2014-08-23 09:16 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Desktop\Bragg2014-08-22 04:20 - 2014-08-22 13:34 - 00000630 _____ () C:\WINDOWS\setupapi.log2014-08-20 04:13 - 2014-08-20 04:13 - 00000159 ____N () C:\WINDOWS\wiadebug.log2014-08-20 04:13 - 2014-08-20 04:13 - 00000049 ____N () C:\WINDOWS\wiaservc.log2014-08-20 04:13 - 2014-08-20 04:13 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log2014-08-20 00:12 - 2014-08-20 00:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache2014-08-18 07:29 - 2014-08-18 07:30 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe2014-08-18 05:34 - 2014-08-23 22:55 - 00032650 _____ () C:\WINDOWS\SchedLgU.Txt2014-08-14 19:31 - 2014-08-24 03:55 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-08-02 20:11 - 2014-08-02 20:11 - 12897216 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Documents and Settings\HP_Administrator\gosetup.exe2014-08-02 20:11 - 2014-08-02 20:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Citrix ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-24 04:20 - 2006-11-14 09:14 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Temp2014-08-24 04:14 - 2014-08-24 04:12 - 00000000 ____D () C:\FRST2014-08-24 03:55 - 2014-08-14 19:31 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-08-24 03:51 - 2014-08-24 03:51 - 00000280 _____ () C:\WINDOWS\Tasks\SmartDefrag3_Update.job2014-08-24 03:50 - 2014-08-24 03:50 - 00000062 _____ () C:\Documents and Settings\HP_Administrator\employment attorney.txt2014-08-24 03:50 - 2014-02-04 04:55 - 00000834 _____ () C:\Documents and Settings\All Users\Desktop\Smart Defrag 3.lnk2014-08-24 03:50 - 2014-02-04 04:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 32014-08-24 03:50 - 2006-11-14 09:14 - 00000000 ____D () C:\Documents and Settings\HP_Administrator2014-08-24 03:48 - 2014-06-06 21:30 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-08-24 03:42 - 2013-07-20 09:05 - 00001022 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3296975347-651706224-2527284978-1007UA.job2014-08-24 02:43 - 2013-07-20 09:05 - 00000970 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3296975347-651706224-2527284978-1007Core.job2014-08-24 02:40 - 2014-06-12 02:39 - 00000478 _____ () C:\WINDOWS\Tasks\TechSmith Updater.job2014-08-23 22:55 - 2014-08-18 05:34 - 00032650 _____ () C:\WINDOWS\SchedLgU.Txt2014-08-23 19:35 - 2005-08-30 21:17 - 01826155 _____ () C:\WINDOWS\WindowsUpdate.log2014-08-23 17:58 - 2012-06-06 19:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData2014-08-23 09:16 - 2014-08-23 07:54 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Desktop\Bragg2014-08-22 13:34 - 2014-08-22 04:20 - 00000630 _____ () C:\WINDOWS\setupapi.log2014-08-22 13:34 - 2011-11-19 12:02 - 00001734 ____H () C:\Documents and Settings\HP_Administrator\My Documents\Default.rdp2014-08-22 04:35 - 2007-11-14 08:43 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\My Documents\Recipies2014-08-21 14:00 - 2013-12-19 20:37 - 00001857 _____ () C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 7.lnk2014-08-21 05:35 - 2013-12-19 20:41 - 00000290 _____ () C:\WINDOWS\Tasks\ASC7_PerformanceMonitor.job2014-08-20 04:13 - 2014-08-20 04:13 - 00000159 ____N () C:\WINDOWS\wiadebug.log2014-08-20 04:13 - 2014-08-20 04:13 - 00000049 ____N () C:\WINDOWS\wiaservc.log2014-08-20 04:13 - 2014-08-20 04:13 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log2014-08-20 01:00 - 2007-04-22 09:48 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat2014-08-20 00:30 - 2014-06-28 23:22 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job2014-08-20 00:12 - 2014-08-20 00:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache2014-08-18 17:24 - 2014-03-20 19:49 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job2014-08-18 07:30 - 2014-08-18 07:29 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe2014-08-18 05:57 - 2013-10-18 07:46 - 00000000 ___RD () C:\Documents and Settings\HP_Administrator\My Documents\Dropbox2014-08-18 05:57 - 2013-10-18 07:42 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\Dropbox2014-08-18 05:52 - 2013-10-18 07:46 - 00001058 _____ () C:\Documents and Settings\HP_Administrator\Desktop\Dropbox.lnk2014-08-18 05:52 - 2013-10-18 07:43 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Dropbox2014-08-18 05:38 - 2005-11-14 18:58 - 00000000 ____D () C:\WINDOWS\Registration2014-08-18 05:37 - 2005-08-30 21:06 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl2014-08-18 05:36 - 2014-06-28 23:22 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job2014-08-18 05:36 - 2014-02-06 19:33 - 00000292 _____ () C:\WINDOWS\Tasks\Driver Booster Scan.job2014-08-18 05:36 - 2010-03-23 06:15 - 00000300 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3296975347-651706224-2527284978-1007.job2014-08-18 05:36 - 2006-09-13 02:14 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp2014-08-18 05:35 - 2014-06-08 11:44 - 00000244 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job2014-08-18 05:34 - 2005-08-30 21:17 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-08-17 18:35 - 2010-03-23 06:15 - 00000308 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3296975347-651706224-2527284978-1007.job2014-08-15 21:42 - 2008-05-30 21:55 - 00001372 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache2014-08-14 19:55 - 2013-10-08 21:34 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2014-08-14 19:55 - 2013-10-08 21:34 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl2014-08-13 20:41 - 2014-06-15 21:37 - 00001824 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk2014-08-12 15:42 - 2007-04-21 12:36 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\My Documents\4 Asha2014-08-12 15:21 - 2014-02-23 08:09 - 03997696 _____ () C:\WINDOWS\system32\config\ACVPN.evt2014-08-12 15:21 - 2012-03-19 19:07 - 00491998 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat2014-08-12 15:21 - 2006-11-14 09:14 - 00000178 ___SH () C:\Documents and Settings\HP_Administrator\ntuser.ini2014-08-10 13:34 - 2007-12-20 09:06 - 00000000 ___RD () C:\Documents and Settings\HP_Administrator\Desktop\Desktop Files2014-08-09 08:34 - 2014-06-04 23:17 - 00000713 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk2014-08-09 08:34 - 2014-06-04 23:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG2014-08-08 15:00 - 2014-06-08 11:44 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job2014-08-03 05:52 - 2014-06-28 23:22 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt2014-08-02 20:11 - 2014-08-02 20:11 - 12897216 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Documents and Settings\HP_Administrator\gosetup.exe2014-08-02 20:11 - 2014-08-02 20:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Citrix2014-08-01 21:59 - 2014-06-28 23:22 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job2014-07-30 21:41 - 2007-04-18 22:44 - 00001184 _____ () C:\WINDOWS\Brpfx04a.ini Files to move or delete:====================C:\Documents and Settings\HP_Administrator\gosetup.exe Some content of TEMP:====================C:\Documents and Settings\HP_Administrator\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptpsd4d.dllC:\Documents and Settings\HP_Administrator\Local Settings\Temp\lgu3wpzc.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.