Jump to content

WSE Rocket


Recommended Posts

I tried to download a Java update and must have gotten tricked. 

 

Now I have WSE Rocket, PC Utilities Pro - Optimizer Pro and god knows what else.  Big mistake.  Of course I don't see any of this stuff in the control panel removal tool.

 

Can you help me get rid of this stuff?

Link to post
Share on other sites

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Ok, thanks, Jurgen.

 

Here are the logs I think you are asking for from the scan.  Let me know if I did something wrong.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-07-2014 01
Ran by HP_Administrator (administrator) on MEDIACENTER1 on 23-07-2014 06:56:45
Running from C:\Documents and Settings\HP_Administrator\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Zone Labs, LLC) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brother Industries, Ltd.) C:\WINDOWS\system32\Brmfrmps.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\Program Files\IDriveWindows\idwservice_600.exe
() C:\WINDOWS\system32\PSIService.exe
() C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
( ) C:\Program Files\IDriveWindows\idw_web.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Zone Labs, LLC) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Pro Softnet Corporation) C:\Program Files\IDriveWindows\idwbg_600.exe
(Prosoftnet Corp) C:\Program Files\IDriveWindows\idrivetray.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Google Inc.) C:\Program Files\Picasa2\PicasaMediaDetector.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Storage Appliance Corp.) C:\Documents and Settings\All Users\Application Data\Clickfree\cfagent.exe
(SAC) C:\Documents and Settings\All Users\Application Data\Clickfree\HDDV2USB3\reminder\SacReminder.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
() C:\Brother\BPRSP\resources\BrSupSsp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Tiger Technologies) C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
(Microsoft Corporation) C:\WINDOWS\system32\freecell.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2007-09-27] (Google Inc.)
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [TClockEx] => C:\Program Files\TClockEx\TCLOCKEX.EXE [89088 2000-03-09] (Dale Nurden)
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [19662744 2013-04-16] (Google)
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [ClickfreeMonitor] => c:\documents and settings\all users\application data\Clickfree\cfagent.exe [354632 2013-06-05] (Storage Appliance Corp.)
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [sacReminderHDDV2] => C:\Documents and Settings\All Users\Application Data\Clickfree\HDDV2USB3\reminder\SacReminder.exe [444744 2013-11-29] (SAC)
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro\OptProLauncher.exe [146888 2014-07-13] (PC Utilities Software Limited)
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [Geotag Security] => C:\Program Files\Geotag Security\GeotagSecurity.exe [3941888 2010-09-08] ()
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {3c1d278b-280c-11e0-9a7b-00038a000015} - L:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {7ec5a26b-290c-11dc-8756-00038a000015} - L:\LaunchU3.exe -a
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {a34d5375-9381-11df-8f10-00038a000015} - L:\StartClickfreeBackup.exe
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {b4bd432e-0814-11e2-bbb5-00038a000015} - L:\StarterOfficeGuardian.exe
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {b5ada9d8-f88b-11e3-b852-0018f3a520ea} - L:\StartClickFreeBackup.exe
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {c008cbc6-e477-11e0-bb91-00038a000015} - L:\ONSPCLCK.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Brother BPRSP.lnk
ShortcutTarget: Brother BPRSP.lnk -> C:\WINDOWS\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe (Flexera Software LLC)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\DeskFlag.lnk
ShortcutTarget: DeskFlag.lnk -> C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe (Tiger Technologies)
ShellIconOverlayIdentifiers: Carbonite.Blue -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Red -> {01CCCC8C-1D50-4b13-B96D-4B922DD3128B} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.aol.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rocket-find.com/?f=1&a=rckt_dnldstr_14_30_ff&cd=2XzuyEtN2Y1L1QzutDtD0CtD0Azz0CyDyE0BtD0EyE0Fzz0EtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyD0FtAzytDyC0AtGtA0FtBtCtGtC0BtB0AtG0E0CyE0BtGyC0DyDtA0BtCzzzztA0C0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0FyCzzyD0FtB0DtGyByBtBtAtG0AyC0DzytG0E0FtAyCtGtCzyyEtB0DyE0DyEyB0DyD0E2Q&cr=1731681561&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101703&gct=&gc=1&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
URLSearchHook: HKCU - DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
SearchScopes: HKLM - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dnldstr_14_30_ff&cd=2XzuyEtN2Y1L1QzutDtD0CtD0Azz0CyDyE0BtD0EyE0Fzz0EtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyD0FtAzytDyC0AtGtA0FtBtCtGtC0BtB0AtG0E0CyE0BtGyC0DyDtA0BtCzzzztA0C0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0FyCzzyD0FtB0DtGyByBtBtAtG0AyC0DzytG0E0FtAyCtGtCzyyEtB0DyE0DyEyB0DyD0E2Q&cr=1731681561&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dnldstr_14_30_ff&cd=2XzuyEtN2Y1L1QzutDtD0CtD0Azz0CyDyE0BtD0EyE0Fzz0EtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyD0FtAzytDyC0AtGtA0FtBtCtGtC0BtB0AtG0E0CyE0BtGyC0DyDtA0BtCzzzztA0C0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0FyCzzyD0FtB0DtGyByBtBtAtG0AyC0DzytG0E0FtAyCtGtCzyyEtB0DyE0DyEyB0DyD0E2Q&cr=1731681561&ir=
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dnldstr_14_30_ff&cd=2XzuyEtN2Y1L1QzutDtD0CtD0Azz0CyDyE0BtD0EyE0Fzz0EtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyD0FtAzytDyC0AtGtA0FtBtCtGtC0BtB0AtG0E0CyE0BtGyC0DyDtA0BtCzzzztA0C0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0FyCzzyD0FtB0DtGyByBtBtAtG0AyC0DzytG0E0FtAyCtGtCzyyEtB0DyE0DyEyB0DyD0E2Q&cr=1731681561&ir=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dnldstr_14_30_ff&cd=2XzuyEtN2Y1L1QzutDtD0CtD0Azz0CyDyE0BtD0EyE0Fzz0EtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyD0FtAzytDyC0AtGtA0FtBtCtGtC0BtB0AtG0E0CyE0BtGyC0DyDtA0BtCzzzztA0C0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0FyCzzyD0FtB0DtGyByBtBtAtG0AyC0DzytG0E0FtAyCtGtCzyyEtB0DyE0DyEyB0DyD0E2Q&cr=1731681561&ir=
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=FXT
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKCU - Foxit Toolbar - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07} https://insite.mhhs.org/MHHS_Portal_Login_09.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default
FF DefaultSearchEngine: WSE Rocket
FF SelectedSearchEngine: WSE Rocket
FF Homepage: hxxp://rocket-find.com/?f=1&a=rckt_dnldstr_14_30_ff&cd=2XzuyEtN2Y1L1QzutDtD0CtD0Azz0CyDyE0BtD0EyE0Fzz0EtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyD0FtAzytDyC0AtGtA0FtBtCtGtC0BtB0AtG0E0CyE0BtGyC0DyDtA0BtCzzzztA0C0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0FyCzzyD0FtB0DtGyByBtBtAtG0AyC0DzytG0E0FtAyCtGtCzyyEtB0DyE0DyEyB0DyD0E2Q&cr=1731681561&ir=
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\\npViewpoint.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF user.js: detected! => C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\searchplugins\WSE Rocket.xml
FF SearchPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\searchplugins\yahoo_ff.xml
FF Extension: Разпознаване на устройство Logitech - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\DeviceDetection@logitech.com [2011-08-17]
FF Extension: Xmarks - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\foxmarks@kei.com [2014-07-13]
FF Extension: Screengrab - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010-07-02]
FF Extension: Garmin Communicator - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-14]
FF Extension: Abine - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{b58ca710-f62c-4f38-a0e8-cc9b177463e5} [2012-09-06]
FF Extension: DownloadHelper - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-28]
FF Extension: Adobe DLM (powered by getPlus®) - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-03-09]
FF Extension: Ask Toolbar for Firefox - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010-03-03]
FF Extension: Rocket New Tab - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{ecaa9181-d92a-47b9-8e14-bef9680f204b} [2014-07-21]
FF Extension: InvisibleHand - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2011-04-15]
FF Extension: Ciuvo - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\extension@ciuvo.com.xpi [2012-02-10]
FF Extension: PriceBlink - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\info@priceblink.com.xpi [2012-05-03]
FF Extension: iReader - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\ireader@samabox.com.xpi [2011-04-15]
FF Extension: Awesome screenshot: Capture and Annotate - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2013-10-17]
FF Extension: Morning Coffee - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\morningCoffee@shaneliesegang.xpi [2011-04-15]
FF Extension: SimplyRead - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\simplyread@njw.me.uk.xpi [2012-05-17]
FF Extension: FlashGot - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-07-17]
FF Extension: NoScript - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-14]
FF Extension: Address Bar Search - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-25]
FF Extension: Easy YouTube Video Downloader - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012-07-17]
FF Extension: Adblock Plus - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-07]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (getPlusPlus for Adobe 16263) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java Platform SE 7 U55) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\\npViewpoint.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll No File
CHR Extension: (Google Drive) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]
CHR Extension: (YouTube) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-25]
CHR Extension: (Google Search) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-16]
CHR Extension: (Domain Error Assistant) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-07-17]
CHR Extension: (Slick Savings) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-07-17]
CHR Extension: (Gmail) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-16]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\HP_ADM~1\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-01]

========================== Services (Whitelisted) =================

R2 brmfrmps; C:\WINDOWS\system32\Brmfrmps.exe [65536 2003-03-19] (Brother Industries, Ltd.) [File not signed]
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.) [File not signed]
R2 ca82e1a5; c:\Program Files\Optimizer Pro\OptProCrash.dll [3927496 2014-07-21] ()
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [5049352 2013-10-10] (Carbonite, Inc. (www.carbonite.com))
S4 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) [File not signed]
R2 ELService; C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe [180224 2006-06-02] (Intel Corporation) [File not signed]
S4 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [77824 2002-01-29] () [File not signed]
S4 EPSONStatusAgent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [94208 2002-07-17] (SEIKO EPSON CORPORATION) [File not signed]
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [67360 2010-02-19] (NOS Microsystems Ltd.)
R2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [90112 2006-07-06] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IDriveService; C:\Program Files\IDriveWindows\idwservice_600.exe [182872 2013-09-18] ()
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [49152 2006-06-21] (Hewlett-Packard Company) [File not signed]
S4 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [159810 2007-04-19] (NVIDIA Corporation) [File not signed]
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 SqueezeMySQL; C:\Program Files\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe [4149248 2011-01-24] () [File not signed]
S4 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1245064 2008-03-27] ()
S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
R2 vsmon; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [75304 2008-07-09] (Zone Labs, LLC)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
S2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [X]
S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2009-01-13] (Windows ® 2000 DDK provider) [File not signed]
S3 brfilt; C:\WINDOWS\System32\Drivers\Brfilt.sys [2944 2001-08-17] (Brother Industries Ltd.)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 BrUsbScn; C:\WINDOWS\System32\Drivers\BrUsbScn.sys [10368 2001-08-17] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 ELacpi; C:\WINDOWS\System32\DRIVERS\ELacpi.sys [9728 2006-05-10] (Intel Corporation)
R1 ELhid; C:\WINDOWS\System32\Drivers\Elhid.sys [10112 2006-05-10] (Intel Corporation) [File not signed]
R1 ELkbd; C:\WINDOWS\System32\Drivers\Elkbd.sys [6912 2006-05-10] (Intel Corporation) [File not signed]
R1 ELmon; C:\WINDOWS\System32\Drivers\Elmon.sys [7040 2006-05-10] (Intel Corporation) [File not signed]
R1 ELmou; C:\WINDOWS\System32\Drivers\Elmou.sys [6400 2006-05-10] (Intel Corporation) [File not signed]
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [62216 2012-09-19] (FTDI Ltd.)
S3 GoProto; C:\WINDOWS\System32\DRIVERS\goprot51.sys [28672 2008-03-14] (Gteko Ltd.) [File not signed]
S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 hcwPP2; C:\WINDOWS\System32\DRIVERS\hcwPP2.sys [168064 2006-04-13] (Hauppauge Computer Works, Inc.)
R3 HSX_DP; C:\WINDOWS\System32\DRIVERS\HSX_DP.sys [936448 2005-12-06] (Conexant Systems, Inc.)
S3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46848 2013-07-16] (Microsoft Corporation)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [127768 2007-07-19] (Kaspersky Lab)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-07] (Malwarebytes Corporation)
S3 mf; C:\WINDOWS\System32\DRIVERS\mf.sys [63744 2008-04-13] (Microsoft Corporation)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R2 mrtRate; C:\WINDOWS\system32\Drivers\mrtRate.sys [34916 1999-08-10] (Marimba, Inc.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [42000 2007-04-25] (CACE Technologies)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 SDDMI2; C:\WINDOWS\system32\DDMI2.sys [6977 2004-06-09] (Gteko Ltd.) [File not signed]
R0 srescan; C:\WINDOWS\System32\ZoneLabs\srescan.sys [51176 2008-02-27] (Zone Labs, LLC)
R2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2006-09-29] (Symantec Corporation)
S3 ubloxusb; C:\WINDOWS\System32\DRIVERS\ubloxusb.sys [75264 2009-05-19] (u-blox AG)
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed]
R1 vsdatant; C:\WINDOWS\System32\vsdatant.sys [394952 2008-07-09] (Zone Labs, LLC)
R3 winachsx; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [670208 2005-12-06] (Conexant Systems, Inc.)
R3 WN5301; C:\WINDOWS\System32\DRIVERS\wn5301.sys [468768 2005-10-05] (Liteon Technology Inc.)
S3 ATWPKT2; \??\C:\PROGRA~1\COMMON~1\AOL\ACS\ATWPKT2.SYS [X]
S0 ftsata2; system32\DRIVERS\ftsata2.sys [X]
U0 Pml Driver HPZ12;
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2014-07-23 06:56 - 2014-07-23 06:57 - 00036146 ____C () C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt
2014-07-23 06:56 - 2014-07-23 06:56 - 00000000 ___DC () C:\FRST
2014-07-23 06:54 - 2014-07-23 06:54 - 01082368 ____C (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe
2014-07-23 06:37 - 2014-07-23 06:38 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2014-07-21 15:30 - 2014-07-22 15:00 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\TEMP
2014-07-21 15:30 - 2014-07-21 15:30 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Optimizer Pro
2014-07-21 15:30 - 2014-07-21 15:30 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Application Data\Optimizer Pro
2014-07-21 15:19 - 2014-07-23 06:20 - 00000420 ____C () C:\WINDOWS\Tasks\At1.job
2014-07-21 15:19 - 2014-07-21 15:24 - 00000000 ___DC () C:\Program Files\Optimizer Pro
2014-07-21 15:19 - 2014-07-21 15:24 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro v3.2
2014-07-21 15:19 - 2014-07-21 15:19 - 00000748 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Optimizer Pro.lnk
2014-07-21 15:19 - 2014-07-21 15:19 - 00000000 ___DC () C:\Program Files\WSE Rocket
2014-07-21 15:19 - 2014-07-21 15:19 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Application Data\RocketUpdater
2014-07-21 15:00 - 2014-07-21 15:00 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-07-21 15:00 - 2014-07-11 03:02 - 00096680 ____C (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-07-21 15:00 - 2014-07-11 02:56 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-07-21 15:00 - 2014-07-11 02:55 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-07-16 09:43 - 2014-07-16 09:43 - 00701217 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Purdue Trip 2014.htm
2014-07-16 09:43 - 2014-07-16 09:43 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Desktop\Purdue Trip 2014_files
2014-07-10 16:46 - 2014-07-10 16:48 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Auto

==================== One Month Modified Files and Folders =======

2014-07-23 06:57 - 2014-07-23 06:56 - 00036146 ____C () C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt
2014-07-23 06:57 - 2007-02-16 12:26 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Local Settings\Temp
2014-07-23 06:56 - 2014-07-23 06:56 - 00000000 ___DC () C:\FRST
2014-07-23 06:54 - 2014-07-23 06:54 - 01082368 ____C (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe
2014-07-23 06:46 - 2011-05-19 15:11 - 00000906 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-23 06:38 - 2014-07-23 06:37 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2014-07-23 06:38 - 2012-05-08 18:01 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service
2014-07-23 06:22 - 2013-02-17 11:46 - 00000830 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-23 06:20 - 2014-07-21 15:19 - 00000420 ____C () C:\WINDOWS\Tasks\At1.job
2014-07-22 23:29 - 2013-10-01 12:14 - 00000000 ___DC () C:\Program Files\IDriveWindows
2014-07-22 16:09 - 2005-08-30 23:17 - 01915479 ____C () C:\WINDOWS\WindowsUpdate.log
2014-07-22 15:00 - 2014-07-21 15:30 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\TEMP
2014-07-22 11:22 - 2005-08-30 23:17 - 00031824 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-21 18:59 - 2014-01-21 10:54 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\dj-Wylie
2014-07-21 18:33 - 2007-03-29 10:54 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Hermann
2014-07-21 18:31 - 2013-08-17 11:05 - 00000334 ____C () C:\WINDOWS\BRCALIB.INI
2014-07-21 16:21 - 2012-10-09 18:13 - 00699056 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-21 16:21 - 2011-05-24 11:39 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-21 16:13 - 2005-08-30 15:55 - 00000259 ____C () C:\WINDOWS\wiadebug.log
2014-07-21 16:10 - 2005-08-30 23:06 - 00001158 ____C () C:\WINDOWS\system32\wpa.dbl
2014-07-21 16:10 - 2005-08-30 23:02 - 00000895 ____C () C:\WINDOWS\win.ini
2014-07-21 16:10 - 2005-08-30 17:34 - 00000279 _RSHC () C:\boot.ini
2014-07-21 16:10 - 2005-08-30 15:52 - 00000227 ____C () C:\WINDOWS\system.ini
2014-07-21 16:08 - 2008-01-11 19:13 - 00352917 _____ () C:\WINDOWS\system32\vsconfig.xml
2014-07-21 16:08 - 2005-11-14 20:58 - 00000000 ___DC () C:\WINDOWS\Registration
2014-07-21 16:08 - 2005-08-30 15:55 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2014-07-21 16:07 - 2014-04-17 17:33 - 00000244 ____C () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-07-21 16:07 - 2011-05-19 15:11 - 00000902 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 16:07 - 2005-08-30 23:17 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2014-07-21 15:30 - 2014-07-21 15:30 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Optimizer Pro
2014-07-21 15:30 - 2014-07-21 15:30 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Application Data\Optimizer Pro
2014-07-21 15:24 - 2014-07-21 15:19 - 00000000 ___DC () C:\Program Files\Optimizer Pro
2014-07-21 15:24 - 2014-07-21 15:19 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro v3.2
2014-07-21 15:19 - 2014-07-21 15:19 - 00000748 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Optimizer Pro.lnk
2014-07-21 15:19 - 2014-07-21 15:19 - 00000000 ___DC () C:\Program Files\WSE Rocket
2014-07-21 15:19 - 2014-07-21 15:19 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Application Data\RocketUpdater
2014-07-21 15:00 - 2014-07-21 15:00 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-07-21 15:00 - 2006-09-29 09:23 - 00000000 ___DC () C:\Program Files\Java
2014-07-21 08:48 - 2008-06-22 14:22 - 00000284 ____C () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-07-19 09:05 - 2007-12-25 18:30 - 00000000 ___DC () C:\WINDOWS\system32\NtmsData
2014-07-18 09:11 - 2006-09-29 09:58 - 00001036 ____C () C:\WINDOWS\QUICKEN.INI
2014-07-18 08:54 - 2012-04-13 17:35 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Manuals
2014-07-17 15:12 - 2010-04-08 10:23 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\dj
2014-07-16 09:43 - 2014-07-16 09:43 - 00701217 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Purdue Trip 2014.htm
2014-07-16 09:43 - 2014-07-16 09:43 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Desktop\Purdue Trip 2014_files
2014-07-13 18:23 - 2013-06-22 17:49 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\2719 Cochran
2014-07-13 15:38 - 2007-08-13 20:32 - 00000069 ____C () C:\WINDOWS\NeroDigital.ini
2014-07-12 01:40 - 2009-08-25 09:23 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Application Data\HpUpdate
2014-07-11 10:30 - 2013-11-18 18:07 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\RHN
2014-07-11 03:02 - 2014-07-21 15:00 - 00096680 ____C (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-07-11 02:56 - 2014-07-21 15:00 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-07-11 02:55 - 2014-07-21 15:00 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-07-10 16:48 - 2014-07-10 16:46 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Auto
2014-07-10 15:09 - 2013-02-05 19:03 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Application Data\vlc
2014-07-09 16:31 - 2012-03-07 18:24 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Ham Radio
2014-07-08 15:00 - 2014-04-17 17:33 - 00000238 ____C () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-07-08 14:32 - 2013-08-16 12:15 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-07-08 14:22 - 2008-01-11 19:20 - 280074272 ___SH () C:\WINDOWS\system32\Drivers\fidbox.dat
2014-07-05 17:10 - 2006-09-29 09:44 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\HP

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mny11E.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\optprosetup.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\RocketSilent.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\vlc-2.1.3-win32.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is150.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is151.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is42.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is43.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is559.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Link to post
Share on other sites

Hi,

you did everything fine! :)

 

But it has to be mentioned that you use still Windows XP (without an antivirus!)

 

Please read this first:

http://windows.microsoft.com/en-us/windows/end-support-help

  • Please download and install revouninstaller.pngRevo Uninstaller Free

    note: there is no need to click anything on that page, the download will start automatically

  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:

    Foxit ToolbarOptimizer Pro v3.2 
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete

    note: you may have to expand some folders by clicking the "+" mark

  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Link to post
Share on other sites

btw,  I forgot to say my name is Russell.  Thank you so much for helping me.

 

I guess you know quite a bit about me after reading my logs. :)  

 

I read your attachment.  Yes, I still use XP.  I am so sorry that it's no longer supported.  I have really enjoyed using it.  

 

I use programs that will only run on XP and, although I've been using pc's since about 1984 I hate to buy and, worse, learn new programs that don't do anything I need any better than the old one. 

 

I tried Vista when it came out and quickly went back to XP.  I have a Windows 7 laptop which is ok but won't run my old XP programs. 

 

I'm afraid Windows 8 is out of the question for me.  I simply don't have the days, weeks or months that it would take me to relearn a new operating system especially since I don't need it. 

 

I've been thinking of just disconnecting my XP from the internet and using it to run my old software which does not require an internet connection.  Hope this doesn't sound like a rant.  It's not intended as such.

 

I believe that I have successfully unstalled the Foxit Toolbar and Optimizer Pro using Revo Uninstall.

 

What shall I do now?

Link to post
Share on other sites

Hi Russell,

 

Now I understand... :)

 

 

I've been thinking of just disconnecting my XP from the internet and using it to run my old software which does not require an internet connection.

It is an option of course....

 

Next step:

 

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Link to post
Share on other sites

Done.

 

# AdwCleaner v3.216 - Report created 24/07/2014 at 14:28:53
# Updated 17/07/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : HP_Administrator - MEDIACENTER1
# Running from : C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\2308189059
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\AOL Toolbar
Folder Deleted : C:\Program Files\AskSearch
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\WSE Rocket
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\RocketUpdater
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\HP_Administrator\My Documents\Optimizer Pro
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{ecaa9181-d92a-47b9-8e14-bef9680f204b}
[!] Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[!] Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
File Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\eBay.lnk
File Deleted : C:\Documents and Settings\HP_Administrator\Favorites\eBay.lnk
File Deleted : C:\Program Files\Mozilla Firefox\Components\AskSearch.js
File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\searchplugins\WSE Rocket.xml
File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C94E154B-1459-4A47-966B-4B843BEFC7DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C94E154B-1459-4A47-966B-4B843BEFC7DB}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\RocketUpdater
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\WSE Rocket
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\AskSA
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\AskBarDis
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE Rocket
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE Rocket
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL]

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://rocket-find.com/?f=1&a=rckt_dnldstr_14_30_ff&cd=2XzuyEtN2Y1L1QzutDtD0CtD0Azz0CyDyE0BtD0EyE0Fzz0EtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzy[...]
Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);

-\\ Google Chrome v27.0.1453.94

[ File : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [9283 octets] - [24/07/2014 14:26:05]
AdwCleaner[s0].txt - [8488 octets] - [24/07/2014 14:28:53]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8548 octets] ##########

Link to post
Share on other sites

Hi,

Step 1

Please download mbam.pngMalwarebytes Anti-Malware and save it to your desktop.

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.

    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)

  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.

    Please copy and paste the log in your next reply.

Link to post
Share on other sites

Done

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/25/2014
Scan Time: 4:33:46 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.25.08
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: HP_Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329195
Time Elapsed: 25 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Rogue.sysCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\WINDOWS\SYSTEM32\MISTERHISTORYDELETER.DLL, 1, Quarantined, [257c2d73d5a6e254e94a5f817b86b34d]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.GetNow, C:\RECYCLER\S-1-5-21-2562346610-408318716-2502678116-1007\Dc472.exe, Quarantined, [9a07e4bcf18a979f26befa8fbb46a45c],
Rogue.sysCleaner, C:\WINDOWS\system32\misterhistorydeleter.dll, Quarantined, [257c2d73d5a6e254e94a5f817b86b34d],
PUP.Optional.Ciuvo.A, C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\extensions\extension@ciuvo.com.xpi, Quarantined, [821fd1cf6615063019c713bb936f7f81],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by HP_Administrator (administrator) on MEDIACENTER1 on 25-07-2014 17:57:47
Running from C:\Documents and Settings\HP_Administrator\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Zone Labs, LLC) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brother Industries, Ltd.) C:\WINDOWS\system32\Brmfrmps.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\Program Files\IDriveWindows\idwservice_600.exe
() C:\WINDOWS\system32\PSIService.exe
() C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
( ) C:\Program Files\IDriveWindows\idw_web.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Zone Labs, LLC) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Pro Softnet Corporation) C:\Program Files\IDriveWindows\idwbg_600.exe
(Prosoftnet Corp) C:\Program Files\IDriveWindows\idrivetray.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(Google Inc.) C:\Program Files\Picasa2\PicasaMediaDetector.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Storage Appliance Corp.) C:\Documents and Settings\All Users\Application Data\Clickfree\cfagent.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(SAC) C:\Documents and Settings\All Users\Application Data\Clickfree\HDDV2USB3\reminder\SacReminder.exe
() C:\Brother\BPRSP\resources\BrSupSsp.exe
(Tiger Technologies) C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\WINDOWS\system32\freecell.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor (the data entry has 100 more characters).
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2007-09-27] (Google Inc.)
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [TClockEx] => C:\Program Files\TClockEx\TCLOCKEX.EXE [89088 2000-03-09] (Dale Nurden)
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [19662744 2013-04-16] (Google)
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [ClickfreeMonitor] => c:\documents and settings\all users\application data\Clickfree\cfagent.exe [354632 2013-06-05] (Storage Appliance Corp.)
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [sacReminderHDDV2] => C:\Documents and Settings\All Users\Application Data\Clickfree\HDDV2USB3\reminder\SacReminder.exe [444744 2013-11-29] (SAC)
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [Geotag Security] => C:\Program Files\Geotag Security\GeotagSecurity.exe [3941888 2010-09-08] ()
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {3c1d278b-280c-11e0-9a7b-00038a000015} - L:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {7ec5a26b-290c-11dc-8756-00038a000015} - L:\LaunchU3.exe -a
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {a34d5375-9381-11df-8f10-00038a000015} - L:\StartClickfreeBackup.exe
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {b4bd432e-0814-11e2-bbb5-00038a000015} - L:\StarterOfficeGuardian.exe
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {b5ada9d8-f88b-11e3-b852-0018f3a520ea} - L:\StartClickFreeBackup.exe
HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {c008cbc6-e477-11e0-bb91-00038a000015} - L:\ONSPCLCK.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Brother BPRSP.lnk
ShortcutTarget: Brother BPRSP.lnk -> C:\WINDOWS\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe (Flexera Software LLC)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\DeskFlag.lnk
ShortcutTarget: DeskFlag.lnk -> C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe (Tiger Technologies)
ShellIconOverlayIdentifiers: Carbonite.Blue -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Red -> {01CCCC8C-1D50-4b13-B96D-4B922DD3128B} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.aol.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07} https://insite.mhhs.org/MHHS_Portal_Login_09.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default
FF DefaultSearchEngine: WSE Rocket
FF SelectedSearchEngine: WSE Rocket
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\searchplugins\yahoo_ff.xml
FF Extension: Разпознаване на устройство Logitech - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\DeviceDetection@logitech.com [2011-08-17]
FF Extension: Xmarks - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\foxmarks@kei.com [2014-07-13]
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\staged [2014-07-25]
FF Extension: Screengrab - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010-07-02]
FF Extension: Garmin Communicator - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-14]
FF Extension: Abine - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{b58ca710-f62c-4f38-a0e8-cc9b177463e5} [2012-09-06]
FF Extension: DownloadHelper - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-28]
FF Extension: Adobe DLM (powered by getPlus®) - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-03-09]
FF Extension: InvisibleHand - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2011-04-15]
FF Extension: PriceBlink - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\info@priceblink.com.xpi [2012-05-03]
FF Extension: iReader - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\ireader@samabox.com.xpi [2011-04-15]
FF Extension: Awesome screenshot: Capture and Annotate - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2013-10-17]
FF Extension: Morning Coffee - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\morningCoffee@shaneliesegang.xpi [2011-04-15]
FF Extension: SimplyRead - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\simplyread@njw.me.uk.xpi [2012-05-17]
FF Extension: FlashGot - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-07-17]
FF Extension: NoScript - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-14]
FF Extension: Address Bar Search - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-25]
FF Extension: Adblock Plus - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-07]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (getPlusPlus for Adobe 16263) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java Platform SE 7 U55) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\\npViewpoint.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll No File
CHR Extension: (Google Drive) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]
CHR Extension: (YouTube) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-25]
CHR Extension: (Google Search) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-16]
CHR Extension: (Gmail) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-16]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\HP_ADM~1\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 brmfrmps; C:\WINDOWS\system32\Brmfrmps.exe [65536 2003-03-19] (Brother Industries, Ltd.) [File not signed]
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.) [File not signed]
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [5049352 2013-10-10] (Carbonite, Inc. (www.carbonite.com))
S4 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) [File not signed]
R2 ELService; C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe [180224 2006-06-02] (Intel Corporation) [File not signed]
S4 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [77824 2002-01-29] () [File not signed]
S4 EPSONStatusAgent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [94208 2002-07-17] (SEIKO EPSON CORPORATION) [File not signed]
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [67360 2010-02-19] (NOS Microsystems Ltd.)
R2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [90112 2006-07-06] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IDriveService; C:\Program Files\IDriveWindows\idwservice_600.exe [182872 2013-09-18] ()
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [49152 2006-06-21] (Hewlett-Packard Company) [File not signed]
S4 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [159810 2007-04-19] (NVIDIA Corporation) [File not signed]
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 SqueezeMySQL; C:\Program Files\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe [4149248 2011-01-24] () [File not signed]
S4 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1245064 2008-03-27] ()
S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
R2 vsmon; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [75304 2008-07-09] (Zone Labs, LLC)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
S2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [X]
S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2009-01-13] (Windows ® 2000 DDK provider) [File not signed]
S3 brfilt; C:\WINDOWS\System32\Drivers\Brfilt.sys [2944 2001-08-17] (Brother Industries Ltd.)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 BrUsbScn; C:\WINDOWS\System32\Drivers\BrUsbScn.sys [10368 2001-08-17] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 ELacpi; C:\WINDOWS\System32\DRIVERS\ELacpi.sys [9728 2006-05-10] (Intel Corporation)
R1 ELhid; C:\WINDOWS\System32\Drivers\Elhid.sys [10112 2006-05-10] (Intel Corporation) [File not signed]
R1 ELkbd; C:\WINDOWS\System32\Drivers\Elkbd.sys [6912 2006-05-10] (Intel Corporation) [File not signed]
R1 ELmon; C:\WINDOWS\System32\Drivers\Elmon.sys [7040 2006-05-10] (Intel Corporation) [File not signed]
R1 ELmou; C:\WINDOWS\System32\Drivers\Elmou.sys [6400 2006-05-10] (Intel Corporation) [File not signed]
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [62216 2012-09-19] (FTDI Ltd.)
S3 GoProto; C:\WINDOWS\System32\DRIVERS\goprot51.sys [28672 2008-03-14] (Gteko Ltd.) [File not signed]
S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 hcwPP2; C:\WINDOWS\System32\DRIVERS\hcwPP2.sys [168064 2006-04-13] (Hauppauge Computer Works, Inc.)
R3 HSX_DP; C:\WINDOWS\System32\DRIVERS\HSX_DP.sys [936448 2005-12-06] (Conexant Systems, Inc.)
S3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46848 2013-07-16] (Microsoft Corporation)
U0 iwttegf; C:\WINDOWS\System32\drivers\fyctdg.sys [52440 2014-07-25] (Malwarebytes Corporation)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [127768 2007-07-19] (Kaspersky Lab)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [110296 2014-07-25] (Malwarebytes Corporation)
S3 mf; C:\WINDOWS\System32\DRIVERS\mf.sys [63744 2008-04-13] (Microsoft Corporation)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R2 mrtRate; C:\WINDOWS\system32\Drivers\mrtRate.sys [34916 1999-08-10] (Marimba, Inc.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [42000 2007-04-25] (CACE Technologies)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 SDDMI2; C:\WINDOWS\system32\DDMI2.sys [6977 2004-06-09] (Gteko Ltd.) [File not signed]
R0 srescan; C:\WINDOWS\System32\ZoneLabs\srescan.sys [51176 2008-02-27] (Zone Labs, LLC)
R2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2006-09-29] (Symantec Corporation)
S3 ubloxusb; C:\WINDOWS\System32\DRIVERS\ubloxusb.sys [75264 2009-05-19] (u-blox AG)
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed]
R1 vsdatant; C:\WINDOWS\System32\vsdatant.sys [394952 2008-07-09] (Zone Labs, LLC)
R3 winachsx; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [670208 2005-12-06] (Conexant Systems, Inc.)
R3 WN5301; C:\WINDOWS\System32\DRIVERS\wn5301.sys [468768 2005-10-05] (Liteon Technology Inc.)
S3 ATWPKT2; \??\C:\PROGRA~1\COMMON~1\AOL\ACS\ATWPKT2.SYS [X]
S0 ftsata2; system32\DRIVERS\ftsata2.sys [X]
U0 Pml Driver HPZ12;
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 17:57 - 2014-07-25 17:57 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Desktop\FRST-OlderVersion
2014-07-25 17:52 - 2014-07-25 17:52 - 00052440 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\fyctdg.sys
2014-07-25 16:30 - 2014-07-25 16:30 - 00000788 ____C () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-25 16:30 - 2014-07-25 16:30 - 00000000 ___DC () C:\Program Files\Malwarebytes Anti-Malware
2014-07-25 16:30 - 2014-07-25 16:30 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-25 16:30 - 2014-05-12 07:26 - 00053208 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-25 16:30 - 2014-05-12 07:25 - 00023256 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-25 16:29 - 2014-07-25 16:30 - 17292760 ____C (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-24 14:27 - 2010-08-30 08:34 - 00536576 ____C (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-07-24 14:25 - 2014-07-24 18:21 - 00000000 ___DC () C:\AdwCleaner
2014-07-24 14:25 - 2014-07-24 14:25 - 01354223 ____C () C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe
2014-07-23 16:40 - 2014-07-23 16:40 - 00000928 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Revo Uninstaller.lnk
2014-07-23 16:40 - 2014-07-23 16:40 - 00000000 ___DC () C:\Program Files\VS Revo Group
2014-07-23 06:58 - 2014-07-23 06:59 - 00216060 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Addition.txt
2014-07-23 06:56 - 2014-07-25 17:58 - 00031720 ____C () C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt
2014-07-23 06:56 - 2014-07-25 17:58 - 00000000 ___DC () C:\FRST
2014-07-23 06:54 - 2014-07-25 17:57 - 01084416 ____C (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe
2014-07-23 06:37 - 2014-07-23 06:38 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2014-07-21 15:30 - 2014-07-22 15:00 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\TEMP
2014-07-21 15:19 - 2014-07-25 17:19 - 00000420 ____C () C:\WINDOWS\Tasks\At1.job
2014-07-21 15:00 - 2014-07-21 15:00 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-07-21 15:00 - 2014-07-11 03:02 - 00096680 ____C (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-07-21 15:00 - 2014-07-11 02:56 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-07-21 15:00 - 2014-07-11 02:55 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-07-16 09:43 - 2014-07-16 09:43 - 00701217 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Purdue Trip 2014.htm
2014-07-16 09:43 - 2014-07-16 09:43 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Desktop\Purdue Trip 2014_files
2014-07-10 16:46 - 2014-07-10 16:48 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Auto

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 17:58 - 2014-07-23 06:56 - 00031720 ____C () C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt
2014-07-25 17:58 - 2014-07-23 06:56 - 00000000 ___DC () C:\FRST
2014-07-25 17:58 - 2007-02-16 12:26 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Local Settings\Temp
2014-07-25 17:57 - 2014-07-25 17:57 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Desktop\FRST-OlderVersion
2014-07-25 17:57 - 2014-07-23 06:54 - 01084416 ____C (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe
2014-07-25 17:52 - 2014-07-25 17:52 - 00052440 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\fyctdg.sys
2014-07-25 17:52 - 2009-12-09 18:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB970430$
2014-07-25 17:46 - 2011-05-19 15:11 - 00000906 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-25 17:22 - 2013-02-17 11:46 - 00000830 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-25 17:19 - 2014-07-21 15:19 - 00000420 ____C () C:\WINDOWS\Tasks\At1.job
2014-07-25 16:33 - 2014-03-31 18:33 - 00110296 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-25 16:30 - 2014-07-25 16:30 - 00000788 ____C () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-25 16:30 - 2014-07-25 16:30 - 00000000 ___DC () C:\Program Files\Malwarebytes Anti-Malware
2014-07-25 16:30 - 2014-07-25 16:30 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-25 16:30 - 2014-07-25 16:29 - 17292760 ____C (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-25 16:22 - 2005-08-30 23:17 - 00032086 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-25 06:59 - 2007-12-25 18:30 - 00000000 ___DC () C:\WINDOWS\system32\NtmsData
2014-07-25 05:52 - 2005-08-30 23:17 - 02050918 ____C () C:\WINDOWS\WindowsUpdate.log
2014-07-24 23:27 - 2013-10-01 12:14 - 00000000 ___DC () C:\Program Files\IDriveWindows
2014-07-24 19:00 - 2006-09-29 09:58 - 00001036 ____C () C:\WINDOWS\QUICKEN.INI
2014-07-24 18:21 - 2014-07-24 14:25 - 00000000 ___DC () C:\AdwCleaner
2014-07-24 14:48 - 2005-08-30 23:02 - 00000895 ____C () C:\WINDOWS\win.ini
2014-07-24 14:48 - 2005-08-30 17:34 - 00000279 _RSHC () C:\boot.ini
2014-07-24 14:48 - 2005-08-30 15:52 - 00000227 ____C () C:\WINDOWS\system.ini
2014-07-24 14:46 - 2005-08-30 15:55 - 00000259 ____C () C:\WINDOWS\wiadebug.log
2014-07-24 14:45 - 2008-01-11 19:13 - 00352917 _____ () C:\WINDOWS\system32\vsconfig.xml
2014-07-24 14:45 - 2005-11-14 20:58 - 00000000 ___DC () C:\WINDOWS\Registration
2014-07-24 14:45 - 2005-08-30 23:06 - 00001158 ____C () C:\WINDOWS\system32\wpa.dbl
2014-07-24 14:44 - 2005-08-30 15:55 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2014-07-24 14:43 - 2014-04-17 17:33 - 00000244 ____C () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-07-24 14:43 - 2011-05-19 15:11 - 00000902 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-24 14:43 - 2005-08-30 23:17 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2014-07-24 14:30 - 2010-12-22 17:06 - 00284454 ____C () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-07-24 14:30 - 2008-01-11 19:20 - 280074272 ___SH () C:\WINDOWS\system32\Drivers\fidbox.dat
2014-07-24 14:30 - 2008-01-11 19:20 - 03225692 ___SH () C:\WINDOWS\system32\Drivers\fidbox.idx
2014-07-24 14:30 - 2007-02-16 12:26 - 00000278 __SHC () C:\Documents and Settings\HP_Administrator\ntuser.ini
2014-07-24 14:25 - 2014-07-24 14:25 - 01354223 ____C () C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe
2014-07-23 16:40 - 2014-07-23 16:40 - 00000928 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Revo Uninstaller.lnk
2014-07-23 16:40 - 2014-07-23 16:40 - 00000000 ___DC () C:\Program Files\VS Revo Group
2014-07-23 06:59 - 2014-07-23 06:58 - 00216060 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Addition.txt
2014-07-23 06:38 - 2014-07-23 06:37 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2014-07-23 06:38 - 2012-05-08 18:01 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service
2014-07-22 15:00 - 2014-07-21 15:30 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\TEMP
2014-07-21 18:59 - 2014-01-21 10:54 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\dj-Wylie
2014-07-21 18:33 - 2007-03-29 10:54 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Hermann
2014-07-21 18:31 - 2013-08-17 11:05 - 00000334 ____C () C:\WINDOWS\BRCALIB.INI
2014-07-21 16:21 - 2012-10-09 18:13 - 00699056 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-21 16:21 - 2011-05-24 11:39 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-21 15:00 - 2014-07-21 15:00 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-07-21 15:00 - 2006-09-29 09:23 - 00000000 ___DC () C:\Program Files\Java
2014-07-21 08:48 - 2008-06-22 14:22 - 00000284 ____C () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-07-18 08:54 - 2012-04-13 17:35 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Manuals
2014-07-17 15:12 - 2010-04-08 10:23 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\dj
2014-07-16 09:43 - 2014-07-16 09:43 - 00701217 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Purdue Trip 2014.htm
2014-07-16 09:43 - 2014-07-16 09:43 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Desktop\Purdue Trip 2014_files
2014-07-13 18:23 - 2013-06-22 17:49 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\2719 Cochran
2014-07-13 15:38 - 2007-08-13 20:32 - 00000069 ____C () C:\WINDOWS\NeroDigital.ini
2014-07-12 01:40 - 2009-08-25 09:23 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Application Data\HpUpdate
2014-07-11 10:30 - 2013-11-18 18:07 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\RHN
2014-07-11 03:02 - 2014-07-21 15:00 - 00096680 ____C (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-07-11 02:56 - 2014-07-21 15:00 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-07-11 02:55 - 2014-07-21 15:00 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-07-10 16:48 - 2014-07-10 16:46 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Auto
2014-07-10 15:09 - 2013-02-05 19:03 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Application Data\vlc
2014-07-09 16:31 - 2012-03-07 18:24 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Ham Radio
2014-07-08 15:00 - 2014-04-17 17:33 - 00000238 ____C () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-07-08 14:32 - 2013-08-16 12:15 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-07-05 17:10 - 2006-09-29 09:44 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\HP

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mny11E.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\optprosetup.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\RocketSilent.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\vlc-2.1.3-win32.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is150.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is151.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is42.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is43.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is559.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Link to post
Share on other sites

Hi,

Step 1

Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!
Link to post
Share on other sites

Done.

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=59ddf5794f21554fa2f6a256a9ef3136
# engine=19364
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-27 03:29:41
# local_time=2014-07-26 10:29:41 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode_1='ZoneAlarm Antivirus'
# compatibility_mode=9217 16777213 100 67 189811657 190710925 0 0
# scanned=275976
# found=9
# cleaned=0
# scan_time=10224
sh=374ED059A53890FE8C9A2C1A2BD26DCC94E49528 ft=1 fh=4e86c3c8e568e45b vn="a variant of Win32/DealPly.S potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\HP_Administrator\Application Data\RocketUpdater\UpdateProc\UpdateTask.exe.vir"
sh=1A949787D773DE08D960528218C25899B0CCE03B ft=1 fh=f52f5fd5fa2ebc0a vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\AskSearch\bin\DefaultSearch.dll.vir"
sh=23A0EBE2FE476174AC21845B2428E42B11927D39 ft=1 fh=a5ec0a00d420b187 vn="multiple threats" ac=I fn="C:\Documents and Settings\HP_Administrator\Local Settings\Temp\optprosetup.exe"
sh=3BE560CDC0F36F74B245A33ED281DD4882DBE81D ft=1 fh=0140ebeaff055f21 vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\RECYCLER\S-1-5-21-2562346610-408318716-2502678116-1007\Dc512.exe"
sh=231EA236006F79914B24FE24B08305E6DD1CF550 ft=1 fh=1a950294597c300e vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater\temp\~wt2A1.tmp"
sh=10F3A099659C939AC16F77DFEAFF64308E4FBA2A ft=1 fh=b96d12efa3d34c48 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\WINDOWS\Temp\youtubedownloaderToolbar.exe"
sh=1D86D816F3D7FD52E13EE21612D52C6D35DF5067 ft=1 fh=bdc7678aea3934e4 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\WINDOWS\Temp\ytdToolbar.exe"
sh=DF6CA5A78F2A55AC562C3D6B614AD96F5E2DB9B6 ft=1 fh=6f1c659b29064956 vn="a variant of Win32/AdInstaller potentially unwanted application" ac=I fn="E:\I386\APPS\APP23866\src\CompaqPresario_Spring06.exe"
sh=1F0C7A834BC3BBA49A793D14CDC968144EAAB5C6 ft=1 fh=5d88b9eb43c017aa vn="a variant of Win32/AdInstaller potentially unwanted application" ac=I fn="E:\I386\APPS\APP23866\src\HPPavillion_Spring06.exe"
 

Link to post
Share on other sites

Hi,

Step 1

frst.pngfrstfix.png

Please download the attached fixlist txt.gif and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.

    Please copy and paste its contents in your next reply.

fixlist.txt

That's it! abklatsch.gif

Your logs look clean to me at the moment. icon_thumb.gif

We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.

My help is free for everybody.

If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif

Thank you!

Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.

The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Flash Player 10 ActiveX

Google Chrome 27

Internet Explorer Version 6

http://windows.microsoft.com/en-us/windows/how-to-turn-internet-explorer-off

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-07-2014
Ran by HP_Administrator at 2014-07-27 13:30:02 Run:1
Running from C:\Documents and Settings\HP_Administrator\Desktop
Boot Mode: Normal

==============================================

I have a feeling I didn't do this right.  FRST is on my desktop so that is where I put your fix list.  Does this look right?

 

Content of fixlist:
*****************
HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe
C:\ProgramData\6XDvn37n
S2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]
*****************

HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe => Value not found.
"C:\ProgramData\6XDvn37n" => File/Directory not found.
vToolbarUpdater18.0.0 => Service not found.

==== End of Fixlog ====

Link to post
Share on other sites

Ok.  I think this may be better.  I really appreciate the help.

 

I'd love to buy you a beer.  First I'd like to know something about you, like where you work or go to school, if you have a family, do you ever travel to the U.S., Texas? etc.  How and why did you get into helping folks like me?  How much is a beer in Germany? :)

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-07-2014
Ran by HP_Administrator at 2014-07-27 13:50:22 Run:2
Running from C:\Documents and Settings\HP_Administrator\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
FF DefaultSearchEngine: WSE Rocket
FF SelectedSearchEngine: WSE Rocket
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF NetworkProxy: "no_proxies_on", "*.local"
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...LION&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...LION&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...LION&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...LION&pf=desktop
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...LION&pf=desktop
C:\Windows\Tasks\At1.job


*****************

Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
Firefox Proxy settings were reset.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
C:\Windows\Tasks\At1.job => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.