rhnj22 Posted July 22, 2014 ID:856401 Share Posted July 22, 2014 I tried to download a Java update and must have gotten tricked. Now I have WSE Rocket, PC Utilities Pro - Optimizer Pro and god knows what else. Big mistake. Of course I don't see any of this stuff in the control panel removal tool. Can you help me get rid of this stuff? Link to post Share on other sites More sharing options...
deeprybka Posted July 22, 2014 ID:856410 Share Posted July 22, 2014 Hi & My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully. My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1 Please run a FRST scan. This will help us diagnose your problem. Please download Farbar Recovery Scan Tool and save it to your Desktop. (If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply. Link to post Share on other sites More sharing options...
rhnj22 Posted July 23, 2014 Author ID:856723 Share Posted July 23, 2014 Ok, thanks, Jurgen. Here are the logs I think you are asking for from the scan. Let me know if I did something wrong. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-07-2014 01Ran by HP_Administrator (administrator) on MEDIACENTER1 on 23-07-2014 06:56:45Running from C:\Documents and Settings\HP_Administrator\DesktopPlatform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)Internet Explorer Version 6Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(Zone Labs, LLC) C:\WINDOWS\system32\ZoneLabs\vsmon.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Brother Industries, Ltd.) C:\WINDOWS\system32\Brmfrmps.exe(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe() C:\Program Files\IDriveWindows\idwservice_600.exe() C:\WINDOWS\system32\PSIService.exe() C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel Corporation) C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe( ) C:\Program Files\IDriveWindows\idw_web.exe(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe(Zone Labs, LLC) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe(Pro Softnet Corporation) C:\Program Files\IDriveWindows\idwbg_600.exe(Prosoftnet Corp) C:\Program Files\IDriveWindows\idrivetray.exe(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe(Google Inc.) C:\Program Files\Picasa2\PicasaMediaDetector.exe(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe(Storage Appliance Corp.) C:\Documents and Settings\All Users\Application Data\Clickfree\cfagent.exe(SAC) C:\Documents and Settings\All Users\Application Data\Clickfree\HDDV2USB3\reminder\SacReminder.exe(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe() C:\Brother\BPRSP\resources\BrSupSsp.exe(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe(Tiger Technologies) C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe(Microsoft Corporation) C:\WINDOWS\system32\freecell.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe==================== Registry (Whitelisted) ==================HKLM\...\Policies\Explorer: [NoCDBurning] 0HKU\.DEFAULT\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2007-09-27] (Google Inc.)HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [TClockEx] => C:\Program Files\TClockEx\TCLOCKEX.EXE [89088 2000-03-09] (Dale Nurden)HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetectorHKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [19662744 2013-04-16] (Google)HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [ClickfreeMonitor] => c:\documents and settings\all users\application data\Clickfree\cfagent.exe [354632 2013-06-05] (Storage Appliance Corp.)HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [sacReminderHDDV2] => C:\Documents and Settings\All Users\Application Data\Clickfree\HDDV2USB3\reminder\SacReminder.exe [444744 2013-11-29] (SAC)HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro\OptProLauncher.exe [146888 2014-07-13] (PC Utilities Software Limited)HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [Geotag Security] => C:\Program Files\Geotag Security\GeotagSecurity.exe [3941888 2010-09-08] ()HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {3c1d278b-280c-11e0-9a7b-00038a000015} - L:\VZAccess_Manager.exe /z detectHKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {7ec5a26b-290c-11dc-8756-00038a000015} - L:\LaunchU3.exe -aHKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {a34d5375-9381-11df-8f10-00038a000015} - L:\StartClickfreeBackup.exeHKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {b4bd432e-0814-11e2-bbb5-00038a000015} - L:\StarterOfficeGuardian.exeHKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {b5ada9d8-f88b-11e3-b852-0018f3a520ea} - L:\StartClickFreeBackup.exeHKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {c008cbc6-e477-11e0-bb91-00038a000015} - L:\ONSPCLCK.exeStartup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Brother BPRSP.lnkShortcutTarget: Brother BPRSP.lnk -> C:\WINDOWS\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe (Flexera Software LLC)Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnkShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnkShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\DeskFlag.lnkShortcutTarget: DeskFlag.lnk -> C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe (Tiger Technologies)ShellIconOverlayIdentifiers: Carbonite.Blue -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: Carbonite.Red -> {01CCCC8C-1D50-4b13-B96D-4B922DD3128B} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktopHKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieHKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.aol.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rocket-find.com/?f=1&a=rckt_dnldstr_14_30_ff&cd=2XzuyEtN2Y1L1QzutDtD0CtD0Azz0CyDyE0BtD0EyE0Fzz0EtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyD0FtAzytDyC0AtGtA0FtBtCtGtC0BtB0AtG0E0CyE0BtGyC0DyDtA0BtCzzzztA0C0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0FyCzzyD0FtB0DtGyByBtBtAtG0AyC0DzytG0E0FtAyCtGtCzyyEtB0DyE0DyEyB0DyD0E2Q&cr=1731681561&ir=HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktopHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101703&gct=&gc=1&q=HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktopHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktopHKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktopURLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No FileURLSearchHook: HKCU - DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()SearchScopes: HKLM - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dnldstr_14_30_ff&cd=2XzuyEtN2Y1L1QzutDtD0CtD0Azz0CyDyE0BtD0EyE0Fzz0EtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyD0FtAzytDyC0AtGtA0FtBtCtGtC0BtB0AtG0E0CyE0BtGyC0DyDtA0BtCzzzztA0C0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0FyCzzyD0FtB0DtGyByBtBtAtG0AyC0DzytG0E0FtAyCtGtCzyyEtB0DyE0DyEyB0DyD0E2Q&cr=1731681561&ir=SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dnldstr_14_30_ff&cd=2XzuyEtN2Y1L1QzutDtD0CtD0Azz0CyDyE0BtD0EyE0Fzz0EtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyD0FtAzytDyC0AtGtA0FtBtCtGtC0BtB0AtG0E0CyE0BtGyC0DyDtA0BtCzzzztA0C0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0FyCzzyD0FtB0DtGyByBtBtAtG0AyC0DzytG0E0FtAyCtGtCzyyEtB0DyE0DyEyB0DyD0E2Q&cr=1731681561&ir=SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dnldstr_14_30_ff&cd=2XzuyEtN2Y1L1QzutDtD0CtD0Azz0CyDyE0BtD0EyE0Fzz0EtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyD0FtAzytDyC0AtGtA0FtBtCtGtC0BtB0AtG0E0CyE0BtGyC0DyDtA0BtCzzzztA0C0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0FyCzzyD0FtB0DtGyByBtBtAtG0AyC0DzytG0E0FtAyCtGtCzyyEtB0DyE0DyEyB0DyD0E2Q&cr=1731681561&ir=SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dnldstr_14_30_ff&cd=2XzuyEtN2Y1L1QzutDtD0CtD0Azz0CyDyE0BtD0EyE0Fzz0EtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyD0FtAzytDyC0AtGtA0FtBtCtGtC0BtB0AtG0E0CyE0BtGyC0DyDtA0BtCzzzztA0C0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0FyCzzyD0FtB0DtGyByBtBtAtG0AyC0DzytG0E0FtAyCtGtCzyyEtB0DyE0DyEyB0DyD0E2Q&cr=1731681561&ir=SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=FXTBHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No FileBHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> No FileBHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No FileToolbar: HKLM - Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No FileToolbar: HKCU - Foxit Toolbar - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204DPF: {C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07} https://insite.mhhs.org/MHHS_Portal_Login_09.cabDPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabHandler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 10.0.0.1FireFox:========FF ProfilePath: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.defaultFF DefaultSearchEngine: WSE RocketFF SelectedSearchEngine: WSE RocketFF Homepage: hxxp://rocket-find.com/?f=1&a=rckt_dnldstr_14_30_ff&cd=2XzuyEtN2Y1L1QzutDtD0CtD0Azz0CyDyE0BtD0EyE0Fzz0EtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyD0FtAzytDyC0AtGtA0FtBtCtGtC0BtB0AtG0E0CyE0BtGyC0DyDtA0BtCzzzztA0C0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0FyCzzyD0FtB0DtGyByBtBtAtG0AyC0DzytG0E0FtAyCtGtCzyyEtB0DyE0DyEyB0DyD0E2Q&cr=1731681561&ir=FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=FF NetworkProxy: "no_proxies_on", "*.local"FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No FileFF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @real.com/nppl3260;version=6.0.11.2852 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\\npViewpoint.dll ()FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF user.js: detected! => C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\user.jsFF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)FF SearchPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\searchplugins\WSE Rocket.xmlFF SearchPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\searchplugins\yahoo_ff.xmlFF Extension: Разпознаване на устройство Logitech - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\DeviceDetection@logitech.com [2011-08-17]FF Extension: Xmarks - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\foxmarks@kei.com [2014-07-13]FF Extension: Screengrab - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010-07-02]FF Extension: Garmin Communicator - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-14]FF Extension: Abine - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{b58ca710-f62c-4f38-a0e8-cc9b177463e5} [2012-09-06]FF Extension: DownloadHelper - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-28]FF Extension: Adobe DLM (powered by getPlus®) - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-03-09]FF Extension: Ask Toolbar for Firefox - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010-03-03]FF Extension: Rocket New Tab - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{ecaa9181-d92a-47b9-8e14-bef9680f204b} [2014-07-21]FF Extension: InvisibleHand - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2011-04-15]FF Extension: Ciuvo - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\extension@ciuvo.com.xpi [2012-02-10]FF Extension: PriceBlink - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\info@priceblink.com.xpi [2012-05-03]FF Extension: iReader - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\ireader@samabox.com.xpi [2011-04-15]FF Extension: Awesome screenshot: Capture and Annotate - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2013-10-17]FF Extension: Morning Coffee - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\morningCoffee@shaneliesegang.xpi [2011-04-15]FF Extension: SimplyRead - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\simplyread@njw.me.uk.xpi [2012-05-17]FF Extension: FlashGot - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-07-17]FF Extension: NoScript - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-14]FF Extension: Address Bar Search - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-25]FF Extension: Easy YouTube Video Downloader - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012-07-17]FF Extension: Adblock Plus - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-19]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-07]Chrome:=======CHR HomePage: hxxp://www.google.comCHR RestoreOnStartup: "hxxp://www.google.com"CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (getPlusPlus for Adobe 16263) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No FileCHR Plugin: (Java Platform SE 7 U55) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No FileCHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\\npViewpoint.dll ()CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll No FileCHR Extension: (Google Drive) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]CHR Extension: (YouTube) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-25]CHR Extension: (Google Search) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-16]CHR Extension: (Domain Error Assistant) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-07-17]CHR Extension: (Slick Savings) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-07-17]CHR Extension: (Gmail) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-16]CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\HP_ADM~1\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-01]========================== Services (Whitelisted) =================R2 brmfrmps; C:\WINDOWS\system32\Brmfrmps.exe [65536 2003-03-19] (Brother Industries, Ltd.) [File not signed]R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.) [File not signed]R2 ca82e1a5; c:\Program Files\Optimizer Pro\OptProCrash.dll [3927496 2014-07-21] ()R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [5049352 2013-10-10] (Carbonite, Inc. (www.carbonite.com))S4 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) [File not signed]R2 ELService; C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe [180224 2006-06-02] (Intel Corporation) [File not signed]S4 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [77824 2002-01-29] () [File not signed]S4 EPSONStatusAgent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [94208 2002-07-17] (SEIKO EPSON CORPORATION) [File not signed]R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [67360 2010-02-19] (NOS Microsystems Ltd.)R2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [90112 2006-07-06] (Intel Corporation) [File not signed]S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]R2 IDriveService; C:\Program Files\IDriveWindows\idwservice_600.exe [182872 2013-09-18] ()S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [49152 2006-06-21] (Hewlett-Packard Company) [File not signed]S4 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]S2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [159810 2007-04-19] (NVIDIA Corporation) [File not signed]R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] () [File not signed]R2 SqueezeMySQL; C:\Program Files\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe [4149248 2011-01-24] () [File not signed]S4 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1245064 2008-03-27] ()S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)R2 vsmon; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [75304 2008-07-09] (Zone Labs, LLC)S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)S2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [X]S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]==================== Drivers (Whitelisted) ====================R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2009-01-13] (Windows ® 2000 DDK provider) [File not signed]S3 brfilt; C:\WINDOWS\System32\Drivers\Brfilt.sys [2944 2001-08-17] (Brother Industries Ltd.)S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)S3 BrUsbScn; C:\WINDOWS\System32\Drivers\BrUsbScn.sys [10368 2001-08-17] (Brother Industries Ltd.)S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)R3 ELacpi; C:\WINDOWS\System32\DRIVERS\ELacpi.sys [9728 2006-05-10] (Intel Corporation)R1 ELhid; C:\WINDOWS\System32\Drivers\Elhid.sys [10112 2006-05-10] (Intel Corporation) [File not signed]R1 ELkbd; C:\WINDOWS\System32\Drivers\Elkbd.sys [6912 2006-05-10] (Intel Corporation) [File not signed]R1 ELmon; C:\WINDOWS\System32\Drivers\Elmon.sys [7040 2006-05-10] (Intel Corporation) [File not signed]R1 ELmou; C:\WINDOWS\System32\Drivers\Elmou.sys [6400 2006-05-10] (Intel Corporation) [File not signed]S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [62216 2012-09-19] (FTDI Ltd.)S3 GoProto; C:\WINDOWS\System32\DRIVERS\goprot51.sys [28672 2008-03-14] (Gteko Ltd.) [File not signed]S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)R3 hcwPP2; C:\WINDOWS\System32\DRIVERS\hcwPP2.sys [168064 2006-04-13] (Hauppauge Computer Works, Inc.)R3 HSX_DP; C:\WINDOWS\System32\DRIVERS\HSX_DP.sys [936448 2005-12-06] (Conexant Systems, Inc.)S3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46848 2013-07-16] (Microsoft Corporation)R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [127768 2007-07-19] (Kaspersky Lab)S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-07] (Malwarebytes Corporation)S3 mf; C:\WINDOWS\System32\DRIVERS\mf.sys [63744 2008-04-13] (Microsoft Corporation)S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]R2 mrtRate; C:\WINDOWS\system32\Drivers\mrtRate.sys [34916 1999-08-10] (Marimba, Inc.) [File not signed]S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [42000 2007-04-25] (CACE Technologies)S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)S3 SDDMI2; C:\WINDOWS\system32\DDMI2.sys [6977 2004-06-09] (Gteko Ltd.) [File not signed]R0 srescan; C:\WINDOWS\System32\ZoneLabs\srescan.sys [51176 2008-02-27] (Zone Labs, LLC)R2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2006-09-29] (Symantec Corporation)S3 ubloxusb; C:\WINDOWS\System32\DRIVERS\ubloxusb.sys [75264 2009-05-19] (u-blox AG)S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed]R1 vsdatant; C:\WINDOWS\System32\vsdatant.sys [394952 2008-07-09] (Zone Labs, LLC)R3 winachsx; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [670208 2005-12-06] (Conexant Systems, Inc.)R3 WN5301; C:\WINDOWS\System32\DRIVERS\wn5301.sys [468768 2005-10-05] (Liteon Technology Inc.)S3 ATWPKT2; \??\C:\PROGRA~1\COMMON~1\AOL\ACS\ATWPKT2.SYS [X]S0 ftsata2; system32\DRIVERS\ftsata2.sys [X]U0 Pml Driver HPZ12;U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)S3 SymIM; system32\DRIVERS\SymIM.sys [X]S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]S3 wanatw; system32\DRIVERS\wanatw4.sys [X]U1 WS2IFSL;==================== NetSvcs (Whitelisted) ===================NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)==================== One Month Created Files and Folders ========2014-07-23 06:56 - 2014-07-23 06:57 - 00036146 ____C () C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt2014-07-23 06:56 - 2014-07-23 06:56 - 00000000 ___DC () C:\FRST2014-07-23 06:54 - 2014-07-23 06:54 - 01082368 ____C (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe2014-07-23 06:37 - 2014-07-23 06:38 - 00000000 ___DC () C:\Program Files\Mozilla Firefox2014-07-21 15:30 - 2014-07-22 15:00 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\TEMP2014-07-21 15:30 - 2014-07-21 15:30 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Optimizer Pro2014-07-21 15:30 - 2014-07-21 15:30 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Application Data\Optimizer Pro2014-07-21 15:19 - 2014-07-23 06:20 - 00000420 ____C () C:\WINDOWS\Tasks\At1.job2014-07-21 15:19 - 2014-07-21 15:24 - 00000000 ___DC () C:\Program Files\Optimizer Pro2014-07-21 15:19 - 2014-07-21 15:24 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro v3.22014-07-21 15:19 - 2014-07-21 15:19 - 00000748 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Optimizer Pro.lnk2014-07-21 15:19 - 2014-07-21 15:19 - 00000000 ___DC () C:\Program Files\WSE Rocket2014-07-21 15:19 - 2014-07-21 15:19 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Application Data\RocketUpdater2014-07-21 15:00 - 2014-07-21 15:00 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Java2014-07-21 15:00 - 2014-07-11 03:02 - 00096680 ____C (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll2014-07-21 15:00 - 2014-07-11 02:56 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\system32\javaw.exe2014-07-21 15:00 - 2014-07-11 02:55 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\system32\java.exe2014-07-16 09:43 - 2014-07-16 09:43 - 00701217 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Purdue Trip 2014.htm2014-07-16 09:43 - 2014-07-16 09:43 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Desktop\Purdue Trip 2014_files2014-07-10 16:46 - 2014-07-10 16:48 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Auto==================== One Month Modified Files and Folders =======2014-07-23 06:57 - 2014-07-23 06:56 - 00036146 ____C () C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt2014-07-23 06:57 - 2007-02-16 12:26 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Local Settings\Temp2014-07-23 06:56 - 2014-07-23 06:56 - 00000000 ___DC () C:\FRST2014-07-23 06:54 - 2014-07-23 06:54 - 01082368 ____C (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe2014-07-23 06:46 - 2011-05-19 15:11 - 00000906 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-07-23 06:38 - 2014-07-23 06:37 - 00000000 ___DC () C:\Program Files\Mozilla Firefox2014-07-23 06:38 - 2012-05-08 18:01 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service2014-07-23 06:22 - 2013-02-17 11:46 - 00000830 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-07-23 06:20 - 2014-07-21 15:19 - 00000420 ____C () C:\WINDOWS\Tasks\At1.job2014-07-22 23:29 - 2013-10-01 12:14 - 00000000 ___DC () C:\Program Files\IDriveWindows2014-07-22 16:09 - 2005-08-30 23:17 - 01915479 ____C () C:\WINDOWS\WindowsUpdate.log2014-07-22 15:00 - 2014-07-21 15:30 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\TEMP2014-07-22 11:22 - 2005-08-30 23:17 - 00031824 _____ () C:\WINDOWS\SchedLgU.Txt2014-07-21 18:59 - 2014-01-21 10:54 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\dj-Wylie2014-07-21 18:33 - 2007-03-29 10:54 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Hermann2014-07-21 18:31 - 2013-08-17 11:05 - 00000334 ____C () C:\WINDOWS\BRCALIB.INI2014-07-21 16:21 - 2012-10-09 18:13 - 00699056 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2014-07-21 16:21 - 2011-05-24 11:39 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl2014-07-21 16:13 - 2005-08-30 15:55 - 00000259 ____C () C:\WINDOWS\wiadebug.log2014-07-21 16:10 - 2005-08-30 23:06 - 00001158 ____C () C:\WINDOWS\system32\wpa.dbl2014-07-21 16:10 - 2005-08-30 23:02 - 00000895 ____C () C:\WINDOWS\win.ini2014-07-21 16:10 - 2005-08-30 17:34 - 00000279 _RSHC () C:\boot.ini2014-07-21 16:10 - 2005-08-30 15:52 - 00000227 ____C () C:\WINDOWS\system.ini2014-07-21 16:08 - 2008-01-11 19:13 - 00352917 _____ () C:\WINDOWS\system32\vsconfig.xml2014-07-21 16:08 - 2005-11-14 20:58 - 00000000 ___DC () C:\WINDOWS\Registration2014-07-21 16:08 - 2005-08-30 15:55 - 00000049 ____C () C:\WINDOWS\wiaservc.log2014-07-21 16:07 - 2014-04-17 17:33 - 00000244 ____C () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job2014-07-21 16:07 - 2011-05-19 15:11 - 00000902 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-07-21 16:07 - 2005-08-30 23:17 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT2014-07-21 15:30 - 2014-07-21 15:30 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Optimizer Pro2014-07-21 15:30 - 2014-07-21 15:30 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Application Data\Optimizer Pro2014-07-21 15:24 - 2014-07-21 15:19 - 00000000 ___DC () C:\Program Files\Optimizer Pro2014-07-21 15:24 - 2014-07-21 15:19 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro v3.22014-07-21 15:19 - 2014-07-21 15:19 - 00000748 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Optimizer Pro.lnk2014-07-21 15:19 - 2014-07-21 15:19 - 00000000 ___DC () C:\Program Files\WSE Rocket2014-07-21 15:19 - 2014-07-21 15:19 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Application Data\RocketUpdater2014-07-21 15:00 - 2014-07-21 15:00 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Java2014-07-21 15:00 - 2006-09-29 09:23 - 00000000 ___DC () C:\Program Files\Java2014-07-21 08:48 - 2008-06-22 14:22 - 00000284 ____C () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job2014-07-19 09:05 - 2007-12-25 18:30 - 00000000 ___DC () C:\WINDOWS\system32\NtmsData2014-07-18 09:11 - 2006-09-29 09:58 - 00001036 ____C () C:\WINDOWS\QUICKEN.INI2014-07-18 08:54 - 2012-04-13 17:35 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Manuals2014-07-17 15:12 - 2010-04-08 10:23 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\dj2014-07-16 09:43 - 2014-07-16 09:43 - 00701217 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Purdue Trip 2014.htm2014-07-16 09:43 - 2014-07-16 09:43 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Desktop\Purdue Trip 2014_files2014-07-13 18:23 - 2013-06-22 17:49 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\2719 Cochran2014-07-13 15:38 - 2007-08-13 20:32 - 00000069 ____C () C:\WINDOWS\NeroDigital.ini2014-07-12 01:40 - 2009-08-25 09:23 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Application Data\HpUpdate2014-07-11 10:30 - 2013-11-18 18:07 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\RHN2014-07-11 03:02 - 2014-07-21 15:00 - 00096680 ____C (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll2014-07-11 02:56 - 2014-07-21 15:00 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\system32\javaw.exe2014-07-11 02:55 - 2014-07-21 15:00 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\system32\java.exe2014-07-10 16:48 - 2014-07-10 16:46 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Auto2014-07-10 15:09 - 2013-02-05 19:03 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Application Data\vlc2014-07-09 16:31 - 2012-03-07 18:24 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Ham Radio2014-07-08 15:00 - 2014-04-17 17:33 - 00000238 ____C () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job2014-07-08 14:32 - 2013-08-16 12:15 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Package Cache2014-07-08 14:22 - 2008-01-11 19:20 - 280074272 ___SH () C:\WINDOWS\system32\Drivers\fidbox.dat2014-07-05 17:10 - 2006-09-29 09:44 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\HPFiles to move or delete:====================C:\Windows\Tasks\At1.jobSome content of TEMP:====================C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u51-windows-i586-iftw.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u55-windows-i586-iftw.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u65-windows-i586-iftw.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\mny11E.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\optprosetup.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\RocketSilent.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\vlc-2.1.3-win32.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is150.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is151.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is42.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is43.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is559.exe==================== Bamital & volsnap Check =================C:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed==================== End Of Log ============================ Link to post Share on other sites More sharing options...
rhnj22 Posted July 23, 2014 Author ID:856726 Share Posted July 23, 2014 Jurgen, I'm getting a message that the addition.txt log is too long to post. Link to post Share on other sites More sharing options...
rhnj22 Posted July 23, 2014 Author ID:856742 Share Posted July 23, 2014 Jurgen, Hopefully the log you need is attached. Let me know.Addition.txt Link to post Share on other sites More sharing options...
deeprybka Posted July 23, 2014 ID:856799 Share Posted July 23, 2014 Hi,you did everything fine! But it has to be mentioned that you use still Windows XP (without an antivirus!) Please read this first:http://windows.microsoft.com/en-us/windows/end-support-helpPlease download and install Revo Uninstaller Freenote: there is no need to click anything on that page, the download will start automaticallyDouble click Revo Uninstaller to run itFrom the list of programs double click on the listed program(s), or anything similar, to remove it:Foxit ToolbarOptimizer Pro v3.2 When prompted if you want to uninstall click YesBe sure the Moderate option is selected then click NextThe program will run, If prompted again click YesWhen the built-in uninstaller is finished click on NextOnce the program has searched for leftovers click NextCheck the items in bold only on the list then click Deletenote: you may have to expand some folders by clicking the "+" markWhen prompted click on Yes and then on NextPut a check on any folders that are found and select DeleteWhen prompted select Yes then NextOnce done click Finish Link to post Share on other sites More sharing options...
rhnj22 Posted July 23, 2014 Author ID:856921 Share Posted July 23, 2014 btw, I forgot to say my name is Russell. Thank you so much for helping me. I guess you know quite a bit about me after reading my logs. I read your attachment. Yes, I still use XP. I am so sorry that it's no longer supported. I have really enjoyed using it. I use programs that will only run on XP and, although I've been using pc's since about 1984 I hate to buy and, worse, learn new programs that don't do anything I need any better than the old one. I tried Vista when it came out and quickly went back to XP. I have a Windows 7 laptop which is ok but won't run my old XP programs. I'm afraid Windows 8 is out of the question for me. I simply don't have the days, weeks or months that it would take me to relearn a new operating system especially since I don't need it. I've been thinking of just disconnecting my XP from the internet and using it to run my old software which does not require an internet connection. Hope this doesn't sound like a rant. It's not intended as such. I believe that I have successfully unstalled the Foxit Toolbar and Optimizer Pro using Revo Uninstall. What shall I do now? Link to post Share on other sites More sharing options...
deeprybka Posted July 24, 2014 ID:857051 Share Posted July 24, 2014 Hi Russell, Now I understand... I've been thinking of just disconnecting my XP from the internet and using it to run my old software which does not require an internet connection.It is an option of course.... Next step: Step 1Please download AdwCleaner (by Xplode) and save it to your Desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select "Run As Administrator"Click on the Scan button.After the scan has finished, click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.Copy and paste the contents of that logfile in your next reply. Link to post Share on other sites More sharing options...
rhnj22 Posted July 24, 2014 Author ID:857349 Share Posted July 24, 2014 Done. # AdwCleaner v3.216 - Report created 24/07/2014 at 14:28:53# Updated 17/07/2014 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : HP_Administrator - MEDIACENTER1# Running from : C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\Documents and Settings\All Users\Application Data\2308189059Folder Deleted : C:\Documents and Settings\All Users\Application Data\ViewpointFolder Deleted : C:\Program Files\AOL ToolbarFolder Deleted : C:\Program Files\AskSearchFolder Deleted : C:\Program Files\GreenTree ApplicationsFolder Deleted : C:\Program Files\ViewpointFolder Deleted : C:\Program Files\WSE RocketFolder Deleted : C:\Program Files\Common Files\SpigotFolder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\RocketUpdaterFolder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\ViewpointFolder Deleted : C:\Documents and Settings\HP_Administrator\My Documents\Optimizer ProFolder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{ecaa9181-d92a-47b9-8e14-bef9680f204b}[!] Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj[!] Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkkFile Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpiFile Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\eBay.lnkFile Deleted : C:\Documents and Settings\HP_Administrator\Favorites\eBay.lnkFile Deleted : C:\Program Files\Mozilla Firefox\Components\AskSearch.jsFile Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\searchplugins\WSE Rocket.xmlFile Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\user.js***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpoojKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkkKey Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlKey Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondaryKey Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMPKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C94E154B-1459-4A47-966B-4B843BEFC7DB}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C94E154B-1459-4A47-966B-4B843BEFC7DB}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Key Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\Optimizer ProKey Deleted : HKCU\Software\RocketUpdaterKey Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\WSE RocketKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\ZugoKey Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKCU\Software\AppDataLow\AskSAKey Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}Key Deleted : HKLM\Software\AskBarDisKey Deleted : HKLM\Software\InstallCoreKey Deleted : HKLM\Software\MetaStreamKey Deleted : HKLM\Software\ViewpointKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayerKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE RocketKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayerKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE RocketKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0FKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF***** [ Browsers ] *****-\\ Internet Explorer v6.0.2900.5512Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL]-\\ Mozilla Firefox v31.0 (x86 en-US)[ File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\prefs.js ]Line Deleted : user_pref("browser.startup.homepage", "hxxp://rocket-find.com/?f=1&a=rckt_dnldstr_14_30_ff&cd=2XzuyEtN2Y1L1QzutDtD0CtD0Azz0CyDyE0BtD0EyE0Fzz0EtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzy[...]Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);-\\ Google Chrome v27.0.1453.94[ File : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoeboDeleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbgDeleted [Extension] : hphibigbodkkohoglgfkddblldpfohjlDeleted [Extension] : icdlfehblmklkikfigmjhbmmpmkmpoojDeleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbejDeleted [Extension] : kincjchfokkeneeofpeefomkikfkiedlDeleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpcDeleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkkDeleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc*************************AdwCleaner[R0].txt - [9283 octets] - [24/07/2014 14:26:05]AdwCleaner[s0].txt - [8488 octets] - [24/07/2014 14:28:53]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8548 octets] ########## Link to post Share on other sites More sharing options...
deeprybka Posted July 24, 2014 ID:857350 Share Posted July 24, 2014 Hi, Step 1 Please download Malwarebytes Anti-Malware and save it to your desktop.Please open Malwarebytes Anti-Malware.Please update the database by clicking on the "Update Now" button.Following the update and click "Settings" and go to "Detection and Protection"Make sure "Scan for Rootkits" is checked.Click on Dashboard, then click on Scan Now to start the scan. (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)A window with an option to view the detailed log will appear. Click on "View Detailed Log".After viewing the results, please click on the "Copy to Clipboard" button and then OK.Return to our forum. Paste your log into your next reply.Step 2 Start FRST with administator privileges.Press the Scan button.When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from. Please copy and paste the log in your next reply. Link to post Share on other sites More sharing options...
rhnj22 Posted July 25, 2014 Author ID:857904 Share Posted July 25, 2014 Done Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 7/25/2014Scan Time: 4:33:46 PMLogfile:Administrator: YesVersion: 2.00.2.1012Malware Database: v2014.07.25.08Rootkit Database: v2014.07.17.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows XP Service Pack 3CPU: x86File System: NTFSUser: HP_AdministratorScan Type: Threat ScanResult: CompletedObjects Scanned: 329195Time Elapsed: 25 min, 9 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 1Rogue.sysCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\WINDOWS\SYSTEM32\MISTERHISTORYDELETER.DLL, 1, Quarantined, [257c2d73d5a6e254e94a5f817b86b34d]Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 3PUP.Optional.GetNow, C:\RECYCLER\S-1-5-21-2562346610-408318716-2502678116-1007\Dc472.exe, Quarantined, [9a07e4bcf18a979f26befa8fbb46a45c],Rogue.sysCleaner, C:\WINDOWS\system32\misterhistorydeleter.dll, Quarantined, [257c2d73d5a6e254e94a5f817b86b34d],PUP.Optional.Ciuvo.A, C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\extensions\extension@ciuvo.com.xpi, Quarantined, [821fd1cf6615063019c713bb936f7f81],Physical Sectors: 0(No malicious items detected)(end) Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014Ran by HP_Administrator (administrator) on MEDIACENTER1 on 25-07-2014 17:57:47Running from C:\Documents and Settings\HP_Administrator\DesktopPlatform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)Internet Explorer Version 6Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Zone Labs, LLC) C:\WINDOWS\system32\ZoneLabs\vsmon.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Brother Industries, Ltd.) C:\WINDOWS\system32\Brmfrmps.exe(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe() C:\Program Files\IDriveWindows\idwservice_600.exe() C:\WINDOWS\system32\PSIService.exe() C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel Corporation) C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe( ) C:\Program Files\IDriveWindows\idw_web.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe(Zone Labs, LLC) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe(Pro Softnet Corporation) C:\Program Files\IDriveWindows\idwbg_600.exe(Prosoftnet Corp) C:\Program Files\IDriveWindows\idrivetray.exe(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe(Google Inc.) C:\Program Files\Picasa2\PicasaMediaDetector.exe(Google) C:\Program Files\Google\Drive\googledrivesync.exe(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe(Storage Appliance Corp.) C:\Documents and Settings\All Users\Application Data\Clickfree\cfagent.exe(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe(SAC) C:\Documents and Settings\All Users\Application Data\Clickfree\HDDV2USB3\reminder\SacReminder.exe() C:\Brother\BPRSP\resources\BrSupSsp.exe(Tiger Technologies) C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe(Google) C:\Program Files\Google\Drive\googledrivesync.exe(Microsoft Corporation) C:\WINDOWS\system32\freecell.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor (the data entry has 100 more characters).HKLM\...\Policies\Explorer: [NoCDBurning] 0HKU\.DEFAULT\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2007-09-27] (Google Inc.)HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [TClockEx] => C:\Program Files\TClockEx\TCLOCKEX.EXE [89088 2000-03-09] (Dale Nurden)HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetectorHKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [19662744 2013-04-16] (Google)HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [ClickfreeMonitor] => c:\documents and settings\all users\application data\Clickfree\cfagent.exe [354632 2013-06-05] (Storage Appliance Corp.)HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [sacReminderHDDV2] => C:\Documents and Settings\All Users\Application Data\Clickfree\HDDV2USB3\reminder\SacReminder.exe [444744 2013-11-29] (SAC)HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\Run: [Geotag Security] => C:\Program Files\Geotag Security\GeotagSecurity.exe [3941888 2010-09-08] ()HKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {3c1d278b-280c-11e0-9a7b-00038a000015} - L:\VZAccess_Manager.exe /z detectHKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {7ec5a26b-290c-11dc-8756-00038a000015} - L:\LaunchU3.exe -aHKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {a34d5375-9381-11df-8f10-00038a000015} - L:\StartClickfreeBackup.exeHKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {b4bd432e-0814-11e2-bbb5-00038a000015} - L:\StarterOfficeGuardian.exeHKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {b5ada9d8-f88b-11e3-b852-0018f3a520ea} - L:\StartClickFreeBackup.exeHKU\S-1-5-21-2562346610-408318716-2502678116-1007\...\MountPoints2: {c008cbc6-e477-11e0-bb91-00038a000015} - L:\ONSPCLCK.exeStartup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Brother BPRSP.lnkShortcutTarget: Brother BPRSP.lnk -> C:\WINDOWS\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe (Flexera Software LLC)Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnkShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnkShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\DeskFlag.lnkShortcutTarget: DeskFlag.lnk -> C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe (Tiger Technologies)ShellIconOverlayIdentifiers: Carbonite.Blue -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: Carbonite.Red -> {01CCCC8C-1D50-4b13-B96D-4B922DD3128B} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktopHKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieHKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.aol.com/HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktopHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktopHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktopHKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktopSearchScopes: HKLM - DefaultScope value is missing.BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No FileBHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> No FileBHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No FileToolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204DPF: {C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07} https://insite.mhhs.org/MHHS_Portal_Login_09.cabDPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabHandler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 10.0.0.1FireFox:========FF ProfilePath: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.defaultFF DefaultSearchEngine: WSE RocketFF SelectedSearchEngine: WSE RocketFF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=FF NetworkProxy: "no_proxies_on", "*.local"FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No FileFF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @real.com/nppl3260;version=6.0.11.2852 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)FF SearchPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\searchplugins\yahoo_ff.xmlFF Extension: Разпознаване на устройство Logitech - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\DeviceDetection@logitech.com [2011-08-17]FF Extension: Xmarks - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\foxmarks@kei.com [2014-07-13]FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\staged [2014-07-25]FF Extension: Screengrab - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010-07-02]FF Extension: Garmin Communicator - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-14]FF Extension: Abine - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{b58ca710-f62c-4f38-a0e8-cc9b177463e5} [2012-09-06]FF Extension: DownloadHelper - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-28]FF Extension: Adobe DLM (powered by getPlus®) - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-03-09]FF Extension: InvisibleHand - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2011-04-15]FF Extension: PriceBlink - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\info@priceblink.com.xpi [2012-05-03]FF Extension: iReader - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\ireader@samabox.com.xpi [2011-04-15]FF Extension: Awesome screenshot: Capture and Annotate - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2013-10-17]FF Extension: Morning Coffee - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\morningCoffee@shaneliesegang.xpi [2011-04-15]FF Extension: SimplyRead - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\simplyread@njw.me.uk.xpi [2012-05-17]FF Extension: FlashGot - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-07-17]FF Extension: NoScript - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-14]FF Extension: Address Bar Search - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-25]FF Extension: Adblock Plus - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5x88zch3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-19]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-07]Chrome:=======CHR HomePage: hxxp://www.google.comCHR RestoreOnStartup: "hxxp://www.google.com"CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (getPlusPlus for Adobe 16263) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No FileCHR Plugin: (Java Platform SE 7 U55) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No FileCHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\\npViewpoint.dll No FileCHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll No FileCHR Extension: (Google Drive) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]CHR Extension: (YouTube) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-25]CHR Extension: (Google Search) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-16]CHR Extension: (Gmail) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-16]CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\HP_ADM~1\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-01]========================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 brmfrmps; C:\WINDOWS\system32\Brmfrmps.exe [65536 2003-03-19] (Brother Industries, Ltd.) [File not signed]R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.) [File not signed]R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [5049352 2013-10-10] (Carbonite, Inc. (www.carbonite.com))S4 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) [File not signed]R2 ELService; C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe [180224 2006-06-02] (Intel Corporation) [File not signed]S4 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [77824 2002-01-29] () [File not signed]S4 EPSONStatusAgent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [94208 2002-07-17] (SEIKO EPSON CORPORATION) [File not signed]R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [67360 2010-02-19] (NOS Microsystems Ltd.)R2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [90112 2006-07-06] (Intel Corporation) [File not signed]S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]R2 IDriveService; C:\Program Files\IDriveWindows\idwservice_600.exe [182872 2013-09-18] ()S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [49152 2006-06-21] (Hewlett-Packard Company) [File not signed]S4 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]S2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [159810 2007-04-19] (NVIDIA Corporation) [File not signed]R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] () [File not signed]R2 SqueezeMySQL; C:\Program Files\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe [4149248 2011-01-24] () [File not signed]S4 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1245064 2008-03-27] ()S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)R2 vsmon; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [75304 2008-07-09] (Zone Labs, LLC)S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)S2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [X]S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2009-01-13] (Windows ® 2000 DDK provider) [File not signed]S3 brfilt; C:\WINDOWS\System32\Drivers\Brfilt.sys [2944 2001-08-17] (Brother Industries Ltd.)S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)S3 BrUsbScn; C:\WINDOWS\System32\Drivers\BrUsbScn.sys [10368 2001-08-17] (Brother Industries Ltd.)S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)R3 ELacpi; C:\WINDOWS\System32\DRIVERS\ELacpi.sys [9728 2006-05-10] (Intel Corporation)R1 ELhid; C:\WINDOWS\System32\Drivers\Elhid.sys [10112 2006-05-10] (Intel Corporation) [File not signed]R1 ELkbd; C:\WINDOWS\System32\Drivers\Elkbd.sys [6912 2006-05-10] (Intel Corporation) [File not signed]R1 ELmon; C:\WINDOWS\System32\Drivers\Elmon.sys [7040 2006-05-10] (Intel Corporation) [File not signed]R1 ELmou; C:\WINDOWS\System32\Drivers\Elmou.sys [6400 2006-05-10] (Intel Corporation) [File not signed]S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [62216 2012-09-19] (FTDI Ltd.)S3 GoProto; C:\WINDOWS\System32\DRIVERS\goprot51.sys [28672 2008-03-14] (Gteko Ltd.) [File not signed]S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)R3 hcwPP2; C:\WINDOWS\System32\DRIVERS\hcwPP2.sys [168064 2006-04-13] (Hauppauge Computer Works, Inc.)R3 HSX_DP; C:\WINDOWS\System32\DRIVERS\HSX_DP.sys [936448 2005-12-06] (Conexant Systems, Inc.)S3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46848 2013-07-16] (Microsoft Corporation)U0 iwttegf; C:\WINDOWS\System32\drivers\fyctdg.sys [52440 2014-07-25] (Malwarebytes Corporation)R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [127768 2007-07-19] (Kaspersky Lab)R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [110296 2014-07-25] (Malwarebytes Corporation)S3 mf; C:\WINDOWS\System32\DRIVERS\mf.sys [63744 2008-04-13] (Microsoft Corporation)S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]R2 mrtRate; C:\WINDOWS\system32\Drivers\mrtRate.sys [34916 1999-08-10] (Marimba, Inc.) [File not signed]S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [42000 2007-04-25] (CACE Technologies)S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)S3 SDDMI2; C:\WINDOWS\system32\DDMI2.sys [6977 2004-06-09] (Gteko Ltd.) [File not signed]R0 srescan; C:\WINDOWS\System32\ZoneLabs\srescan.sys [51176 2008-02-27] (Zone Labs, LLC)R2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2006-09-29] (Symantec Corporation)S3 ubloxusb; C:\WINDOWS\System32\DRIVERS\ubloxusb.sys [75264 2009-05-19] (u-blox AG)S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed]R1 vsdatant; C:\WINDOWS\System32\vsdatant.sys [394952 2008-07-09] (Zone Labs, LLC)R3 winachsx; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [670208 2005-12-06] (Conexant Systems, Inc.)R3 WN5301; C:\WINDOWS\System32\DRIVERS\wn5301.sys [468768 2005-10-05] (Liteon Technology Inc.)S3 ATWPKT2; \??\C:\PROGRA~1\COMMON~1\AOL\ACS\ATWPKT2.SYS [X]S0 ftsata2; system32\DRIVERS\ftsata2.sys [X]U0 Pml Driver HPZ12;U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)S3 SymIM; system32\DRIVERS\SymIM.sys [X]S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]S3 wanatw; system32\DRIVERS\wanatw4.sys [X]U1 WS2IFSL;==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-07-25 17:57 - 2014-07-25 17:57 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Desktop\FRST-OlderVersion2014-07-25 17:52 - 2014-07-25 17:52 - 00052440 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\fyctdg.sys2014-07-25 16:30 - 2014-07-25 16:30 - 00000788 ____C () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2014-07-25 16:30 - 2014-07-25 16:30 - 00000000 ___DC () C:\Program Files\Malwarebytes Anti-Malware2014-07-25 16:30 - 2014-07-25 16:30 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-25 16:30 - 2014-05-12 07:26 - 00053208 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-07-25 16:30 - 2014-05-12 07:25 - 00023256 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-07-25 16:29 - 2014-07-25 16:30 - 17292760 ____C (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-2.0.2.1012.exe2014-07-24 14:27 - 2010-08-30 08:34 - 00536576 ____C (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll2014-07-24 14:25 - 2014-07-24 18:21 - 00000000 ___DC () C:\AdwCleaner2014-07-24 14:25 - 2014-07-24 14:25 - 01354223 ____C () C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe2014-07-23 16:40 - 2014-07-23 16:40 - 00000928 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Revo Uninstaller.lnk2014-07-23 16:40 - 2014-07-23 16:40 - 00000000 ___DC () C:\Program Files\VS Revo Group2014-07-23 06:58 - 2014-07-23 06:59 - 00216060 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Addition.txt2014-07-23 06:56 - 2014-07-25 17:58 - 00031720 ____C () C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt2014-07-23 06:56 - 2014-07-25 17:58 - 00000000 ___DC () C:\FRST2014-07-23 06:54 - 2014-07-25 17:57 - 01084416 ____C (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe2014-07-23 06:37 - 2014-07-23 06:38 - 00000000 ___DC () C:\Program Files\Mozilla Firefox2014-07-21 15:30 - 2014-07-22 15:00 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\TEMP2014-07-21 15:19 - 2014-07-25 17:19 - 00000420 ____C () C:\WINDOWS\Tasks\At1.job2014-07-21 15:00 - 2014-07-21 15:00 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Java2014-07-21 15:00 - 2014-07-11 03:02 - 00096680 ____C (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll2014-07-21 15:00 - 2014-07-11 02:56 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\system32\javaw.exe2014-07-21 15:00 - 2014-07-11 02:55 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\system32\java.exe2014-07-16 09:43 - 2014-07-16 09:43 - 00701217 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Purdue Trip 2014.htm2014-07-16 09:43 - 2014-07-16 09:43 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Desktop\Purdue Trip 2014_files2014-07-10 16:46 - 2014-07-10 16:48 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Auto==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-07-25 17:58 - 2014-07-23 06:56 - 00031720 ____C () C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt2014-07-25 17:58 - 2014-07-23 06:56 - 00000000 ___DC () C:\FRST2014-07-25 17:58 - 2007-02-16 12:26 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Local Settings\Temp2014-07-25 17:57 - 2014-07-25 17:57 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Desktop\FRST-OlderVersion2014-07-25 17:57 - 2014-07-23 06:54 - 01084416 ____C (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe2014-07-25 17:52 - 2014-07-25 17:52 - 00052440 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\fyctdg.sys2014-07-25 17:52 - 2009-12-09 18:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB970430$2014-07-25 17:46 - 2011-05-19 15:11 - 00000906 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-07-25 17:22 - 2013-02-17 11:46 - 00000830 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-07-25 17:19 - 2014-07-21 15:19 - 00000420 ____C () C:\WINDOWS\Tasks\At1.job2014-07-25 16:33 - 2014-03-31 18:33 - 00110296 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-07-25 16:30 - 2014-07-25 16:30 - 00000788 ____C () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2014-07-25 16:30 - 2014-07-25 16:30 - 00000000 ___DC () C:\Program Files\Malwarebytes Anti-Malware2014-07-25 16:30 - 2014-07-25 16:30 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-25 16:30 - 2014-07-25 16:29 - 17292760 ____C (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-2.0.2.1012.exe2014-07-25 16:22 - 2005-08-30 23:17 - 00032086 _____ () C:\WINDOWS\SchedLgU.Txt2014-07-25 06:59 - 2007-12-25 18:30 - 00000000 ___DC () C:\WINDOWS\system32\NtmsData2014-07-25 05:52 - 2005-08-30 23:17 - 02050918 ____C () C:\WINDOWS\WindowsUpdate.log2014-07-24 23:27 - 2013-10-01 12:14 - 00000000 ___DC () C:\Program Files\IDriveWindows2014-07-24 19:00 - 2006-09-29 09:58 - 00001036 ____C () C:\WINDOWS\QUICKEN.INI2014-07-24 18:21 - 2014-07-24 14:25 - 00000000 ___DC () C:\AdwCleaner2014-07-24 14:48 - 2005-08-30 23:02 - 00000895 ____C () C:\WINDOWS\win.ini2014-07-24 14:48 - 2005-08-30 17:34 - 00000279 _RSHC () C:\boot.ini2014-07-24 14:48 - 2005-08-30 15:52 - 00000227 ____C () C:\WINDOWS\system.ini2014-07-24 14:46 - 2005-08-30 15:55 - 00000259 ____C () C:\WINDOWS\wiadebug.log2014-07-24 14:45 - 2008-01-11 19:13 - 00352917 _____ () C:\WINDOWS\system32\vsconfig.xml2014-07-24 14:45 - 2005-11-14 20:58 - 00000000 ___DC () C:\WINDOWS\Registration2014-07-24 14:45 - 2005-08-30 23:06 - 00001158 ____C () C:\WINDOWS\system32\wpa.dbl2014-07-24 14:44 - 2005-08-30 15:55 - 00000049 ____C () C:\WINDOWS\wiaservc.log2014-07-24 14:43 - 2014-04-17 17:33 - 00000244 ____C () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job2014-07-24 14:43 - 2011-05-19 15:11 - 00000902 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-07-24 14:43 - 2005-08-30 23:17 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT2014-07-24 14:30 - 2010-12-22 17:06 - 00284454 ____C () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat2014-07-24 14:30 - 2008-01-11 19:20 - 280074272 ___SH () C:\WINDOWS\system32\Drivers\fidbox.dat2014-07-24 14:30 - 2008-01-11 19:20 - 03225692 ___SH () C:\WINDOWS\system32\Drivers\fidbox.idx2014-07-24 14:30 - 2007-02-16 12:26 - 00000278 __SHC () C:\Documents and Settings\HP_Administrator\ntuser.ini2014-07-24 14:25 - 2014-07-24 14:25 - 01354223 ____C () C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe2014-07-23 16:40 - 2014-07-23 16:40 - 00000928 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Revo Uninstaller.lnk2014-07-23 16:40 - 2014-07-23 16:40 - 00000000 ___DC () C:\Program Files\VS Revo Group2014-07-23 06:59 - 2014-07-23 06:58 - 00216060 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Addition.txt2014-07-23 06:38 - 2014-07-23 06:37 - 00000000 ___DC () C:\Program Files\Mozilla Firefox2014-07-23 06:38 - 2012-05-08 18:01 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service2014-07-22 15:00 - 2014-07-21 15:30 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\TEMP2014-07-21 18:59 - 2014-01-21 10:54 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\dj-Wylie2014-07-21 18:33 - 2007-03-29 10:54 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Hermann2014-07-21 18:31 - 2013-08-17 11:05 - 00000334 ____C () C:\WINDOWS\BRCALIB.INI2014-07-21 16:21 - 2012-10-09 18:13 - 00699056 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2014-07-21 16:21 - 2011-05-24 11:39 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl2014-07-21 15:00 - 2014-07-21 15:00 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Java2014-07-21 15:00 - 2006-09-29 09:23 - 00000000 ___DC () C:\Program Files\Java2014-07-21 08:48 - 2008-06-22 14:22 - 00000284 ____C () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job2014-07-18 08:54 - 2012-04-13 17:35 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Manuals2014-07-17 15:12 - 2010-04-08 10:23 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\dj2014-07-16 09:43 - 2014-07-16 09:43 - 00701217 ____C () C:\Documents and Settings\HP_Administrator\Desktop\Purdue Trip 2014.htm2014-07-16 09:43 - 2014-07-16 09:43 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Desktop\Purdue Trip 2014_files2014-07-13 18:23 - 2013-06-22 17:49 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\2719 Cochran2014-07-13 15:38 - 2007-08-13 20:32 - 00000069 ____C () C:\WINDOWS\NeroDigital.ini2014-07-12 01:40 - 2009-08-25 09:23 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Application Data\HpUpdate2014-07-11 10:30 - 2013-11-18 18:07 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\RHN2014-07-11 03:02 - 2014-07-21 15:00 - 00096680 ____C (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll2014-07-11 02:56 - 2014-07-21 15:00 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\system32\javaw.exe2014-07-11 02:55 - 2014-07-21 15:00 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\system32\java.exe2014-07-10 16:48 - 2014-07-10 16:46 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Auto2014-07-10 15:09 - 2013-02-05 19:03 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\Application Data\vlc2014-07-09 16:31 - 2012-03-07 18:24 - 00000000 ___DC () C:\Documents and Settings\HP_Administrator\My Documents\Ham Radio2014-07-08 15:00 - 2014-04-17 17:33 - 00000238 ____C () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job2014-07-08 14:32 - 2013-08-16 12:15 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Package Cache2014-07-05 17:10 - 2006-09-29 09:44 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\HPFiles to move or delete:====================C:\Windows\Tasks\At1.jobSome content of TEMP:====================C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u51-windows-i586-iftw.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u55-windows-i586-iftw.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u65-windows-i586-iftw.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\mny11E.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\optprosetup.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\Quarantine.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\RocketSilent.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\vlc-2.1.3-win32.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is150.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is151.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is42.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is43.exeC:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is559.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed==================== End Of Log ============================ Link to post Share on other sites More sharing options...
deeprybka Posted July 26, 2014 ID:858042 Share Posted July 26, 2014 Hi, Step 1 Please download the ESET Online Scanner and save it to your Desktop.Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.Start esetsmartinstaller_enu.exe with administartor privileges.Select the option Yes, I accept the Terms of Use and click on Start.Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.Now click on Advanced Settings and select the following:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth TechnologyClick on Start. The virus signature database will begin to download. This may take some time.When completed the Online Scan will begin automatically. Note: This scan might take a long time! Please be patient.When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!Now click on FinishA log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt. Copy and paste the content of this log file in your next reply.Note: Do not forget to re-enable your antivirus application after running the above scan! Link to post Share on other sites More sharing options...
rhnj22 Posted July 27, 2014 Author ID:858610 Share Posted July 27, 2014 Done. ESETSmartInstaller@High as downloader log:all ok# product=EOS# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.7623# api_version=3.0.2# EOSSerial=59ddf5794f21554fa2f6a256a9ef3136# engine=19364# end=finished# remove_checked=false# archives_checked=false# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2014-07-27 03:29:41# local_time=2014-07-26 10:29:41 (-0600, Central Daylight Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode_1='ZoneAlarm Antivirus'# compatibility_mode=9217 16777213 100 67 189811657 190710925 0 0# scanned=275976# found=9# cleaned=0# scan_time=10224sh=374ED059A53890FE8C9A2C1A2BD26DCC94E49528 ft=1 fh=4e86c3c8e568e45b vn="a variant of Win32/DealPly.S potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\HP_Administrator\Application Data\RocketUpdater\UpdateProc\UpdateTask.exe.vir"sh=1A949787D773DE08D960528218C25899B0CCE03B ft=1 fh=f52f5fd5fa2ebc0a vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\AskSearch\bin\DefaultSearch.dll.vir"sh=23A0EBE2FE476174AC21845B2428E42B11927D39 ft=1 fh=a5ec0a00d420b187 vn="multiple threats" ac=I fn="C:\Documents and Settings\HP_Administrator\Local Settings\Temp\optprosetup.exe"sh=3BE560CDC0F36F74B245A33ED281DD4882DBE81D ft=1 fh=0140ebeaff055f21 vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\RECYCLER\S-1-5-21-2562346610-408318716-2502678116-1007\Dc512.exe"sh=231EA236006F79914B24FE24B08305E6DD1CF550 ft=1 fh=1a950294597c300e vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater\temp\~wt2A1.tmp"sh=10F3A099659C939AC16F77DFEAFF64308E4FBA2A ft=1 fh=b96d12efa3d34c48 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\WINDOWS\Temp\youtubedownloaderToolbar.exe"sh=1D86D816F3D7FD52E13EE21612D52C6D35DF5067 ft=1 fh=bdc7678aea3934e4 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\WINDOWS\Temp\ytdToolbar.exe"sh=DF6CA5A78F2A55AC562C3D6B614AD96F5E2DB9B6 ft=1 fh=6f1c659b29064956 vn="a variant of Win32/AdInstaller potentially unwanted application" ac=I fn="E:\I386\APPS\APP23866\src\CompaqPresario_Spring06.exe"sh=1F0C7A834BC3BBA49A793D14CDC968144EAAB5C6 ft=1 fh=5d88b9eb43c017aa vn="a variant of Win32/AdInstaller potentially unwanted application" ac=I fn="E:\I386\APPS\APP23866\src\HPPavillion_Spring06.exe" Link to post Share on other sites More sharing options...
deeprybka Posted July 27, 2014 ID:858720 Share Posted July 27, 2014 Hi, Step 1 Please download the attached fixlist and save it in the same directory as FRST.Start FRST with Administrator privileges.Press the Fix button.When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from. Please copy and paste its contents in your next reply.fixlist.txt That's it! Your logs look clean to me at the moment. We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future. My help is free for everybody. If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: Thank you! Clean Up Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.Download DelFix (by Xplode) and save it to your Desktop.Close all running programs and start delfix.exe.Make sure that all available options are checked.Click on RunDelFix should remove all our tools and delete itself afterwards. I don't need the log file.If there is still something left you can delete it manually.Closing security holes Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date. The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program: Adobe Flash Player 10 ActiveX Google Chrome 27 Internet Explorer Version 6 http://windows.microsoft.com/en-us/windows/how-to-turn-internet-explorer-off Tips I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams. Link to post Share on other sites More sharing options...
rhnj22 Posted July 27, 2014 Author ID:858744 Share Posted July 27, 2014 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-07-2014Ran by HP_Administrator at 2014-07-27 13:30:02 Run:1Running from C:\Documents and Settings\HP_Administrator\DesktopBoot Mode: Normal==============================================I have a feeling I didn't do this right. FRST is on my desktop so that is where I put your fix list. Does this look right? Content of fixlist:*****************HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exeC:\ProgramData\6XDvn37nS2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]*****************HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe => Value not found."C:\ProgramData\6XDvn37n" => File/Directory not found.vToolbarUpdater18.0.0 => Service not found.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
deeprybka Posted July 27, 2014 ID:858749 Share Posted July 27, 2014 Please use the attached fixlist above and download it to your desktop. Link to post Share on other sites More sharing options...
rhnj22 Posted July 27, 2014 Author ID:858754 Share Posted July 27, 2014 Ok. I think this may be better. I really appreciate the help. I'd love to buy you a beer. First I'd like to know something about you, like where you work or go to school, if you have a family, do you ever travel to the U.S., Texas? etc. How and why did you get into helping folks like me? How much is a beer in Germany? Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-07-2014Ran by HP_Administrator at 2014-07-27 13:50:22 Run:2Running from C:\Documents and Settings\HP_Administrator\DesktopBoot Mode: Normal==============================================Content of fixlist:*****************FF DefaultSearchEngine: WSE RocketFF SelectedSearchEngine: WSE RocketFF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=FF NetworkProxy: "no_proxies_on", "*.local"HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...LION&pf=desktopHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...LION&pf=desktopHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...LION&pf=desktopHKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...LION&pf=desktopHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...LION&pf=desktopC:\Windows\Tasks\At1.job*****************Firefox DefaultSearchEngine deleted successfully.Firefox SelectedSearchEngine deleted successfully.Firefox Keyword.URL deleted successfully.Firefox Proxy settings were reset.HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.C:\Windows\Tasks\At1.job => Moved successfully.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
deeprybka Posted July 27, 2014 ID:858780 Share Posted July 27, 2014 Thank you very much! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 31, 2014 Root Admin ID:861086 Share Posted July 31, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts