Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2013
Ran by home (administrator) on 08-06-2013 23:14:51
Running from G:\
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(PCtel, Inc.) C:\WINDOWS\system32\pctspk.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() C:\Program Files\SoftwareUpdater\UpdaterService.exe
() C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
(Seagate Technology LLC) C:\Program Files\Seagate Replica\bin\ReplicaSysMon.exe
(Seagate Technology LLC) C:\Program Files\Seagate Replica\bin\Seagate-Replica-Svc.exe
(Seagate Technology LLC) C:\Program Files\Seagate Replica\bin\Seagate-Replica-Autoplay.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Seagate Technology LLC) C:\Program Files\Seagate Replica\bin\Seagate-Replica-Tray.exe
(Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
() C:\Program Files\SoftwareUpdater\AppsUpdater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" [1304296 2012-12-18] (Trend Micro Inc.)
HKLM\...\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a [883272 2010-07-15] (ATT)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [133424 2012-02-27] (Trend Micro Inc.)
MountPoints2: D - D:\WIN\setup.exe
MountPoints2: {86259900-cfd9-11e2-ae3b-0040f4b1ff29} - D:\WIN\setup.exe
MountPoints2: {d90283c2-c804-11e2-ae28-ddbddd7d607a} - D:\autorun.exe
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-10-09] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-10-09] (Nero AG)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\home\Start Menu\Programs\Startup\Seagate Product Registration.lnk
ShortcutTarget: Seagate Product Registration.lnk -> C:\Documents and Settings\home\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe (Leader Technologies/Seagate)
Startup: C:\Documents and Settings\home\Start Menu\Programs\Startup\tcbhn.lnk
ShortcutTarget: tcbhn.lnk -> C:\Documents and Settings\home\Application Data\BrowserCompanion\tcbhn.exe (No File)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
ProxyServer: 169.254.103.158:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: AlterGeoBHO Class - {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} - C:\Program Files\AlterGeo\AlterGeo Magic Scanner\3.2.1.742\AlterGeo.BrowserPlugin.dll (Wi2Geo)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: AlxHelper Class - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
Toolbar: HKCU -No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU -No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU -No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File
Toolbar: HKCU -No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}
http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147}
http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WIFD1F~1\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog5 05 %SystemRoot%\System32\nwprovau.dll [142336] (Microsoft Corporation)
Winsock: Catalog9 01 bmnet.dll [142336] (Microsoft Corporation)
Winsock: Catalog9 02 bmnet.dll [142336] (Microsoft Corporation)
Winsock: Catalog9 03 bmnet.dll [142336] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
FireFox:
========
FF ProfilePath: C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default
FF SearchEngine: Bing
FF Homepage: hxxp://
www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin:
google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: Babylon - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\
ffxtlbr@babylon.com
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: ??????? @Mail.Ru - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: Playdom Community Toolbar - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}
FF Extension: Zynga Community Toolbar - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF Extension: personas - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\
personas@christopher.beard.xpi
FF Extension: No Name - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi
FF Extension: No Name - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-27] (Akamai Technologies, Inc.)
S3 ATTRcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [121416 2010-07-15] (SmithMicro Inc.)
R2 NwSapAgent; C:\Windows\System32\ipxsap.dll [66560 2004-08-04] (Microsoft Corporation)
R2 Pctspk; C:\Windows\system32\pctspk.exe [86016 2001-08-17] (PCtel, Inc.)
R2 ReplicaSysMon; C:\Program Files\Seagate Replica\bin\ReplicaSysMon.exe [416208 2010-06-08] (Seagate Technology LLC)
R2 Seagate-Replica-Svc; C:\Program Files\Seagate Replica\bin\Seagate-Replica-Svc.exe [1947600 2010-06-08] (Seagate Technology LLC)
R2 SrvUpdater; C:\Program Files\SoftwareUpdater\UpdaterService.exe [31744 2013-02-18] ()
R2 Updater Service for AMZN; C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2012-05-22] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S2 BrowserProtect; C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
==================== Drivers (Whitelisted) ====================