Aristarcus

Cured the problem but by accident. Was experimenting with desktop backgrounds to see if i could conceal the icon. On the third change the icon disappeared, hopefully never to return. Did this nuisance come from Google? Have already changed to Firefox home page in case it did. Thank you for your efforts.

screenshot here

background colour makes no difference. icon still visible.

Background has not changed. Icon can not be moved or accessed. Is as .bmp file i sent at beginning.

Hi Marius The icon is still present on desktop. Is there a risk if i reinstall Cute PDF writer? thanks Les

LINK1... Results of screen317's Security Check version 1.005 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! PC Cleaner Pro avast! Antivirus ParetoLogic ParetoLogic Internet Security Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Java 8 Update 31 Java version 32-bit out of Date! Adobe Flash Player 18.0.0.209 Adobe Reader XI Mozilla Firefox (39.0) Mozilla Thunderbird 31.7.0 Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Spybot Teatimer.exe is disabled! Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` LINK2... Results of screen317's Security Check version 1.005 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! PC Cleaner Pro avast! Antivirus ParetoLogic ParetoLogic Internet Security Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Java 8 Update 31 Java version 32-bit out of Date! Adobe Flash Player 18.0.0.209 Adobe Reader XI Mozilla Firefox (39.0) Mozilla Thunderbird 31.7.0 Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Spybot Teatimer.exe is disabled! Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````

JRT file... Junkware Removal Tool (JRT) by Malwarebytes Version: 7.4.9 (07.14.2015:2) OS: Microsoft Windows XP x86 Ran by Administrator on 15/07/2015 at 19:05:04.85 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81FA428925F22ACB3A965 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09F45BAFAAE1D7546ED4 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050B2E46B9C4B67A8F59577 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606D43BB064BD63CBD87E Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28C944FBC7579CF4949414 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3DC1468548785DC856EDA Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8D249B526503432F99D4 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4BA46856BF57969F6A36 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56C49B56F6B83E293C15 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927C4E9B7BC1D3FD1E49F Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327DC64C9A8B641A9E89646 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{429559AC-1128-D420-90E1-0E1894E36CB8} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update FindRight Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util FindRight ~~~ Files Successfully deleted: [File] C:\Documents and Settings\All Users\SPL103.tmp Successfully deleted: [File] C:\Documents and Settings\All Users\SPL2.tmp Successfully deleted: [File] C:\Documents and Settings\All Users\SPL24.tmp Successfully deleted: [File] C:\Documents and Settings\All Users\SPL609.tmp Successfully deleted: [File] C:\Documents and Settings\All Users\SPL9C.tmp ~~~ Folders Successfully deleted: [Folder] C:\Program Files\003 Successfully deleted: [Folder] C:\Program Files\regzooka ~~~ FireFox Successfully deleted: [Folder] C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\7l146elc.default-1382530802734\extensions\staged Successfully deleted the following from C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\z0ovjqe9.default-1382548411328\prefs.js user_pref(extensions.ORJ-SPE.domain, \www.search.ask.com\); user_pref(extensions.ORJ-SPE.hpr_ff, \hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11409&pf=V7&trgb=FF&p2=%5EBBH%5EOSJ000%5EYY%5EGB&gct=hp&apn_ptnrs=BBH&apn_dtid=%5EOSJ000 user_pref(extensions.ORJ-SPE.newTabSearchURL, \hxxp://www.search.ask.com/web?o=APN11409&p2=%5EBBH%5EOSJ000%5EYY%5EGB&tpid=ORJ-SPE&gct=tab&apn_uid=19658256-118A-4B3A-8199-0 user_pref(extensions.ORJ-SPE.searchURL, \hxxp://www.search.ask.com/web?o=APN11409&p2=%5EBBH%5EOSJ000%5EYY%5EGB&tpid=ORJ-SPE&gct=tab&apn_uid=19658256-118A-4B3A-8199-0390117 user_pref(extensions.irmysearch.instlRef, ); Emptied folder: C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\z0ovjqe9.default-1382548411328\minidumps [4 files] ~~~ Chrome [C:\Documents and Settings\Administrator\local settings\application data\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Documents and Settings\Administrator\local settings\application data\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Documents and Settings\Administrator\local settings\application data\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Documents and Settings\Administrator\local settings\application data\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 15/07/2015 at 19:12:01.12 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner file herewith # AdwCleaner v4.208 - Logfile created 15/07/2015 at 18:53:41 # Updated 09/07/2015 by Xplode # Database : 2015-07-15.1 [server] # Operating system : Microsoft Windows XP Service Pack 3 (x86) # Username : Administrator - DEVALETTE # Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner_4.208.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn Folder Deleted : C:\Documents and Settings\All Users\Application Data\FileCure Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic Folder Deleted : C:\Documents and Settings\All Users\Application Data\Avg_Update_0814tb Folder Deleted : C:\Program Files\AVG Security Toolbar File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js ***** [ Scheduled tasks ] ***** Task Deleted : ProgramRefresh-ATFST Task Deleted : ProgramUpdateCheck ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}] Key Deleted : HKCU\Software\Bitberry Software Key Deleted : HKCU\Software\Bitberry Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\FileTypeAssistant Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\Condut Key Deleted : HKCU\Software\Avg Secure Update Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKU\.DEFAULT\Software\Winamp Toolbar Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4F524A2D-5350-4500-76A7-A758B70C1902} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback> ***** [ Web browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v39.0 (x86 en-US) [z0ovjqe9.default-1382548411328\prefs.js] - Line Deleted : user_pref("extensions.ORJ-SPE.domain", "\"www.search.ask.com\""); [z0ovjqe9.default-1382548411328\prefs.js] - Line Deleted : user_pref("extensions.ORJ-SPE.hpr_ff", "\"hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11409&pf=V7&trgb=FF&p2=%5EBBH%5EOSJ000%5EYY%5EGB&gct=hp&apn_ptnrs=BBH&apn_dtid=%5EOSJ000%5EYY%5EGB&apn_dbr=ff_35.[...] [z0ovjqe9.default-1382548411328\prefs.js] - Line Deleted : user_pref("extensions.ORJ-SPE.newTabSearchURL", "\"hxxp://www.search.ask.com/web?o=APN11409&p2=%5EBBH%5EOSJ000%5EYY%5EGB&tpid=ORJ-SPE&gct=tab&apn_uid=19658256-118A-4B3A-8199-0390117C06D6&apn_ptnrs=BBH[...] [z0ovjqe9.default-1382548411328\prefs.js] - Line Deleted : user_pref("extensions.ORJ-SPE.searchURL", "\"hxxp://www.search.ask.com/web?o=APN11409&p2=%5EBBH%5EOSJ000%5EYY%5EGB&tpid=ORJ-SPE&gct=tab&apn_uid=19658256-118A-4B3A-8199-0390117C06D6&apn_ptnrs=BBH&apn_d[...] [z0ovjqe9.default-1382548411328\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.aflt", "irmsd103"); [z0ovjqe9.default-1382548411328\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtD0FtC0F0D0DzzyCyE0AyBtD0F0AtN0D0Tzu0CyCyCzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA"); [z0ovjqe9.default-1382548411328\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.cr", "5260213"); [z0ovjqe9.default-1382548411328\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.instlRef", ""); -\\ Google Chrome v [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://blekko.com/?source=c3348dd4&tbp=rbox&q={searchTerms} [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms} [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtD0FtC0F0D0DzzyCyE0AyBtD0F0AtN0D0Tzu0CyCyCzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=5260213&ir= ************************* AdwCleaner[R0].txt - [19716 bytes] - [07/03/2014 01:22:17] AdwCleaner[R1].txt - [5457 bytes] - [15/07/2015 18:50:09] AdwCleaner[s0].txt - [18312 bytes] - [07/03/2014 01:24:52] AdwCleaner[s1].txt - [5538 bytes] - [15/07/2015 18:53:41] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [5597 bytes] ##########

Txt file herewith C:\AdwCleaner\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\MixiDJ_V30\hk64tbMixi.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\MixiDJ_V30\hktbMixi.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\MixiDJ_V30\ldrtbMixi.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\MixiDJ_V30\tbMixi.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\MixiDJ_V30\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Program Files\File Type Assistant\ftacfg.exe.vir Win32/FileTypeAssistant.A potentially unwanted application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Program Files\File Type Assistant\TSASetup.exe.vir a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files\File Type Assistant\tsassist.exe.vir a variant of Win32/FileTypeAssistant.A potentially unwanted application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Program Files\MixiDJ_V30\hk64tbMixi.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Program Files\MixiDJ_V30\hktbMixi.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Program Files\MixiDJ_V30\ldrtbMixi.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Program Files\MixiDJ_V30\MixiDJ_V30ToolbarHelper.exe.vir Win32/Toolbar.Conduit.V potentially unwanted application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Program Files\MixiDJ_V30\prxtbMixi.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Program Files\MixiDJ_V30\tbMixi.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Program Files\Mozilla Firefox\nsprotector.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application cleaned by deleting - quarantined C:\Documents and Settings\Administrator\Local Settings\TempDIR\PIP2691_NDV2_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application cleaned by deleting - quarantined C:\Documents and Settings\Administrator\My Documents\Downloads\CutePDFWriterSetup.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Administrator\My Documents\Downloads\CuteWriter(1).exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined C:\Documents and Settings\Administrator\My Documents\Downloads\CuteWriter(2).exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined C:\Documents and Settings\Administrator\My Documents\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined C:\Documents and Settings\Administrator\My Documents\Downloads\dfsetup219.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Administrator\My Documents\Downloads\DriverGuide_Driver_Download_1249336.exe a variant of Win32/InstallCore.CH potentially unwanted application cleaned by deleting - quarantined C:\Documents and Settings\Administrator\My Documents\Downloads\FreeFileViewerSetup [1].exe a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined C:\Documents and Settings\Administrator\My Documents\Downloads\grsetup(1).exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined C:\Documents and Settings\Administrator\My Documents\Downloads\grsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined C:\Documents and Settings\Administrator\My Documents\Downloads\PandaCloudAntivirus_v2.1.exe a variant of Win32/DownloadSponsor.C potentially unwanted application cleaned by deleting - quarantined C:\Documents and Settings\Administrator\My Documents\Downloads\Samsung_SM-352F_Driver_Update_10-2013.exe a variant of Win32/Systweak.R potentially unwanted application deleted - quarantined C:\Documents and Settings\Administrator\My Documents\Downloads\tb_free.exe a variant of Win32/TFTPD32.A potentially unsafe application deleted - quarantined C:\Documents and Settings\Administrator\My Documents\Downloads\winzip160.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined C:\Documents and Settings\Administrator\My Documents\Downloads\CuteWriter\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined C:\Documents and Settings\Administrator\My Documents\Downloads\Winzip_TSV46NIU2\b84a291d6f2dd32622e3a7e1bb64aa0b_WinZip180.exe a variant of Win32/OpenInstall potentially unwanted application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Documents and Settings\All Users\Application Data\Websteroids\Websteroids.exe a variant of MSIL/Adware.PullUpdate.B application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Documents and Settings\All Users\Application Data\Websteroids\WebsteroidsService.exe a variant of MSIL/Adware.PullUpdate.A application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\UpdateManager.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\SO.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\VNT\vntldr.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined

Fixlog hetrewith Fix result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015 Ran by Administrator at 2015-07-13 17:47:28 Run:2 Running from C:\Documents and Settings\Administrator\Desktop\FRST Folder Loaded Profiles: Administrator (Available Profiles: Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720 AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:798A3728 AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BC359956 FF Extension: FindRight - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-21] FF Extension: FindRight - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-21] FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\ask-search.xml [2015-02-17] FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\trovi-search.xml [2014-06-09] FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\searchplugins\trovi-search.xml [2014-06-09] FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M95522E8F-2408-494B-BB97-632AC5E227D5&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP046D9554-79E9-450D-B6B2-A664F143E365 FF SelectedSearchEngine: Trovi search BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://search.condui...rchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms} SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...&cr=5260213&ir= HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=19/09/2013 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=19/09/2013 AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File not found HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949592 2015-02-14] (APN) S4 Websteroids; C:\Documents and Settings\All Users\Application Data\Websteroids\Websteroids.exe [150392 2014-02-11] (Creative Island Media, LLC) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-31] (APN LLC.) C:\PROGRA~1\SearchProtect C:\Program Files\FreeFileViewer C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job C:\Documents and Settings\All Users\Application Data\Websteroids C:\Program Files\AskPartnerNetwork EmptyTemp: ***************** C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job not found. "C:\Documents and Settings\All Users\Application Data\TEMP" => ":373E1720" ADS not found. "C:\Documents and Settings\All Users\Application Data\TEMP" => ":798A3728" ADS not found. "C:\Documents and Settings\All Users\Application Data\TEMP" => ":BC359956" ADS not found. C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi => not found. C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi => not found. "C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\ask-search.xml" => not found. "C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\trovi-search.xml" => not found. "C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\searchplugins\trovi-search.xml" => not found. Firefox newtab removed successfully. Firefox SelectedSearchEngine removed successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => key not found. HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{429559AC-1128-D420-90E1-0E1894E36CB8} => key not found. HKCR\CLSID\{429559AC-1128-D420-90E1-0E1894E36CB8} => key not found. HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value not found. HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value not found. HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Search Page => value not found. HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => value not found. HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Search Page => value not found. "C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => value data not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => value removed successfully. Websteroids => Service not found. APNMCP => Service not found. "C:\PROGRA~1\SearchProtect" => File/Folder not found. "C:\Program Files\FreeFileViewer" => File/Folder not found. "C:\Windows\Tasks\At1.job" => File/Folder not found. "C:\Windows\Tasks\At2.job" => File/Folder not found. "C:\Windows\Tasks\At3.job" => File/Folder not found. "C:\Windows\Tasks\At4.job" => File/Folder not found. "C:\Documents and Settings\All Users\Application Data\Websteroids" => File/Folder not found. "C:\Program Files\AskPartnerNetwork" => File/Folder not found. EmptyTemp: => 569.9 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 17:48:55 ====

MBAM application log Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 13/07/2015 Scan Time: 20:34:29 Logfile: Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.07.13.04 Rootkit Database: v2015.07.10.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: Administrator Scan Type: Threat Scan Result: Completed Objects Scanned: 332763 Time Elapsed: 24 min, 38 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 19 PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [4ff96e7369219d992da891f528daef11], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [c781825fb5d5979f5c574d39bb47e21e], PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\AskPartnerNetwork, Quarantined, [52f6b72a17730d292fcbda2715eede22], PUP.Optional.FindRight.A, HKLM\SOFTWARE\FindRight, Quarantined, [034560814f3bd5612d111b2b93707888], PUP.Optional.SupraSavings, HKLM\SOFTWARE\suprasavings, Quarantined, [4efa78693e4c78bec74bd75406fd0bf5], PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [e46417ca0b7f0333be61f39e24e00ff1], PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}, Quarantined, [72d6fce5a9e183b31907a3ee887ce11f], PUP.Optional.BrowserSafeguard.A, HKLM\SOFTWARE\MICROSOFT\ESENT\PROCESS\BrowserSafeguard, Quarantined, [97b120c1aedc5fd74612e79335cf6898], PUP.Optional.SmartBar.A, HKLM\SOFTWARE\MICROSOFT\ESENT\PROCESS\Smartbar, Quarantined, [163238a9fe8c51e50940f38c6d978e72], PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5350-4500-76A7-A758B70C1902}, Quarantined, [22263ea394f684b24f69eb15dd269769], PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CLTMNGSVC, Quarantined, [b69221c03852221433e3671126deb24e], PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, Quarantined, [a0a8c8190a80f04609f07889af548977], PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [430550917f0b5dd9e13dc7cae61e8080], PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\AskPartnerNetwork, Quarantined, [1e2a05dce3a78bab54a5f011f40ff30d], PUP.Optional.DynConIE.A, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\DynConIE, Quarantined, [50f85e83c9c1290ddb2bfd4c60a305fb], PUP.Optional.FindRight.A, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\FindRight, Quarantined, [a1a76c755b2fce6854eb67dfd132b14f], PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [ef597c65d9b140f6001e2d640cf8728e], PUP.Optional.SupraSavings.A, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, Quarantined, [ba8e6c758bff16201bf3003f29da56aa], PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\CONDUIT\DistributionEngine, Quarantined, [79cf578a8505bb7b35188c033aca0ff1], Registry Values: 1 PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5350-4500-76A7-A758B70C1902}|InstallSource, C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\ORJ-SPE\, Quarantined, [22263ea394f684b24f69eb15dd269769] Registry Data: 0 (No malicious items detected) Folders: 14 PUP.Optional.Websteroids.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Websteroids, Quarantined, [6bdd5b86cfbbfd39f0a2d7fdfc06a45c], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\APN\APN-Stub, Quarantined, [e266924f12787eb835be946a5da58f71], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork, Quarantined, [00486f72b6d455e1ec09817de81a49b7], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar, Quarantined, [00486f72b6d455e1ec09817de81a49b7], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater, Quarantined, [00486f72b6d455e1ec09817de81a49b7], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC, Quarantined, [00486f72b6d455e1ec09817de81a49b7], PUP.Optional.BundleInstaller.A, C:\Documents and Settings\Administrator\Application Data\1O1L1I1PtF1F1C1N, Quarantined, [d96f38a93e4c1125398235ca9a68dc24], PUP.Optional.BundleInstaller.A, C:\Documents and Settings\Administrator\Application Data\1O1L1I1PtF1F1C1N\CutePDF Writer Free Download Packages, Quarantined, [d96f38a93e4c1125398235ca9a68dc24], Files: 18 PUP.Optional.InstallIQ.A, C:\Documents and Settings\Administrator\My Documents\Downloads\FreeFileViewer2011Setup.exe, Quarantined, [d474ad349feb6acc30a12bc44eb29c64], PUP.Optional.Bitberry, C:\Documents and Settings\Administrator\My Documents\Downloads\FreeFileViewerSetup.exe, Quarantined, [6bddbd246c1e8da95738b85af40d7d83], PUP.Optional.ClientConnect, C:\Documents and Settings\Administrator\My Documents\Downloads\Winzip_TSV46NIU2.exe, Quarantined, [291f2db48505ee4897a2330c39c8f40c], PUP.Optional.OptimumInstaller.A, C:\Documents and Settings\Administrator\My Documents\Downloads\Player-Firefox(1).exe, Quarantined, [78d0aa37b4d6f83e10adfc156f92a55b], PUP.Optional.OptimumInstaller.A, C:\Documents and Settings\Administrator\My Documents\Downloads\Player-Firefox.exe, Quarantined, [291fda07a3e793a39a23da3743be59a7], Adware.SaMon, C:\WINDOWS\system32\Websteroids.B324755F3F87.dll, Quarantined, [014706db4e3c6fc73e80b26924dd649c], PUP.Optional.Websteroids.A, C:\WINDOWS\system32\Websteroids.B324755F3F87.dll, Quarantined, [78d0d809f89238fe0e512b14907343bd], PUP.Optional.FindRight.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2kd98lai.default\extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi, Quarantined, [5debc51cfd8d4ee863246ed37192e41c], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.15.1.0-4.xml, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.16.2.0-4.xml, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response\Response.31.16.2.0-21.xml, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response\Response.31.16.2.0-22.xml, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe, Quarantined, [00486f72b6d455e1ec09817de81a49b7], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll, Quarantined, [00486f72b6d455e1ec09817de81a49b7], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, Quarantined, [00486f72b6d455e1ec09817de81a49b7], PUP.Optional.Trovi, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\prefs.js, Good: (), Bad: (user_pref("browser.search.selectedEngine", "Trovi search"), Replaced,[351318c92862ca6cfed4c99d38cd837d] PUP.Optional.Trovi.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M95522E8F-2408-494B-BB97-632AC5E227D5&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP046D9554-79E9-450D-B6B2-A664F143E365"),Replaced,[2721f3ee8ffb52e459ba521502030df3] PUP.Optional.ASK.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.search.ask.com/?tpid=ORJ-SPE&o=APN11409&pf=V7&trgb=FF&p2=Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EBBHReplaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EOSJ000Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EYYReplaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EGB&gct=hp&apn_ptnrs=BBH&apn_dtid=Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EOSJ000Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EYYReplaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EGB&apn_dbr=ff_35.0.1.5500&apn_uid=19658256-118A-4B3A-8199-0390117C06D6&itbv=12.24.1.51&doi=2015-02-17&psv=&pt=tb"),Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84] Physical Sectors: 0 (No malicious items detected) (end)Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 13/07/2015 Scan Time: 20:34:29 Logfile: scanlog.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.07.13.04 Rootkit Database: v2015.07.10.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: Administrator Scan Type: Threat Scan Result: Completed Objects Scanned: 332763 Time Elapsed: 24 min, 38 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 19 PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [4ff96e7369219d992da891f528daef11], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [c781825fb5d5979f5c574d39bb47e21e], PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\AskPartnerNetwork, Quarantined, [52f6b72a17730d292fcbda2715eede22], PUP.Optional.FindRight.A, HKLM\SOFTWARE\FindRight, Quarantined, [034560814f3bd5612d111b2b93707888], PUP.Optional.SupraSavings, HKLM\SOFTWARE\suprasavings, Quarantined, [4efa78693e4c78bec74bd75406fd0bf5], PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [e46417ca0b7f0333be61f39e24e00ff1], PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}, Quarantined, [72d6fce5a9e183b31907a3ee887ce11f], PUP.Optional.BrowserSafeguard.A, HKLM\SOFTWARE\MICROSOFT\ESENT\PROCESS\BrowserSafeguard, Quarantined, [97b120c1aedc5fd74612e79335cf6898], PUP.Optional.SmartBar.A, HKLM\SOFTWARE\MICROSOFT\ESENT\PROCESS\Smartbar, Quarantined, [163238a9fe8c51e50940f38c6d978e72], PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5350-4500-76A7-A758B70C1902}, Quarantined, [22263ea394f684b24f69eb15dd269769], PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CLTMNGSVC, Quarantined, [b69221c03852221433e3671126deb24e], PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, Quarantined, [a0a8c8190a80f04609f07889af548977], PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [430550917f0b5dd9e13dc7cae61e8080], PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\AskPartnerNetwork, Quarantined, [1e2a05dce3a78bab54a5f011f40ff30d], PUP.Optional.DynConIE.A, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\DynConIE, Quarantined, [50f85e83c9c1290ddb2bfd4c60a305fb], PUP.Optional.FindRight.A, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\FindRight, Quarantined, [a1a76c755b2fce6854eb67dfd132b14f], PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [ef597c65d9b140f6001e2d640cf8728e], PUP.Optional.SupraSavings.A, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, Quarantined, [ba8e6c758bff16201bf3003f29da56aa], PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\CONDUIT\DistributionEngine, Quarantined, [79cf578a8505bb7b35188c033aca0ff1], Registry Values: 1 PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5350-4500-76A7-A758B70C1902}|InstallSource, C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\ORJ-SPE\, Quarantined, [22263ea394f684b24f69eb15dd269769] Registry Data: 0 (No malicious items detected) Folders: 14 PUP.Optional.Websteroids.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Websteroids, Quarantined, [6bdd5b86cfbbfd39f0a2d7fdfc06a45c], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\APN\APN-Stub, Quarantined, [e266924f12787eb835be946a5da58f71], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork, Quarantined, [00486f72b6d455e1ec09817de81a49b7], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar, Quarantined, [00486f72b6d455e1ec09817de81a49b7], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater, Quarantined, [00486f72b6d455e1ec09817de81a49b7], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC, Quarantined, [00486f72b6d455e1ec09817de81a49b7], PUP.Optional.BundleInstaller.A, C:\Documents and Settings\Administrator\Application Data\1O1L1I1PtF1F1C1N, Quarantined, [d96f38a93e4c1125398235ca9a68dc24], PUP.Optional.BundleInstaller.A, C:\Documents and Settings\Administrator\Application Data\1O1L1I1PtF1F1C1N\CutePDF Writer Free Download Packages, Quarantined, [d96f38a93e4c1125398235ca9a68dc24], Files: 18 PUP.Optional.InstallIQ.A, C:\Documents and Settings\Administrator\My Documents\Downloads\FreeFileViewer2011Setup.exe, Quarantined, [d474ad349feb6acc30a12bc44eb29c64], PUP.Optional.Bitberry, C:\Documents and Settings\Administrator\My Documents\Downloads\FreeFileViewerSetup.exe, Quarantined, [6bddbd246c1e8da95738b85af40d7d83], PUP.Optional.ClientConnect, C:\Documents and Settings\Administrator\My Documents\Downloads\Winzip_TSV46NIU2.exe, Quarantined, [291f2db48505ee4897a2330c39c8f40c], PUP.Optional.OptimumInstaller.A, C:\Documents and Settings\Administrator\My Documents\Downloads\Player-Firefox(1).exe, Quarantined, [78d0aa37b4d6f83e10adfc156f92a55b], PUP.Optional.OptimumInstaller.A, C:\Documents and Settings\Administrator\My Documents\Downloads\Player-Firefox.exe, Quarantined, [291fda07a3e793a39a23da3743be59a7], Adware.SaMon, C:\WINDOWS\system32\Websteroids.B324755F3F87.dll, Quarantined, [014706db4e3c6fc73e80b26924dd649c], PUP.Optional.Websteroids.A, C:\WINDOWS\system32\Websteroids.B324755F3F87.dll, Quarantined, [78d0d809f89238fe0e512b14907343bd], PUP.Optional.FindRight.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2kd98lai.default\extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi, Quarantined, [5debc51cfd8d4ee863246ed37192e41c], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.15.1.0-4.xml, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.16.2.0-4.xml, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response\Response.31.16.2.0-21.xml, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response\Response.31.16.2.0-22.xml, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe, Quarantined, [00486f72b6d455e1ec09817de81a49b7], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll, Quarantined, [00486f72b6d455e1ec09817de81a49b7], PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, Quarantined, [00486f72b6d455e1ec09817de81a49b7], PUP.Optional.Trovi, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\prefs.js, Good: (), Bad: (user_pref("browser.search.selectedEngine", "Trovi search"), Replaced,[351318c92862ca6cfed4c99d38cd837d] PUP.Optional.Trovi.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M95522E8F-2408-494B-BB97-632AC5E227D5&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP046D9554-79E9-450D-B6B2-A664F143E365"),Replaced,[2721f3ee8ffb52e459ba521502030df3] PUP.Optional.ASK.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.search.ask.com/?tpid=ORJ-SPE&o=APN11409&pf=V7&trgb=FF&p2=Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EBBHReplaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EOSJ000Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EYYReplaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EGB&gct=hp&apn_ptnrs=BBH&apn_dtid=Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EOSJ000Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EYYReplaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EGB&apn_dbr=ff_35.0.1.5500&apn_uid=19658256-118A-4B3A-8199-0390117C06D6&itbv=12.24.1.51&doi=2015-02-17&psv=&pt=tb"),Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84] Physical Sectors: 0 (No malicious items detected) (end)

Fixlog herewith Fix result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015 Ran by Administrator at 2015-07-13 17:47:28 Run:2 Running from C:\Documents and Settings\Administrator\Desktop\FRST Folder Loaded Profiles: Administrator (Available Profiles: Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720 AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:798A3728 AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BC359956 FF Extension: FindRight - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-21] FF Extension: FindRight - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-21] FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\ask-search.xml [2015-02-17] FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\trovi-search.xml [2014-06-09] FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\searchplugins\trovi-search.xml [2014-06-09] FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M95522E8F-2408-494B-BB97-632AC5E227D5&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP046D9554-79E9-450D-B6B2-A664F143E365 FF SelectedSearchEngine: Trovi search BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://search.condui...rchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms} SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...&cr=5260213&ir= HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=19/09/2013 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=19/09/2013 AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File not found HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949592 2015-02-14] (APN) S4 Websteroids; C:\Documents and Settings\All Users\Application Data\Websteroids\Websteroids.exe [150392 2014-02-11] (Creative Island Media, LLC) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-31] (APN LLC.) C:\PROGRA~1\SearchProtect C:\Program Files\FreeFileViewer C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job C:\Documents and Settings\All Users\Application Data\Websteroids C:\Program Files\AskPartnerNetwork EmptyTemp: ***************** C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job not found. "C:\Documents and Settings\All Users\Application Data\TEMP" => ":373E1720" ADS not found. "C:\Documents and Settings\All Users\Application Data\TEMP" => ":798A3728" ADS not found. "C:\Documents and Settings\All Users\Application Data\TEMP" => ":BC359956" ADS not found. C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi => not found. C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi => not found. "C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\ask-search.xml" => not found. "C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\trovi-search.xml" => not found. "C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\searchplugins\trovi-search.xml" => not found. Firefox newtab removed successfully. Firefox SelectedSearchEngine removed successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => key not found. HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{429559AC-1128-D420-90E1-0E1894E36CB8} => key not found. HKCR\CLSID\{429559AC-1128-D420-90E1-0E1894E36CB8} => key not found. HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value not found. HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value not found. HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Search Page => value not found. HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => value not found. HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Search Page => value not found. "C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => value data not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => value removed successfully. Websteroids => Service not found. APNMCP => Service not found. "C:\PROGRA~1\SearchProtect" => File/Folder not found. "C:\Program Files\FreeFileViewer" => File/Folder not found. "C:\Windows\Tasks\At1.job" => File/Folder not found. "C:\Windows\Tasks\At2.job" => File/Folder not found. "C:\Windows\Tasks\At3.job" => File/Folder not found. "C:\Windows\Tasks\At4.job" => File/Folder not found. "C:\Documents and Settings\All Users\Application Data\Websteroids" => File/Folder not found. "C:\Program Files\AskPartnerNetwork" => File/Folder not found. EmptyTemp: => 569.9 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 17:48:55 ====

Before I proceed. Pro Cleaner Pro and Pareto logic progs removed some months ago.(cant find in Add/Remove folder) Avast removed two days ago (computer v slow). Presently running Spy Bot. Search App by Ask- removed some time ago (cant find in Add/Remove folder) Websteroids- never installed (cant find in Add/Remove folder) Free File Viewer 2014 -removed FindRight -removed File Type Assistant -removed CutePDF Writer Free Download Packages -removed. Should I continue to look for these missing progs.?

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-07-2015 Ran by Administrator at 2015-07-12 13:14:16 Running from C:\Documents and Settings\Administrator\My Documents\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1214440339-1364589140-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator ASPNET (S-1-5-21-1214440339-1364589140-839522115-1004 - Limited - Enabled) Guest (S-1-5-21-1214440339-1364589140-839522115-501 - Limited - Disabled) HelpAssistant (S-1-5-21-1214440339-1364589140-839522115-1000 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-1214440339-1364589140-839522115-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: PC Cleaner Pro (Disabled - Up to date) {737A8864-C2D9-4337-B49A-B5E35815B9BB} AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: ParetoLogic ParetoLogic Internet Security (Disabled - Out of date) {964FCE60-0B18-4D30-ADD6-EB178909041C} FW: ParetoLogic ParetoLogic Internet Security (Disabled) {FF1CD5B7-1553-4625-A258-1775385CED33} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House) Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ARRL 2012 Handbook (HKLM\...\{8745CF29-FA1B-49D6-862F-1328D3D628EF}) (Version: 16.00.0000 - ARRL) ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1008 - ) ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5103 - ) ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.012.1-040525b-015827C-Dell - ) Audacity 1.3.13 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team) AutoCAD LT 2005 - English (HKLM\...\{5783F2D7-0309-0409-0002-0060B0CE6BBA}) (Version: 16.1.63.10 - Autodesk) Autodesk DWF Viewer (HKLM\...\Autodesk DWF Viewer) (Version: 4.1 - Autodesk, Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Broadcom Gigabit Integrated Controller (HKLM\...\InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}) (Version: 7.03.09 - Broadcom) Broadcom Gigabit Integrated Controller (Version: 7.03.09 - Broadcom) Hidden Calcute 11.5.27.0 (Remove only) (HKLM\...\Calcute 11.5.27.0) (Version: - ) Camera Support Core Library (Version: 7.0.1.17 - Canon) Hidden Camera Window (Version: 4.6.1 - Canon) Hidden Canon Camera Support Core Library (HKLM\...\InstallShield_{B9B9863A-32FD-4133-ADB7-46244ED77694}) (Version: 7.0.1.17 - Canon) Canon Camera Window for ZoomBrowser EX (HKLM\...\InstallShield_{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}) (Version: 4.6.1 - Canon) Canon Internet Library for ZoomBrowser EX (HKLM\...\InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}) (Version: 1.3.3 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}) (Version: 1.1.1.41 - Canon) Canon PhotoRecord (HKLM\...\{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}) (Version: 02.00.00029 - Cisra) Canon RAW Image Task for ZoomBrowser EX (HKLM\...\InstallShield_{9518F764-C54D-47B2-9E73-154B21E79FD2}) (Version: 1.0 - Canon) Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\InstallShield_{2C164906-E68F-462A-9010-70DD022223EF}) (Version: 1.0.2 - Canon) Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}) (Version: 3.1.13 - Canon) Canon Utilities ZoomBrowser EX (HKLM\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 04.06.00032 - CISRA) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - ) CutePDF Writer Free Download Packages (HKU\S-1-5-21-1214440339-1364589140-839522115-500\...\CutePDF Writer Free Download Packages) (Version: - ) <==== ATTENTION DashBoard 6.0.0 (HKLM\...\DashBoard) (Version: 6.0.0 - Ross Video Limited) Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform) Dell Power Applet Update (HKLM\...\{F650704B-D32D-493F-B0C1-CB064782D19E}) (Version: - ) Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - ) Dropbox (HKU\S-1-5-21-1214440339-1364589140-839522115-500\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.) File Type Assistant (HKLM\...\Trusted Software Assistant_is1) (Version: 2014.1.24.0 - ) <==== ATTENTION FindRight (HKLM\...\FindRight) (Version: 2014.02.21.042329 - FindRight) <==== ATTENTION Flip-Q 2.33 (HKLM\...\Flip-Q Version 2.33 Application_is1) (Version: - Flip-Q) Free File Viewer 2014 (HKLM\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION FUJIFILM MyFinePix Studio 4.1 (HKLM\...\MyFinePix Studio_is1) (Version: - ) Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.) HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{2BDCE73D-C1CF-45BF-B6EB-B010365314A3}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Deskjet 3050A J611 series Help (HKLM\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard) HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{6CC74460-AC9B-4E7E-91FF-833C751C092F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) Internet Library (Version: 1.3.3 - Canon Inc.) Hidden iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden LAME v3.98.3 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - ) Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version: - Lexmark International, Inc.) Lexmark Printable Web (HKLM\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - ) Lexmark Tools for Office (HKLM\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.24.0.0 - ) Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 5.3.7290 - Paramount Software (UK) Ltd.) Hidden Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft ActiveSync (HKLM\...\{99052DB7-9592-4522-A558-5417BBAD48EE}) (Version: 4.5.5096.0 - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office Basic Edition 2003 (HKLM\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MovieEdit Task (Version: 1.1.1.41 - Canon) Hidden MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 31.7.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.7.0 (x86 en-US)) (Version: 31.7.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation) PhotoStitch (Version: 3.1.13 - Canon) Hidden PRS-500 USB driver (HKLM\...\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}) (Version: 1.0.00.08110 - Sony) QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Rapport (Version: 3.5.1412.176 - Trusteer) Hidden RAW Image Task 1.0 (Version: 1.0 - Canon) Hidden Reader Library by Sony (HKLM\...\{B70E5793-F912-4C62-AFE2-C4F0B078FD31}) (Version: 3.3.00.07130 - Sony Corporation) RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden RemoteCapture Task 1.0.2 (Version: 1.0.2 - Canon) Hidden Search App by Ask (HKLM\...\{4F524A2D-5350-4500-76A7-A758B70C1902}) (Version: 12.25.2.60 - APN, LLC) <==== ATTENTION Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.) Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SoftwareWatcher bundle (HKLM\...\SoftwareWatcher bundle) (Version: 2.0.0.3 - SoftwareWatcher) SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.7000 - Analog Devices) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1412.176 - Trusteer) Vipre (Version: 6.1.5496 - Vipre) Hidden WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden Websteroids (Version: 2.6.63 - Creative Island Media, LLC) Hidden <==== ATTENTION Winamp (HKLM\...\Winamp) (Version: 5.622 - Nullsoft, Inc) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080) (HKLM\...\75070B1806113224B16C70296B90DD1AD8A53479) (Version: 08/08/2006 1.0.03.08080 - Sony Corporation) Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) XnView 2.20 (HKLM\...\XnView_is1) (Version: 2.20 - Gougelet Pierre-e) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{74F5CC00-49A9-11CF-A2F9-444553540000}\InprocServer32 -> C:\Program Files\AutoCAD LT 2005\acltficn.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{8E75D913-3D21-11D2-85C4-080009A0C626}\localserver32 -> C:\Program Files\AutoCAD LT 2005\aclt.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.) ==================== Restore Points ========================= 05-06-2015 14:06:42 System Checkpoint 06-06-2015 15:44:37 System Checkpoint 07-06-2015 16:20:53 System Checkpoint 08-06-2015 16:28:55 System Checkpoint 09-06-2015 18:50:44 System Checkpoint 10-06-2015 19:39:14 System Checkpoint 11-06-2015 03:00:20 Software Distribution Service 3.0 12-06-2015 03:29:00 System Checkpoint 13-06-2015 04:28:58 System Checkpoint 14-06-2015 05:29:00 System Checkpoint 15-06-2015 06:29:00 System Checkpoint 16-06-2015 06:31:58 System Checkpoint 17-06-2015 06:36:25 System Checkpoint 18-06-2015 06:45:29 System Checkpoint 19-06-2015 06:50:00 System Checkpoint 20-06-2015 06:56:39 System Checkpoint 21-06-2015 07:00:04 System Checkpoint 22-06-2015 08:00:03 System Checkpoint 23-06-2015 08:03:54 System Checkpoint 23-06-2015 12:59:32 Installed Rapport 24-06-2015 13:02:03 System Checkpoint 25-06-2015 13:11:39 System Checkpoint 26-06-2015 13:57:47 System Checkpoint 27-06-2015 14:05:10 System Checkpoint 28-06-2015 15:02:18 System Checkpoint 29-06-2015 15:34:20 System Checkpoint 30-06-2015 15:37:45 System Checkpoint 01-07-2015 15:42:15 System Checkpoint 02-07-2015 15:52:19 System Checkpoint 03-07-2015 15:56:50 System Checkpoint 04-07-2015 16:56:49 System Checkpoint 05-07-2015 18:00:54 System Checkpoint 06-07-2015 18:51:14 System Checkpoint 07-07-2015 18:56:53 System Checkpoint 07-07-2015 12:05:16 System Checkpoint 08-07-2015 12:28:19 System Checkpoint 09-07-2015 13:28:19 System Checkpoint 10-07-2015 14:26:39 System Checkpoint 11-07-2015 14:42:20 System Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2003-07-16 17:23 - 2015-07-10 10:54 - 00431523 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com There are 1000 more lines. ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1214440339-1364589140-839522115-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1214440339-1364589140-839522115-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job => C:\Program Files\File Type Assistant\TSASetup.exe Task: C:\WINDOWS\Tasks\ProgramUpdateCheck.job => C:\Program Files\File Type Assistant\tsassist.exe Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1214440339-1364589140-839522115-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1214440339-1364589140-839522115-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe ==================== Loaded Modules (Whitelisted) ============== 2011-03-30 09:35 - 2004-05-25 23:15 - 00397312 _____ () C:\WINDOWS\system32\Ati2evxx.exe 2013-10-30 17:13 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-10-30 17:13 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2011-04-01 00:16 - 2009-11-05 08:39 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll 2013-10-24 22:03 - 2008-05-01 13:41 - 00045056 _____ () C:\WINDOWS\system32\LXDUPMON.DLL 2013-10-24 22:03 - 2008-05-30 01:35 - 00086016 _____ () C:\WINDOWS\system32\LXDUOEM.DLL 2013-10-24 22:03 - 2008-05-30 01:33 - 00032768 _____ () C:\Program Files\Lexmark 5600-6600 Series\ipcmt.dll 2013-10-24 10:43 - 2008-05-24 01:17 - 00121856 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxdudrpp.dll 2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe 2013-10-30 17:13 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll 2013-10-30 17:13 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2013-10-30 17:13 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2010-07-13 01:28 - 2010-07-13 01:28 - 00856064 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\fsk.dll 2010-07-13 01:13 - 2010-07-13 01:13 - 00033792 _____ () C:\Program Files\Sony\Reader\Data\bin\FskMediaPlayers.dll 2010-07-13 01:15 - 2010-07-13 01:15 - 00233472 _____ () C:\Program Files\Sony\Reader\Data\bin\Fskin.dll 2010-07-13 01:22 - 2010-07-13 01:22 - 00020480 _____ () C:\Program Files\Sony\Reader\Data\bin\FskinLocalize.dll 2010-04-02 21:23 - 2010-04-02 21:23 - 00815104 _____ () C:\Program Files\Sony\Reader\Data\bin\FskSecurity.dll 2010-07-13 01:16 - 2010-07-13 01:16 - 00118784 _____ () C:\Program Files\Sony\Reader\Data\bin\FskDocumentViewer.dll 2010-07-13 01:22 - 2010-07-13 01:22 - 00009728 _____ () C:\Program Files\Sony\Reader\Data\bin\FskPower.dll 2010-07-13 01:26 - 2010-07-13 01:26 - 00018432 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\FskNetInterface.dll 2010-07-13 01:15 - 2010-07-13 01:15 - 00010240 _____ () C:\Program Files\Sony\Reader\Data\bin\FskMobileMediaDevice.dll 2010-07-13 01:25 - 2010-07-13 01:25 - 00008704 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll 2010-07-13 01:25 - 2010-07-13 01:25 - 00028160 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\ticket.dll 2010-07-13 01:25 - 2010-07-13 01:25 - 00011776 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll 2010-04-02 20:44 - 2010-04-02 20:44 - 00086016 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\ebookUsb.dll 2010-07-13 01:29 - 2010-07-13 01:29 - 00143360 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\connectionDetector.dll 2010-07-13 01:10 - 2010-07-13 01:10 - 00172032 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\USBDetector.dll 2013-10-24 22:02 - 2008-05-30 02:04 - 00676520 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe 2013-10-24 22:02 - 2008-05-30 01:43 - 00380928 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduscw.dll 2013-10-24 22:04 - 2008-05-24 01:02 - 00188416 _____ () C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdudatr.dll 2013-10-24 22:02 - 2008-05-30 01:43 - 01036288 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduDRS.dll 2013-10-24 22:02 - 2008-05-30 01:43 - 00081920 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxducaps.dll 2013-10-24 22:02 - 2008-05-30 01:31 - 00069632 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxducnv4.dll 2013-10-24 22:02 - 2008-05-30 02:04 - 00025256 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe 2013-10-24 22:02 - 2008-05-19 14:58 - 00028672 _____ () C:\Program Files\Lexmark 5600-6600 Series\App4R.Monitor.Common.dll 2013-10-24 22:02 - 2008-05-19 14:58 - 00036864 _____ () C:\Program Files\Lexmark 5600-6600 Series\App4R.Monitor.Core.dll 2013-10-24 22:02 - 2008-05-19 14:57 - 00065536 _____ () C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll 2013-10-24 22:02 - 2008-03-25 17:53 - 00012288 _____ () C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll 2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll 2013-10-24 22:03 - 2008-05-10 02:42 - 01036288 _____ () C:\WINDOWS\system32\lxdudrs.dll 2013-10-24 22:03 - 2008-05-10 02:42 - 00081920 _____ () C:\WINDOWS\system32\lxducaps.dll 2013-10-24 22:03 - 2008-05-10 02:29 - 00069632 _____ () C:\WINDOWS\system32\lxducnv4.dll 2013-10-24 22:04 - 2008-05-24 01:14 - 00811008 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduptpc.dll 2013-10-24 22:04 - 2008-05-24 01:17 - 00149504 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdudrui.dll 2015-07-11 04:28 - 2015-07-11 04:28 - 00043008 _____ () c:\Documents and Settings\Administrator\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf_6cb9.dll 2015-03-04 22:45 - 2015-03-19 08:15 - 00750080 _____ () C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\libGLESv2.dll 2015-03-04 22:45 - 2015-03-19 08:15 - 00047616 _____ () C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\libEGL.dll 2015-03-04 22:45 - 2015-03-19 08:15 - 00865280 _____ () C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\plugins\platforms\qwindows.dll 2015-03-04 22:45 - 2015-03-19 08:15 - 00200704 _____ () C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\plugins\imageformats\qjpeg.dll 2015-05-20 15:08 - 2015-05-20 15:09 - 03350640 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll 2015-05-20 15:08 - 2015-05-20 15:09 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll 2015-05-20 15:08 - 2015-05-20 15:09 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720 AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:798A3728 AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BC359956 ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbaphd => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbapifs => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbapifsl => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbhips => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbaphd => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbapifs => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbapifsl => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbhips => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7593 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1214440339-1364589140-839522115-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp DNS Servers: 192.168.1.254 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync DomainProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\rapimgr.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager DomainProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\wcescomm.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager DomainProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Application StandardProfile\AuthorizedApplications: [C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe] => Enabled:Lexmark Device Monitor StandardProfile\AuthorizedApplications: [C:\Program Files\Lexmark 5600-6600 Series\frun.exe] => Enabled:Lexmark Productivity Studio StandardProfile\AuthorizedApplications: [C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe] => Enabled:ABBYY FineReader StandardProfile\AuthorizedApplications: [C:\Program Files\Lexmark 5600-6600 Series\lxdufax.exe] => Enabled:Fax software StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\client\googleearth.exe] => Enabled:Google Earth StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre6\bin\java.exe] => Enabled:Java Platform SE binary StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 2 for dmt_redux.zip\DMT.exe] => Enabled:DMTv7 ADSLv1/2/2plus Annex A/B/M StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Desktop\UpgradeWizard\Win2KXPVista\STSetup.exe] => Enabled:SpeedTouch Setup Wizard StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\rapimgr.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\wcescomm.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Application StandardProfile\AuthorizedApplications: [C:\ATSCallingCard\CallingCard.exe] => Enabled:LogMeIn Rescue Calling Card StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Disabled:Microsoft Management Console StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe] => Enabled:LogMeIn Rescue StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0002.tmp\lmi_rescue.exe] => Enabled:LogMeIn Rescue StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0003.tmp\lmi_rescue.exe] => Enabled:LogMeIn Rescue StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\lxducoms.exe] => Enabled:5600-6600 Series Server StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service StandardProfile\AuthorizedApplications: [C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe] => Enabled:FreeFileViewerUpdateChecker StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP Deskjet 3050A J611 series) StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe] => :LocalSubNet:Enabled:HP Network Communicator (HP Deskjet 3050A J611 series) StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP Deskjet 3050A J611 series) StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox) StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe] => Enabled:McAfee Shared Service Host DomainProfile\GloballyOpenPorts: [26675:TCP] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Service StandardProfile\GloballyOpenPorts: [1542:TCP] => Enabled:Realtek WPS TCP Prot StandardProfile\GloballyOpenPorts: [1542:UDP] => Enabled:Realtek WPS UDP Prot StandardProfile\GloballyOpenPorts: [53:UDP] => Enabled:Realtek AP UDP Prot StandardProfile\GloballyOpenPorts: [26675:TCP] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Service StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007 StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/10/2015 11:08:51 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application thunderbird.exe, version 31.7.0.5605, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (07/10/2015 10:35:19 AM) (Source: Application Error) (EventID: 1001) (User: ) Description: Fault bucket -413036403. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. Error: (07/10/2015 10:35:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application McSvHost.exe, version 3.8.703.0, faulting module unknown, version 0.0.0.0, fault address 0x00640068. Processing media-specific event for [McSvHost.exe!ws!] Error: (07/10/2015 10:34:37 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application firefox.exe, version 39.0.0.5659, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (07/10/2015 09:55:07 AM) (Source: Application Hang) (EventID: 1001) (User: ) Description: Fault bucket 734562961. Error: (07/10/2015 09:54:53 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (07/10/2015 09:52:05 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application thunderbird.exe, version 31.7.0.5605, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (07/10/2015 09:44:58 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application thunderbird.exe, version 31.7.0.5605, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (07/10/2015 09:20:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application mcagent.exe, version 12.8.957.0, faulting module mcagent.exe, version 12.8.957.0, fault address 0x0000edec. Processing media-specific event for [mcagent.exe!ws!] Error: (07/09/2015 11:31:07 PM) (Source: Application Error) (EventID: 1001) (User: ) Description: Fault bucket -413036403. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. System errors: ============= Error: (04/04/2015 12:47:41 PM) (Source: Print) (EventID: 6161) (User: DEVALETTE) Description: The document C:\Documents and Settings\Administrator\My Documents\User\LFA Projects\Broadley\Broadley Studios 11.dwg Model (1) owned by Administrator failed to print on printer Lexmark 5600-6600 Series (USB). Data type: LEMF. Size of the spool file in bytes: 106660. Number of bytes printed: 106660. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\DEVALETTE. Win32 error code returned by the print processor: C:\Documents and Settings\Administrator\My Documents\User\LFA Projects\Broadley\Broadley Studios 11.dwg Model (1)0. C:\Documents and Settings\Administrator\My Documents\User\LFA Projects\Broadley\Broadley Studios 11.dwg Model (1)1 Error: (04/02/2015 12:49:56 AM) (Source: Print) (EventID: 6161) (User: DEVALETTE) Description: The document C:\Documents and Settings\Administrator\My Documents\User\LFA Projects\Creation Company\Blake Mews Revamp\CCR4.dwg Model (1) owned by Administrator failed to print on printer Lexmark 5600-6600 Series (USB). Data type: LEMF. Size of the spool file in bytes: 165196. Number of bytes printed: 165196. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\DEVALETTE. Win32 error code returned by the print processor: C:\Documents and Settings\Administrator\My Documents\User\LFA Projects\Creation Company\Blake Mews Revamp\CCR4.dwg Model (1)0. C:\Documents and Settings\Administrator\My Documents\User\LFA Projects\Creation Company\Blake Mews Revamp\CCR4.dwg Model (1)1 Error: (04/01/2015 06:24:24 PM) (Source: Print) (EventID: 6161) (User: DEVALETTE) Description: The document C:\Documents and Settings\Administrator\My Documents\Drawing1.dwg Model (1) owned by Administrator failed to print on printer Lexmark 5600-6600 Series (USB). Data type: LEMF. Size of the spool file in bytes: 2756. Number of bytes printed: 2756. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\DEVALETTE. Win32 error code returned by the print processor: C:\Documents and Settings\Administrator\My Documents\Drawing1.dwg Model (1)0. C:\Documents and Settings\Administrator\My Documents\Drawing1.dwg Model (1)1 Error: (04/01/2015 06:16:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: %%1053 Error: (04/01/2015 06:16:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect. Error: (04/01/2015 06:16:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: %%1053 Error: (04/01/2015 06:16:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect. Error: (04/01/2015 06:16:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The ParetoLogic Internet Security service failed to start due to the following error: %%3 Error: (04/01/2015 06:16:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The lxduCATSCustConnectService service failed to start due to the following error: %%1053 Error: (04/01/2015 06:16:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 milliseconds) waiting for the lxduCATSCustConnectService service to connect. Microsoft Office: ========================= Error: (07/10/2015 11:08:51 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: thunderbird.exe31.7.0.5605hungapp0.0.0.000000000 Error: (07/10/2015 10:35:19 AM) (Source: Application Error) (EventID: 1001) (User: ) Description: -413036403 Error: (07/10/2015 10:35:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: McSvHost.exe3.8.703.0unknown0.0.0.000640068 Error: (07/10/2015 10:34:37 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe39.0.0.5659hungapp0.0.0.000000000 Error: (07/10/2015 09:55:07 AM) (Source: Application Hang) (EventID: 1001) (User: ) Description: 734562961 Error: (07/10/2015 09:54:53 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000 Error: (07/10/2015 09:52:05 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: thunderbird.exe31.7.0.5605hungapp0.0.0.000000000 Error: (07/10/2015 09:44:58 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: thunderbird.exe31.7.0.5605hungapp0.0.0.000000000 Error: (07/10/2015 09:20:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: mcagent.exe12.8.957.0mcagent.exe12.8.957.00000edec Error: (07/09/2015 11:31:07 PM) (Source: Application Error) (EventID: 1001) (User: ) Description: -413036403 ==================== Memory info =========================== Processor: Intel® Pentium® 4 CPU 3.00GHz Percentage of memory in use: 79% Total physical RAM: 1022.07 MB Available physical RAM: 206.6 MB Total Virtual: 5019.91 MB Available Virtual: 4032.92 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:298.09 GB) (Free:246.04 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 55157E4E) Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS) ==================== End of log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2015 Ran by Administrator (administrator) on DEVALETTE on 12-07-2015 13:13:14 Running from C:\Documents and Settings\Administrator\My Documents\Downloads Loaded Profiles: Administrator (Available Profiles: Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\WINDOWS\system32\ati2evxx.exe (IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ( ) C:\WINDOWS\system32\lxducoms.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Sony Corporation) C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe () C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe () C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) C:\PROGRA~1\MICROS~3\rapimgr.exe (IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Dropbox, Inc.) C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Reader Library Launcher] => C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-13] (Sony Corporation) HKLM\...\Run: [lxdumon.exe] => C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe [676520 2008-05-30] () HKLM\...\Run: [lxduamon] => C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe [16040 2008-05-30] () HKLM\...\Run: [Lexmark 5600-6600 Series Fax Server] => C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe [311976 2008-05-30] () HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [335872 2004-05-25] (ATI Technologies, Inc.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.) HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949592 2015-02-14] (APN) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1214440339-1364589140-839522115-500\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation) HKU\S-1-5-21-1214440339-1364589140-839522115-500\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated) HKU\S-1-5-21-1214440339-1364589140-839522115-500\...\Run: [Dropbox Update] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.) HKU\S-1-5-21-1214440339-1364589140-839522115-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation) AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File not found Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-11] ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk [2013-10-29] ShortcutTarget: AutoCAD LT Startup Accelerator.lnk -> C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2004-02-25] (Autodesk) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=GB&userid=b4b2d7f9-f344-4697-8e96-cd20038fece6&searchtype=ds&q={searchTerms}&installDate=19/09/2013 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=GB&userid=b4b2d7f9-f344-4697-8e96-cd20038fece6&searchtype=ds&q={searchTerms}&installDate=19/09/2013 HKU\S-1-5-21-1214440339-1364589140-839522115-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1214440339-1364589140-839522115-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com"<======= ATTENTION SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM -> {429559AC-1128-D420-90E1-0E1894E36CB8} URL = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=GB&userid=b4b2d7f9-f344-4697-8e96-cd20038fece6&searchtype=ds&q={searchTerms}&installDate=19/09/2013 SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> URL http://search.conduit.com/Results.aspx?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP33A50045-6736-4DF4-967C-A3C7C549B66D&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtD0FtC0F0D0DzzyCyE0AyBtD0F0AtN0D0Tzu0CyCyCzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=5260213&ir= BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-17] (Oracle Corporation) BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File BHO: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll [2008-05-30] () BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-17] (Oracle Corporation) Toolbar: HKU\.DEFAULT -> No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File Toolbar: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{FA4A3B1C-2A85-4335-BDE3-E12B2603A7E9}: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328 FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M95522E8F-2408-494B-BB97-632AC5E227D5&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP046D9554-79E9-450D-B6B2-A664F143E365 FF SelectedSearchEngine: Trovi search FF Homepage: about:home FF Keyword.URL: FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-12] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-17] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-10-14] (Google) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-07-22] (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-07-22] (RealNetworks, Inc.) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader) FF Plugin: @sony.com/eBookLibrary -> C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll [2010-07-13] (Sony Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-12] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-12] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-12] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-12] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-12] (Apple Inc.) FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\ask-search.xml [2015-02-17] FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\trovi-search.xml [2014-06-09] FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\searchplugins\trovi-search.xml [2014-06-09] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-05-13] FF Extension: FindRight - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-21] FF Extension: ADB Helper - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\adbhelper@mozilla.org [2015-07-03] FF Extension: Saved Password Editor - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\savedpasswordeditor@daniel.dawson.xpi [2013-10-27] FF Extension: FindRight - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-21] FF Extension: NoScript - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-30] FF Extension: Password Exporter - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2013-11-01] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-07] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-07] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-31] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-18] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03] Chrome: ======= CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-23] CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-23] CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-23] CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-23] CHR Extension: (RealDownloader) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-10-23] CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-23] CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-23] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-31] (APN LLC.) R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [397312 2004-05-25] () S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-05-25] () [File not signed] S2 lxduCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe [98984 2008-05-24] (Lexmark International, Inc.) R2 lxdu_device; C:\WINDOWS\system32\lxducoms.exe [594600 2008-05-24] ( ) R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2222360 2015-06-02] (IBM Corp.) R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2462160 2014-07-21] (Paramount Software UK Ltd) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S4 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.) S3 Sony SCSI Helper Service; C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed] S4 Websteroids; C:\Documents and Settings\All Users\Application Data\Websteroids\Websteroids.exe [150392 2014-02-11] (Creative Island Media, LLC) S2 SBAMSvc; "C:\Program Files\ParetoLogic\ParetoLogic Internet Security\SBAMSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2011-06-30] (Cisco Systems, Inc.) [File not signed] S3 atidgllk; C:\dell\drivers\R105090\atidgllk.sys [5120 2005-03-11] (ATI Technologies Inc.) [File not signed] S3 eyeonedp; C:\WINDOWS\System32\DRIVERS\eyeonedp.sys [44344 2003-11-27] () [File not signed] R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation) S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-10-23] () R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed] R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [13528 2014-07-21] () R1 RapportCerberus_1412112; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1412112.sys [531416 2015-06-23] (IBM Corp.) R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [280088 2015-06-02] (IBM Corp.) R0 RapportKELL; C:\WINDOWS\System32\Drivers\RapportKELL.sys [218264 2015-06-02] (IBM Corp.) R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [337176 2015-06-02] (IBM Corp.) R1 sbaphd; C:\WINDOWS\System32\drivers\sbaphd.sys [22064 2012-09-12] (GFI Software) R2 sbapifs; C:\WINDOWS\System32\drivers\sbapifs.sys [66344 2012-09-12] (GFI Software) R1 SbFw; C:\WINDOWS\System32\drivers\SbFw.sys [337184 2012-09-20] (GFI Software) S3 SBFWIMCL; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [95488 2012-09-12] (GFI Software) R3 SBFWIMCLMP; C:\WINDOWS\System32\DRIVERS\SBFWIM.sys [95488 2012-09-12] (GFI Software) S3 sbhips; C:\WINDOWS\System32\drivers\sbhips.sys [94496 2012-09-20] (GFI Software) R1 sbtis; C:\WINDOWS\System32\drivers\sbtis.sys [222368 2012-09-20] (GFI Software) S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation) S3 WIMMount; C:\Program Files\Macrium\Reflect\wimmount.sys [19024 2015-03-29] (Microsoft Corporation) S3 aeaudio; system32\drivers\aeaudio.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S4 IntelIde; No ImagePath U0 mfewfpk; No ImagePath S3 rt2870; system32\DRIVERS\rt2870.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-12 13:12 - 2015-07-12 13:13 - 00000000 ____D C:\FRST 2015-07-12 02:34 - 2015-07-12 12:16 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-07-11 04:27 - 2015-07-11 04:27 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Dropbox 2015-07-10 09:40 - 2015-07-10 09:40 - 05760054 _____ C:\Documents and Settings\Administrator\Desktop\ultraman image.bmp 2015-07-09 23:04 - 2015-07-09 23:05 - 27093992 _____ (McAfee) C:\Program Files\Common Files\lpuninstall.exe 2015-07-09 23:04 - 2015-07-09 23:04 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\SafeKeytmp 2015-07-09 23:04 - 2015-07-09 23:04 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\SafeKeylang 2015-07-09 23:00 - 2015-07-10 11:24 - 00000000 ____D C:\Program Files\McAfee 2015-07-09 22:33 - 2015-07-10 11:30 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\New Folder 2015-07-09 22:15 - 2015-07-09 22:15 - 00001816 _____ C:\Documents and Settings\Administrator\Desktop\McAfee Security Scan Plus.lnk 2015-06-27 11:29 - 2015-06-27 11:30 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Clued Up 2015-06-24 22:05 - 2015-07-09 00:04 - 00017920 _____ C:\Documents and Settings\Administrator\Desktop\Zorro Memocams.xls 2015-06-18 23:20 - 2015-07-12 12:25 - 00001020 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1214440339-1364589140-839522115-500UA.job 2015-06-18 23:20 - 2015-07-11 23:25 - 00000968 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1214440339-1364589140-839522115-500Core.job 2015-06-18 23:20 - 2015-06-18 23:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Dropbox 2015-06-18 23:20 - 2015-06-18 23:20 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-12 13:13 - 2013-12-03 15:22 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-12 13:13 - 2011-03-28 22:41 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp 2015-07-12 12:58 - 2011-03-29 21:53 - 01716991 _____ C:\WINDOWS\WindowsUpdate.log 2015-07-12 12:52 - 2011-03-31 00:00 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2015-07-12 11:16 - 2013-10-29 20:39 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-07-12 10:10 - 2014-07-24 18:56 - 00000466 _____ C:\WINDOWS\Tasks\At1.job 2015-07-12 09:13 - 2013-12-03 15:22 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-12 02:34 - 2014-09-02 00:32 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe 2015-07-12 02:34 - 2013-10-23 14:12 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-07-12 02:34 - 2013-10-23 14:12 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-07-11 22:06 - 2014-02-23 22:56 - 00000410 _____ C:\WINDOWS\Tasks\ProgramUpdateCheck.job 2015-07-11 21:59 - 2014-02-23 22:56 - 00000394 _____ C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job 2015-07-11 21:58 - 2014-02-23 22:56 - 00000466 _____ C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job 2015-07-11 20:40 - 2014-07-24 18:56 - 00000466 _____ C:\WINDOWS\Tasks\At2.job 2015-07-11 19:25 - 2011-03-28 22:41 - 00032442 _____ C:\WINDOWS\SchedLgU.Txt 2015-07-11 18:56 - 2014-07-24 18:56 - 00000466 _____ C:\WINDOWS\Tasks\At3.job 2015-07-11 14:55 - 2013-10-29 20:39 - 00000820 _____ C:\WINDOWS\Tasks\Google Software Updater.job 2015-07-11 14:00 - 2014-07-24 18:56 - 00000466 _____ C:\WINDOWS\Tasks\At4.job 2015-07-11 13:50 - 2013-10-23 02:47 - 00454311 _____ C:\WINDOWS\setupapi.log 2015-07-11 04:28 - 2014-08-05 12:32 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\Dropbox 2015-07-11 04:28 - 2014-08-05 12:27 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Dropbox 2015-07-11 01:25 - 2013-10-29 20:39 - 00000302 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1214440339-1364589140-839522115-500.job 2015-07-10 11:24 - 2011-09-13 10:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee 2015-07-10 11:23 - 2011-03-28 23:20 - 00000159 _____ C:\WINDOWS\wiadebug.log 2015-07-10 11:23 - 2011-03-28 23:20 - 00000049 _____ C:\WINDOWS\wiaservc.log 2015-07-10 11:23 - 2003-07-16 17:46 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2015-07-10 11:22 - 2014-03-31 12:45 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2015-07-10 11:22 - 2013-10-30 17:13 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job 2015-07-10 11:22 - 2013-10-29 20:39 - 00000294 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1214440339-1364589140-839522115-500.job 2015-07-10 11:22 - 2011-03-28 22:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-07-10 11:21 - 2013-10-30 16:22 - 00524288 _____ C:\WINDOWS\system32\config\SpybotSD.evt 2015-07-10 11:21 - 2011-03-28 22:41 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2015-07-09 23:15 - 2013-05-24 15:27 - 00000000 ____D C:\WINDOWS\system32\LogFiles 2015-07-09 22:22 - 2011-03-28 22:25 - 00000000 ____D C:\WINDOWS\Registration 2015-07-09 00:48 - 2011-03-31 00:06 - 00000000 ____D C:\Documents and Settings\All Users\Lx_cats 2015-07-08 15:00 - 2014-03-31 12:45 - 00000232 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2015-07-07 12:37 - 2015-06-06 16:35 - 00015360 _____ C:\Documents and Settings\Administrator\Desktop\values for tank switching.xls 2015-07-07 11:40 - 2013-10-30 16:22 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2 2015-07-05 18:22 - 2013-10-02 18:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-07-05 18:17 - 2015-04-07 22:54 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-07-01 07:47 - 2013-10-30 17:13 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2015-07-01 07:46 - 2013-10-30 17:13 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job 2015-06-25 18:11 - 2014-09-06 11:04 - 00002702 _____ C:\Documents and Settings\Administrator\My Documents\plot.log 2015-06-25 18:11 - 2011-08-04 16:34 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\CutePDF Writer 2015-06-23 13:00 - 2013-09-18 16:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection ==================== Files in the root of some directories ======= 2014-03-21 18:23 - 2014-06-23 11:42 - 0000000 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml 2015-07-09 23:04 - 2015-07-09 23:05 - 27093992 _____ (McAfee) C:\Program Files\Common Files\lpuninstall.exe 2013-04-13 19:03 - 2013-04-13 19:03 - 0002528 _____ () C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc 2013-09-13 00:37 - 2013-09-13 00:37 - 0184514 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache 2013-09-13 00:38 - 2013-09-13 00:38 - 0236111 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache 2011-08-09 14:20 - 2014-05-09 15:11 - 0011776 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-03-31 23:48 - 2011-03-31 23:48 - 0000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat 2013-09-13 00:01 - 2013-09-13 00:01 - 0000036 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache 2013-10-24 10:43 - 2013-10-24 10:43 - 0000252 _____ () C:\Documents and Settings\All Users\FastPics.log 2013-10-23 22:16 - 2013-10-26 14:47 - 0008156 _____ () C:\Documents and Settings\All Users\lxdu.log 2013-10-23 22:06 - 2013-10-25 14:32 - 0000561 _____ () C:\Documents and Settings\All Users\lxduDiagnostics.log 2013-11-03 15:20 - 2013-11-03 15:31 - 0004660 _____ () C:\Documents and Settings\All Users\lxduJSW.log 2013-10-24 00:30 - 2013-10-24 00:30 - 0141432 _____ () C:\Documents and Settings\All Users\SPL103.tmp 2013-11-09 20:42 - 2013-11-09 20:42 - 0186098 _____ () C:\Documents and Settings\All Users\SPL2.tmp 2013-11-10 00:43 - 2013-11-10 00:43 - 0177340 _____ () C:\Documents and Settings\All Users\SPL24.tmp 2014-10-25 20:47 - 2014-10-25 20:47 - 2396603 _____ () C:\Documents and Settings\All Users\SPL609.tmp 2013-11-09 15:04 - 2013-11-09 15:04 - 0186098 _____ () C:\Documents and Settings\All Users\SPL9C.tmp 2011-03-30 23:56 - 2011-03-30 23:56 - 0000000 _____ () C:\Documents and Settings\All Users\UpdaterLog.txt Files to move or delete: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job Some files in TEMP: ==================== C:\Documents and Settings\Administrator\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf_6cb9.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2015 Ran by Administrator (administrator) on DEVALETTE on 12-07-2015 13:13:14 Running from C:\Documents and Settings\Administrator\My Documents\Downloads Loaded Profiles: Administrator (Available Profiles: Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\WINDOWS\system32\ati2evxx.exe (IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ( ) C:\WINDOWS\system32\lxducoms.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Sony Corporation) C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe () C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe () C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) C:\PROGRA~1\MICROS~3\rapimgr.exe (IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Dropbox, Inc.) C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Reader Library Launcher] => C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-13] (Sony Corporation) HKLM\...\Run: [lxdumon.exe] => C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe [676520 2008-05-30] () HKLM\...\Run: [lxduamon] => C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe [16040 2008-05-30] () HKLM\...\Run: [Lexmark 5600-6600 Series Fax Server] => C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe [311976 2008-05-30] () HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [335872 2004-05-25] (ATI Technologies, Inc.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.) HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949592 2015-02-14] (APN) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1214440339-1364589140-839522115-500\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation) HKU\S-1-5-21-1214440339-1364589140-839522115-500\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated) HKU\S-1-5-21-1214440339-1364589140-839522115-500\...\Run: [Dropbox Update] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.) HKU\S-1-5-21-1214440339-1364589140-839522115-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation) AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File not found Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-11] ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk [2013-10-29] ShortcutTarget: AutoCAD LT Startup Accelerator.lnk -> C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2004-02-25] (Autodesk) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=GB&userid=b4b2d7f9-f344-4697-8e96-cd20038fece6&searchtype=ds&q={searchTerms}&installDate=19/09/2013 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=GB&userid=b4b2d7f9-f344-4697-8e96-cd20038fece6&searchtype=ds&q={searchTerms}&installDate=19/09/2013 HKU\S-1-5-21-1214440339-1364589140-839522115-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1214440339-1364589140-839522115-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com"<======= ATTENTION SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM -> {429559AC-1128-D420-90E1-0E1894E36CB8} URL = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=GB&userid=b4b2d7f9-f344-4697-8e96-cd20038fece6&searchtype=ds&q={searchTerms}&installDate=19/09/2013 SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> URL http://search.conduit.com/Results.aspx?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP33A50045-6736-4DF4-967C-A3C7C549B66D&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtD0FtC0F0D0DzzyCyE0AyBtD0F0AtN0D0Tzu0CyCyCzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=5260213&ir= BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-17] (Oracle Corporation) BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File BHO: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll [2008-05-30] () BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-17] (Oracle Corporation) Toolbar: HKU\.DEFAULT -> No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File Toolbar: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{FA4A3B1C-2A85-4335-BDE3-E12B2603A7E9}: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328 FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M95522E8F-2408-494B-BB97-632AC5E227D5&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP046D9554-79E9-450D-B6B2-A664F143E365 FF SelectedSearchEngine: Trovi search FF Homepage: about:home FF Keyword.URL: FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-12] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-17] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-10-14] (Google) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-07-22] (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-07-22] (RealNetworks, Inc.) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader) FF Plugin: @sony.com/eBookLibrary -> C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll [2010-07-13] (Sony Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-12] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-12] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-12] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-12] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-12] (Apple Inc.) FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\ask-search.xml [2015-02-17] FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\trovi-search.xml [2014-06-09] FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\searchplugins\trovi-search.xml [2014-06-09] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-05-13] FF Extension: FindRight - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-21] FF Extension: ADB Helper - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\adbhelper@mozilla.org [2015-07-03] FF Extension: Saved Password Editor - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\savedpasswordeditor@daniel.dawson.xpi [2013-10-27] FF Extension: FindRight - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-21] FF Extension: NoScript - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-30] FF Extension: Password Exporter - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2013-11-01] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-07] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-07] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-31] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-18] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03] Chrome: ======= CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-23] CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-23] CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-23] CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-23] CHR Extension: (RealDownloader) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-10-23] CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-23] CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-23] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-31] (APN LLC.) R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [397312 2004-05-25] () S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-05-25] () [File not signed] S2 lxduCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe [98984 2008-05-24] (Lexmark International, Inc.) R2 lxdu_device; C:\WINDOWS\system32\lxducoms.exe [594600 2008-05-24] ( ) R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2222360 2015-06-02] (IBM Corp.) R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2462160 2014-07-21] (Paramount Software UK Ltd) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S4 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.) S3 Sony SCSI Helper Service; C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed] S4 Websteroids; C:\Documents and Settings\All Users\Application Data\Websteroids\Websteroids.exe [150392 2014-02-11] (Creative Island Media, LLC) S2 SBAMSvc; "C:\Program Files\ParetoLogic\ParetoLogic Internet Security\SBAMSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2011-06-30] (Cisco Systems, Inc.) [File not signed] S3 atidgllk; C:\dell\drivers\R105090\atidgllk.sys [5120 2005-03-11] (ATI Technologies Inc.) [File not signed] S3 eyeonedp; C:\WINDOWS\System32\DRIVERS\eyeonedp.sys [44344 2003-11-27] () [File not signed] R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation) S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-10-23] () R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed] R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [13528 2014-07-21] () R1 RapportCerberus_1412112; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1412112.sys [531416 2015-06-23] (IBM Corp.) R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [280088 2015-06-02] (IBM Corp.) R0 RapportKELL; C:\WINDOWS\System32\Drivers\RapportKELL.sys [218264 2015-06-02] (IBM Corp.) R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [337176 2015-06-02] (IBM Corp.) R1 sbaphd; C:\WINDOWS\System32\drivers\sbaphd.sys [22064 2012-09-12] (GFI Software) R2 sbapifs; C:\WINDOWS\System32\drivers\sbapifs.sys [66344 2012-09-12] (GFI Software) R1 SbFw; C:\WINDOWS\System32\drivers\SbFw.sys [337184 2012-09-20] (GFI Software) S3 SBFWIMCL; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [95488 2012-09-12] (GFI Software) R3 SBFWIMCLMP; C:\WINDOWS\System32\DRIVERS\SBFWIM.sys [95488 2012-09-12] (GFI Software) S3 sbhips; C:\WINDOWS\System32\drivers\sbhips.sys [94496 2012-09-20] (GFI Software) R1 sbtis; C:\WINDOWS\System32\drivers\sbtis.sys [222368 2012-09-20] (GFI Software) S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation) S3 WIMMount; C:\Program Files\Macrium\Reflect\wimmount.sys [19024 2015-03-29] (Microsoft Corporation) S3 aeaudio; system32\drivers\aeaudio.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S4 IntelIde; No ImagePath U0 mfewfpk; No ImagePath S3 rt2870; system32\DRIVERS\rt2870.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-12 13:12 - 2015-07-12 13:13 - 00000000 ____D C:\FRST 2015-07-12 02:34 - 2015-07-12 12:16 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-07-11 04:27 - 2015-07-11 04:27 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Dropbox 2015-07-10 09:40 - 2015-07-10 09:40 - 05760054 _____ C:\Documents and Settings\Administrator\Desktop\ultraman image.bmp 2015-07-09 23:04 - 2015-07-09 23:05 - 27093992 _____ (McAfee) C:\Program Files\Common Files\lpuninstall.exe 2015-07-09 23:04 - 2015-07-09 23:04 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\SafeKeytmp 2015-07-09 23:04 - 2015-07-09 23:04 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\SafeKeylang 2015-07-09 23:00 - 2015-07-10 11:24 - 00000000 ____D C:\Program Files\McAfee 2015-07-09 22:33 - 2015-07-10 11:30 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\New Folder 2015-07-09 22:15 - 2015-07-09 22:15 - 00001816 _____ C:\Documents and Settings\Administrator\Desktop\McAfee Security Scan Plus.lnk 2015-06-27 11:29 - 2015-06-27 11:30 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Clued Up 2015-06-24 22:05 - 2015-07-09 00:04 - 00017920 _____ C:\Documents and Settings\Administrator\Desktop\Zorro Memocams.xls 2015-06-18 23:20 - 2015-07-12 12:25 - 00001020 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1214440339-1364589140-839522115-500UA.job 2015-06-18 23:20 - 2015-07-11 23:25 - 00000968 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1214440339-1364589140-839522115-500Core.job 2015-06-18 23:20 - 2015-06-18 23:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Dropbox 2015-06-18 23:20 - 2015-06-18 23:20 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-12 13:13 - 2013-12-03 15:22 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-12 13:13 - 2011-03-28 22:41 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp 2015-07-12 12:58 - 2011-03-29 21:53 - 01716991 _____ C:\WINDOWS\WindowsUpdate.log 2015-07-12 12:52 - 2011-03-31 00:00 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2015-07-12 11:16 - 2013-10-29 20:39 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-07-12 10:10 - 2014-07-24 18:56 - 00000466 _____ C:\WINDOWS\Tasks\At1.job 2015-07-12 09:13 - 2013-12-03 15:22 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-12 02:34 - 2014-09-02 00:32 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe 2015-07-12 02:34 - 2013-10-23 14:12 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-07-12 02:34 - 2013-10-23 14:12 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-07-11 22:06 - 2014-02-23 22:56 - 00000410 _____ C:\WINDOWS\Tasks\ProgramUpdateCheck.job 2015-07-11 21:59 - 2014-02-23 22:56 - 00000394 _____ C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job 2015-07-11 21:58 - 2014-02-23 22:56 - 00000466 _____ C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job 2015-07-11 20:40 - 2014-07-24 18:56 - 00000466 _____ C:\WINDOWS\Tasks\At2.job 2015-07-11 19:25 - 2011-03-28 22:41 - 00032442 _____ C:\WINDOWS\SchedLgU.Txt 2015-07-11 18:56 - 2014-07-24 18:56 - 00000466 _____ C:\WINDOWS\Tasks\At3.job 2015-07-11 14:55 - 2013-10-29 20:39 - 00000820 _____ C:\WINDOWS\Tasks\Google Software Updater.job 2015-07-11 14:00 - 2014-07-24 18:56 - 00000466 _____ C:\WINDOWS\Tasks\At4.job 2015-07-11 13:50 - 2013-10-23 02:47 - 00454311 _____ C:\WINDOWS\setupapi.log 2015-07-11 04:28 - 2014-08-05 12:32 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\Dropbox 2015-07-11 04:28 - 2014-08-05 12:27 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Dropbox 2015-07-11 01:25 - 2013-10-29 20:39 - 00000302 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1214440339-1364589140-839522115-500.job 2015-07-10 11:24 - 2011-09-13 10:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee 2015-07-10 11:23 - 2011-03-28 23:20 - 00000159 _____ C:\WINDOWS\wiadebug.log 2015-07-10 11:23 - 2011-03-28 23:20 - 00000049 _____ C:\WINDOWS\wiaservc.log 2015-07-10 11:23 - 2003-07-16 17:46 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2015-07-10 11:22 - 2014-03-31 12:45 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2015-07-10 11:22 - 2013-10-30 17:13 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job 2015-07-10 11:22 - 2013-10-29 20:39 - 00000294 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1214440339-1364589140-839522115-500.job 2015-07-10 11:22 - 2011-03-28 22:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-07-10 11:21 - 2013-10-30 16:22 - 00524288 _____ C:\WINDOWS\system32\config\SpybotSD.evt 2015-07-10 11:21 - 2011-03-28 22:41 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2015-07-09 23:15 - 2013-05-24 15:27 - 00000000 ____D C:\WINDOWS\system32\LogFiles 2015-07-09 22:22 - 2011-03-28 22:25 - 00000000 ____D C:\WINDOWS\Registration 2015-07-09 00:48 - 2011-03-31 00:06 - 00000000 ____D C:\Documents and Settings\All Users\Lx_cats 2015-07-08 15:00 - 2014-03-31 12:45 - 00000232 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2015-07-07 12:37 - 2015-06-06 16:35 - 00015360 _____ C:\Documents and Settings\Administrator\Desktop\values for tank switching.xls 2015-07-07 11:40 - 2013-10-30 16:22 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2 2015-07-05 18:22 - 2013-10-02 18:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-07-05 18:17 - 2015-04-07 22:54 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-07-01 07:47 - 2013-10-30 17:13 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2015-07-01 07:46 - 2013-10-30 17:13 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job 2015-06-25 18:11 - 2014-09-06 11:04 - 00002702 _____ C:\Documents and Settings\Administrator\My Documents\plot.log 2015-06-25 18:11 - 2011-08-04 16:34 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\CutePDF Writer 2015-06-23 13:00 - 2013-09-18 16:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection ==================== Files in the root of some directories ======= 2014-03-21 18:23 - 2014-06-23 11:42 - 0000000 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml 2015-07-09 23:04 - 2015-07-09 23:05 - 27093992 _____ (McAfee) C:\Program Files\Common Files\lpuninstall.exe 2013-04-13 19:03 - 2013-04-13 19:03 - 0002528 _____ () C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc 2013-09-13 00:37 - 2013-09-13 00:37 - 0184514 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache 2013-09-13 00:38 - 2013-09-13 00:38 - 0236111 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache 2011-08-09 14:20 - 2014-05-09 15:11 - 0011776 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-03-31 23:48 - 2011-03-31 23:48 - 0000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat 2013-09-13 00:01 - 2013-09-13 00:01 - 0000036 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache 2013-10-24 10:43 - 2013-10-24 10:43 - 0000252 _____ () C:\Documents and Settings\All Users\FastPics.log 2013-10-23 22:16 - 2013-10-26 14:47 - 0008156 _____ () C:\Documents and Settings\All Users\lxdu.log 2013-10-23 22:06 - 2013-10-25 14:32 - 0000561 _____ () C:\Documents and Settings\All Users\lxduDiagnostics.log 2013-11-03 15:20 - 2013-11-03 15:31 - 0004660 _____ () C:\Documents and Settings\All Users\lxduJSW.log 2013-10-24 00:30 - 2013-10-24 00:30 - 0141432 _____ () C:\Documents and Settings\All Users\SPL103.tmp 2013-11-09 20:42 - 2013-11-09 20:42 - 0186098 _____ () C:\Documents and Settings\All Users\SPL2.tmp 2013-11-10 00:43 - 2013-11-10 00:43 - 0177340 _____ () C:\Documents and Settings\All Users\SPL24.tmp 2014-10-25 20:47 - 2014-10-25 20:47 - 2396603 _____ () C:\Documents and Settings\All Users\SPL609.tmp 2013-11-09 15:04 - 2013-11-09 15:04 - 0186098 _____ () C:\Documents and Settings\All Users\SPL9C.tmp 2011-03-30 23:56 - 2011-03-30 23:56 - 0000000 _____ () C:\Documents and Settings\All Users\UpdaterLog.txt Files to move or delete: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job Some files in TEMP: ==================== C:\Documents and Settings\Administrator\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf_6cb9.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================

Hi Have re read your instructions. aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software Run date: 2015-07-12 13:33:58 ----------------------------- 13:33:58.093 OS Version: Windows 5.1.2600 Service Pack 3 13:33:58.093 Number of processors: 1 586 0x304 13:33:58.093 ComputerName: DEVALETTE UserName: 13:33:58.875 Initialize success 13:33:59.000 VM: initialized successfully 13:33:59.000 VM: Intel CPU virtualization not supported 13:42:20.531 AVAST engine defs: 15071101 13:42:47.484 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt" 13:42:57.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e 13:42:57.187 Disk 0 Vendor: WDC_WD3200AVJS-63B6A0 01.03A01 Size: 305245MB BusType: 3 13:42:58.500 Disk 0 MBR read successfully 13:42:58.500 Disk 0 MBR scan 13:42:59.390 Disk 0 Windows XP default MBR code 13:42:59.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63 13:42:59.515 Disk 0 unknown boot code 13:42:59.718 Disk 0 statistics 277/0/0 @ 0.23 MB/s 13:42:59.718 Scan finished successfully 13:45:36.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat" 13:45:36.562 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

Hi Here is aswMBR thanks again aswMBR.txt

Addition.txt attached thanks Addition.txt

Hi Thank you for quick reply. .txt enclosed. Addition to follow. FRST.txt

During the Googe Doodles browser celebrating 114 th birthday of Eiji Tsuburayas, who makes films using "monsters", this icon appeared in centre of desktop.The browser ran a montage of which this was one. Unable to access or delete. Malware or virus progs wont touch it. screenshot attached Any ideas? ultraman image.bmp