Two active rundll32.exe processes and one of them is using gradualy more and more memory

Terza · November 10, 2013

Hello,

I'm having problems with a suspicious process. Today I have noticed that another rundll32.exe process is active in my task manager, and it gradualy takes more and more memory. I've seen a post from someone, who had the same problem on your forum, so I've decided to ask for help from You. I've taken the steps that u advised, and here are my results.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16762 BrowserJavaVersion: 10.45.2
Run by PC at 17:12:40 on 2013-11-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2009.1177 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\Rundll32.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: SweetTunes1 Toolbar: {f9d1c08c-2031-4e6c-ab51-50330ac2d988} - c:\program files\sweettunes1\prxtbSwee.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SweetTunes1 Toolbar: {f9d1c08c-2031-4e6c-ab51-50330ac2d988} - c:\program files\sweettunes1\prxtbSwee.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: SweetTunes1 Toolbar: {f9d1c08c-2031-4e6c-ab51-50330ac2d988} - c:\program files\sweettunes1\prxtbSwee.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Hoolapp Android] "c:\docume~1\pc\applic~1\hoolap~1\Hoolapp.exe" /Minimized
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [ConduitFloatingPlugin_giolhomkcooifelkdfpejhidfidaahlc] "c:\windows\system32\rundll32.exe" "c:\program files\conduit\ct3282698\plugins\TBVerifier.dll",RunConduitFloatingPlugin giolhomkcooifelkdfpejhidfidaahlc
mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [soundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [GB_UPDATE] c:\program files\razer\razer game booster\AutoUpdate.exe/AUTORUN
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - <no file>
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

TCP: NameServer = 95.180.0.18 95.180.1.2
TCP: Interfaces\{798D2EB6-D5D8-46D2-BE18-4E729C2643B3} : DHCPNameServer = 95.180.0.18 95.180.1.2
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: DVDIdleShell Class - {93994DE8-8239-4655-B1D1-5F4E91300429} - c:\program files\dvd region+css free\DVDShell.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pc\application data\mozilla\firefox\profiles\zo7hp54f.default\
FF - prefs.js: browser.search.selectedEngine - SweetTunes Search

FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\pc\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\pc\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mcafee security scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110143
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.id - 04008a5b000000000000001f1601bcd7
FF - user.js: extensions.BabylonToolbar_i.hardId - 04008a5b000000000000001f1601bcd7
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15405
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:19:10
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 04008a5b000000000000001f1601bcd7
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15966
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.616:47:42
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119776&tt=150913_enh&tsp=5009
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-17 49248]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-3-17 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-9 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-18 368176]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-10-7 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-18 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-17 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-9 45248]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-10 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-10 701512]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-11 84240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-10 22856]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1cab17a6f5ed8b6;Google Update Service (gupdate1cab17a6f5ed8b6);c:\program files\google\update\GoogleUpdate.exe [2010-2-19 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S2 Util lucky leap;Util lucky leap;"c:\program files\lucky leap\bin\utilluckyleap.exe" --> c:\program files\lucky leap\bin\utilluckyleap.exe [?]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-17 164736]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-5-28 80824]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-6 235216]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-5-28 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-5-28 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-5-28 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-5-28 114280]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-5-28 181432]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\program files\razer\razer game booster\driver\winring0.sys --> c:\program files\razer\razer game booster\driver\WinRing0.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-11-10 15:28:06   --------   d-----w-   c:\documents and settings\pc\application data\Malwarebytes
2013-11-10 15:27:46   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2013-11-10 15:27:42   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-11-10 15:27:42   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2013-11-10 00:44:56   --------   d-----w-   c:\documents and settings\pc\local settings\application data\SweetTunes1
2013-11-10 00:44:55   --------   d-----w-   c:\program files\SweetTunes1
2013-11-10 00:44:55   --------   d-----w-   c:\documents and settings\all users\application data\Conduit
2013-11-10 00:44:31   --------   d-----w-   c:\documents and settings\pc\local settings\application data\NativeMessaging
2013-11-10 00:44:27   --------   d-----w-   c:\program files\Conduit
2013-11-10 00:44:27   --------   d-----w-   c:\documents and settings\pc\local settings\application data\CRE
2013-11-10 00:44:27   --------   d-----w-   c:\documents and settings\pc\local settings\application data\Conduit
2013-11-10 00:43:58   --------   d-----w-   c:\documents and settings\pc\application data\SearchProtect
2013-11-10 00:41:49   --------   d-----w-   c:\documents and settings\pc\application data\OpenCandy
2013-11-09 16:29:45   --------   d-----w-   c:\documents and settings\all users\application data\Codemasters
2013-11-09 16:26:57   809560   ----a-r-   c:\windows\system32\tmp199.tmp
2013-11-09 16:26:57   809560   ----a-r-   c:\windows\system32\tmp198.tmp
2013-11-09 16:26:57   445016   ----a-w-   c:\windows\system32\wrap_oal.dll
2013-11-09 16:26:57   109144   ----a-w-   c:\windows\system32\OpenAL32.dll
2013-11-09 16:26:57   --------   d-----w-   c:\program files\OpenAL
2013-11-09 16:12:56   --------   d-----w-   c:\program files\Codemasters
2013-11-08 09:33:21   --------   d-----w-   c:\program files\Rockstar Games
2013-11-08 09:33:00   696320   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2013-11-08 09:33:00   57344   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2013-11-08 09:33:00   5632   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2013-11-08 09:33:00   237568   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2013-11-08 09:33:00   155648   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2013-11-08 09:32:59   163972   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2013-11-08 09:32:58   282756   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2013-11-06 15:54:08   --------   d-----w-   c:\documents and settings\pc\application data\ChemAxon
2013-11-06 15:54:06   --------   d-----w-   c:\documents and settings\pc\chemaxon
2013-11-05 22:12:13   --------   d-----w-   c:\program files\Galileo Family Quiz - Spezial I
2013-10-17 08:48:44   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-10-16 21:58:02   --------   d-----w-   c:\program files\Alcohol Soft
2013-10-16 21:50:36   --------   d-----w-   c:\program files\MyPC Backup
2013-10-15 17:49:22   --------   d-----w-   c:\program files\BlackBean
.
==================== Find3M ====================
.
2013-10-16 21:50:59   466008   ----a-w-   c:\windows\system32\drivers\sptd.sys
2013-10-09 11:21:24   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 11:21:24   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-10-08 05:29:36   145408   ----a-w-   c:\windows\system32\javacpl.cpl
.
============= FINISH: 17:13:48.14 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 05-Feb-09 00:25:14
System Uptime: 10-Nov-13 17:05:35 (0 hours ago)
.
Motherboard: FUJITSU SIEMENS | | D46
Processor: Intel® Core2 Duo CPU     T5800 @ 2.00GHz | U2E1 | 1995/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 122 GiB total, 39.013 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 111 GiB total, 16.483 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_113F1734&REV_02\4&1A9C2D41&0&00E0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_113F1734&REV_02\4&1A9C2D41&0&00E0
Service: RTLE8023xp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\FFD7BC01FF161F00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\FFD7BC01FF161F00
Service: NIC1394
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\6&18372964&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\6&18372964&0&2
Service: BthPan
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N95
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia N95
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia N95 8GB
Device ID: ROOT\WPD\0002
Manufacturer: Nokia
Name: Nokia N95 8GB
PNP Device ID: ROOT\WPD\0002
Service: WUDFRd
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
ACDSee 10 Photo Manager
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.6
avast! Free Antivirus
Big Fish Games: Game Manager
BitTorrent
British Pharmacopoeia 2007
BS.Player PRO
Compatibility Pack for the 2007 Office system
CyberLink PowerDVD 8
Delicious 2 Deluxe
DVD Region+CSS Free 5.9.8.3
foobar2000 v1.2.8
Free YouTube Downloader 3.5.174
Galileo Family Quiz - Spezial I
GOM Player
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Grand Theft Auto Vice City
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
HP Memories Disc
HP Photo and Imaging 2.1 - Scanjet 2400 Series
Intel® Graphics Media Accelerator Driver
Java 7 Update 45
Java Auto Updater
Java 6 Update 35
JMicron JMB38X Flash Media Controller
K-Lite Mega Codec Pack 4.5.3
League of Legends
Malwarebytes Anti-Malware version 1.75.0.1300
Martindale: The Complete Drug Reference
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Kernel-Mode Driver Framework 1.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WinUsb 1.0
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Motorola SM56 Data Fax Modem
Mozilla Firefox 25.0 (x86 en-US)
Mozilla Maintenance Service
Nero 8 Ultra Edition HD
neroxml
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.5
Nokia MTP driver
Nokia NSeries Application Installer
Nokia NSeries Content Copier
Nokia NSeries Multimedia Player
Nokia NSeries One Touch Access
Nokia NSeries System Utilities
Nokia Nseries Video Manager
Nokia Software Launcher
Nokia Software Updater
OpenAL
Opera 9.63
Pando Media Booster
PASW Statistics 18
PC Connectivity Solution
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Remove British Pharmacopoeia 2007
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Skype Click to Call
Skype™ 6.9
Spelling Dictionaries Support For Adobe Reader 9
SweetTunes1 Toolbar for IE
swMSM
Synaptics Pointing Device Driver
The Sims Medieval
The Sims™ 3
Total Commander (Remove or Repair)
Tower6 Demo
Unity Web Player
Update for Windows XP (KB898461)
Update for Windows XP (KB955839)
Web Games Player Plugin
WebFldrs XP
Westward II
Winamp
Winamp Detector Plug-in
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
WinPcap 4.1.2
WinRAR archiver
WinZip 12.0
.
==== Event Viewer Messages From Past Week ========
.
05-Nov-13 22:07:44, error: Service Control Manager [7000] - The Util lucky leap service failed to start due to the following error: The system cannot find the path specified.
05-Nov-13 22:07:44, error: Service Control Manager [7000] - The Update lucky leap service failed to start due to the following error: The system cannot find the path specified.
05-Nov-13 12:24:13, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================

attach.txt

dds.txt

kevinf80 · November 10, 2013

Hello and

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Kevin

Terza · November 10, 2013

I'm sorry, I'm not sure if I have completely dissabled my Bittorent, but I'm not using it at the moment, so I think its dissabled.

Here is the FRST file.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013
Ran by PC (administrator) on COMPUTER-PC on 10-11-2013 18:04:53
Running from C:\Documents and Settings\PC\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\WINDOWS\system32\IoctlSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [bluetoothAuthenticationAgent] - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.exe [16859136 2008-03-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [soundMan] - C:\WINDOWS\SoundMan.exe [86016 2006-07-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] - C:\WINDOWS\alcwzrd.exe [2808832 2006-05-04] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\Alcmtr.exe [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [sMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [671744 2007-10-26] (Motorola Inc.)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1105920 2008-05-08] (Synaptics, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304 2013-03-07] (AVAST Software)
HKLM\...\Run: [share-to-Web Namespace Daemon] - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [69632 2002-04-17] (Hewlett-Packard)
HKLM\...\Run: [GB_UPDATE] - C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe/AUTORUN
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-12-03] (Google Inc.)
HKCU\...\Run: [Hoolapp Android] - "C:\DOCUME~1\PC\APPLIC~1\HOOLAP~1\Hoolapp.exe" /Minimized
HKCU\...\Run: [AlcoholAutomount] - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKCU\...\Run: [ConduitFloatingPlugin_giolhomkcooifelkdfpejhidfidaahlc] - "C:\WINDOWS\system32\Rundll32.exe" "C:\Program Files\Conduit\CT3282698\plugins\TBVerifier.dll",RunConduitFloatingPlugin giolhomkcooifelkdfpejhidfidaahlc
MountPoints2: {20f1649e-b675-11de-8037-001e3759e29a} - G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe
MountPoints2: {22e91226-abd7-11e1-8b75-001f1601bcd7} - G:\ActivateWarranty(JF).exe
MountPoints2: {c39442ea-021d-11e1-8997-001e3759e29a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
HKU\Default User\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe [ 2008-06-24] (Nero AG)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN25943442802313831&UM=2&ctid=CT3282698
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKCU - SweetTunes1 Toolbar - {f9d1c08c-2031-4e6c-ab51-50330ac2d988} - C:\Program Files\SweetTunes1\prxtbSwee.dll (Conduit Ltd.)
SearchScopes: HKLM - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://www.searchqu.com/web?src=ieb&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://tbsearch.ask.com/redirect?client=ie&tb=BT3&o=&src=crm&q={searchTerms}&locale=
SearchScopes: HKCU - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://www.searchqu.com/web?src=ieb&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282698&CUI=UN25943442802313831&UM=2
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SweetTunes1 Toolbar - {f9d1c08c-2031-4e6c-ab51-50330ac2d988} - C:\Program Files\SweetTunes1\prxtbSwee.dll (Conduit Ltd.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - SweetTunes1 Toolbar - {f9d1c08c-2031-4e6c-ab51-50330ac2d988} - C:\Program Files\SweetTunes1\prxtbSwee.dll (Conduit Ltd.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: DVDIdleShell Class - {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\PROGRA~1\DVDREG~1\DVDShell.dll [49152 2004-10-09] (Fengtao Software Inc.)
Tcpip\Parameters: [DhcpNameServer] 95.180.0.18 95.180.1.2

FireFox:
========
FF ProfilePath: C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default
FF user.js: detected! => C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\user.js
FF SelectedSearchEngine: SweetTunes Search

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\PC\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\searchplugins\facebook.xml
FF SearchPlugin: C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\searchplugins\SearchquWebSearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\sweettunes_search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\sweettunes_search.xml
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: TFToolbarX - C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\Extensions\TFToolbarX@torrent-finder.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR Extension: (YouTube) - C:\DOCUME~1\PC\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\PC\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! WebRep) - C:\DOCUME~1\PC\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0
CHR Extension: (Skype Click to Call) - C:\DOCUME~1\PC\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\PC\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\DOCUME~1\PC\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files\TornTV.com\torntv10.crx
CHR HKLM\...\Chrome\Extension: [eiimolhnbbbdagljikeckdkldgemmmlj] - C:\Program Files\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx
CHR HKLM\...\Chrome\Extension: [giolhomkcooifelkdfpejhidfidaahlc] - C:\Documents and Settings\PC\Local Settings\Application Data\CRE\giolhomkcooifelkdfpejhidfidaahlc.crx
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-07] (AVAST Software)
S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S2 gupdate1cab17a6f5ed8b6; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-02-19] (Google Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S3 npggsvc; C:\WINDOWS\system32\GameMon.des [4323256 2011-03-28] (INCA Internet Co., Ltd.)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [272024 2007-05-14] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 Util lucky leap; "C:\Program Files\lucky leap\bin\utilluckyleap.exe" [x]

==================== Drivers (Whitelisted) ====================

R1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [82380 2012-05-09] (Oak Technology Inc.)
R3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1333248 2008-04-15] (Atheros Communications, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-03-07] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21576 2013-03-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-03-07] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-03-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49248 2013-03-07] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-03-07] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368176 2013-03-07] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [62376 2013-03-07] (AVAST Software)
S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [164736 2013-03-07] ()
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-10-16] (Duplex Secure Ltd.)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files\CyberLink\PowerDVD8\000.fcl [61424 2008-10-07] (Cyberlink Corp.)
U3 alf7mcfz; C:\Windows\System32\Drivers\alf7mcfz.sys [0 ] (JMicron Technology Corp.)
S4 IntelIde; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 npkcrypt; \??\C:\Program Files\Lineage II\system\npkcrypt.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [x]
U1 WS2IFSL;
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
U3 a045w2mw; No ImagePath
U3 mbr; \??\C:\DOCUME~1\PC\LOCALS~1\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-10 18:04 - 2013-11-10 18:04 - 00000000 ____D C:\FRST
2013-11-10 17:13 - 2013-11-10 17:13 - 00019249 _____ C:\Documents and Settings\PC\Desktop\dds.txt
2013-11-10 17:13 - 2013-11-10 17:13 - 00007760 _____ C:\Documents and Settings\PC\Desktop\attach.txt
2013-11-10 16:28 - 2013-11-10 16:28 - 00000000 ____D C:\Documents and Settings\PC\Application Data\Malwarebytes
2013-11-10 16:27 - 2013-11-10 16:27 - 00000790 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-10 16:27 - 2013-11-10 16:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-10 16:27 - 2013-11-10 16:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-11-10 16:27 - 2013-11-10 16:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-11-10 16:27 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 _____ C:\rundll33.txt
2013-11-10 02:09 - 2013-11-10 02:09 - 00266370 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-11-10 01:44 - 2013-11-10 01:45 - 00000000 ____D C:\Documents and Settings\PC\Local Settings\Application Data\Conduit
2013-11-10 01:44 - 2013-11-10 01:44 - 00000000 ____D C:\Program Files\SweetTunes1
2013-11-10 01:44 - 2013-11-10 01:44 - 00000000 ____D C:\Program Files\Conduit
2013-11-10 01:44 - 2013-11-10 01:44 - 00000000 ____D C:\Documents and Settings\PC\Local Settings\Application Data\SweetTunes1
2013-11-10 01:44 - 2013-11-10 01:44 - 00000000 ____D C:\Documents and Settings\PC\Local Settings\Application Data\NativeMessaging
2013-11-10 01:44 - 2013-11-10 01:44 - 00000000 ____D C:\Documents and Settings\PC\Local Settings\Application Data\CRE
2013-11-10 01:44 - 2013-11-10 01:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Conduit
2013-11-10 01:43 - 2013-11-10 01:43 - 00000000 ____D C:\Documents and Settings\PC\Application Data\SearchProtect
2013-11-10 01:42 - 2013-11-10 01:46 - 00000000 _____ C:\END
2013-11-10 01:42 - 2013-11-10 01:43 - 00000000 ____D C:\Documents and Settings\PC\My Documents\Freemake
2013-11-10 01:41 - 2013-11-10 01:41 - 00000000 ____D C:\Documents and Settings\PC\Application Data\OpenCandy
2013-11-09 17:29 - 2013-11-09 17:51 - 00000000 ____D C:\Documents and Settings\PC\My Documents\My Games
2013-11-09 17:29 - 2013-11-09 17:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Codemasters
2013-11-09 17:26 - 2013-11-09 17:26 - 00445016 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2013-11-09 17:26 - 2013-11-09 17:26 - 00109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2013-11-09 17:26 - 2013-11-09 17:26 - 00000000 ____D C:\Program Files\OpenAL
2013-11-09 17:26 - 2010-08-18 16:10 - 00809560 ____R (Creative Labs Inc.) C:\WINDOWS\system32\tmp199.tmp
2013-11-09 17:26 - 2010-08-18 16:10 - 00809560 ____R (Creative Labs Inc.) C:\WINDOWS\system32\tmp198.tmp
2013-11-09 17:12 - 2013-11-09 17:12 - 00000000 ____D C:\Program Files\Codemasters
2013-11-08 10:37 - 2013-11-08 10:56 - 00000000 ____D C:\Documents and Settings\PC\My Documents\GTA Vice City User Files
2013-11-08 10:37 - 2013-11-08 10:37 - 00001715 _____ C:\Documents and Settings\PC\Desktop\Play GTA Vice City.lnk
2013-11-08 10:33 - 2013-11-08 10:33 - 00000000 ____D C:\Program Files\Rockstar Games
2013-11-08 10:33 - 2013-11-08 10:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Rockstar Games
2013-11-06 16:54 - 2013-11-06 16:54 - 00000000 ____D C:\Documents and Settings\PC\chemaxon
2013-11-06 16:54 - 2013-11-06 16:54 - 00000000 ____D C:\Documents and Settings\PC\Application Data\ChemAxon
2013-11-06 09:19 - 2013-11-06 12:15 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-05 23:13 - 2013-11-05 23:13 - 00001752 _____ C:\Documents and Settings\PC\Desktop\Galileo Family Quiz - Unsere Natur verstehen.lnk
2013-11-05 23:13 - 2013-11-05 23:13 - 00000000 ____D C:\Documents and Settings\PC\Start Menu\Programs\Galileo Family Quiz - Spezial I
2013-11-05 23:12 - 2013-11-05 23:13 - 00000000 ____D C:\Program Files\Galileo Family Quiz - Spezial I
2013-10-17 09:49 - 2013-10-17 09:49 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-17 09:48 - 2013-10-08 06:50 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-17 09:48 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-17 09:48 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-17 09:48 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-17 09:47 - 2013-10-17 09:48 - 00004705 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-10-17 09:47 - 2013-10-17 09:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-16 23:06 - 2013-10-16 23:06 - 00000248 _____ C:\Documents and Settings\PC\My Documents\ax_files.xml
2013-10-16 22:59 - 2013-10-16 22:59 - 00000000 ____D C:\Documents and Settings\PC\My Documents\Alcohol 120%
2013-10-16 22:58 - 2013-10-16 22:58 - 00000839 _____ C:\Documents and Settings\All Users\Desktop\Alcohol 120%.lnk
2013-10-16 22:58 - 2013-10-16 22:58 - 00000000 ____D C:\Program Files\Alcohol Soft
2013-10-16 22:58 - 2013-10-16 22:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Alcohol 120%
2013-10-16 22:50 - 2013-10-16 22:51 - 00000000 ____D C:\Program Files\MyPC Backup
2013-10-15 18:49 - 2013-10-15 18:49 - 00000000 ____D C:\Program Files\BlackBean
2013-10-12 01:05 - 2013-10-12 01:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus

==================== One Month Modified Files and Folders =======

2013-11-10 18:04 - 2013-11-10 18:04 - 00000000 ____D C:\FRST
2013-11-10 17:47 - 2010-02-19 17:11 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-10 17:21 - 2012-07-02 19:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-10 17:13 - 2013-11-10 17:13 - 00019249 _____ C:\Documents and Settings\PC\Desktop\dds.txt
2013-11-10 17:13 - 2013-11-10 17:13 - 00007760 _____ C:\Documents and Settings\PC\Desktop\attach.txt
2013-11-10 17:11 - 2009-02-05 01:07 - 00601408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-10 17:07 - 2012-07-08 11:42 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-11-10 17:07 - 2008-04-14 09:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-10 17:06 - 2010-02-19 17:11 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-10 17:06 - 2009-02-05 01:10 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-10 17:06 - 2009-02-05 01:10 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-10 17:06 - 2009-02-05 00:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-10 17:06 - 2009-02-05 00:21 - 01172631 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-10 17:05 - 2009-02-05 00:27 - 00032484 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-10 17:05 - 2009-02-05 00:22 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2013-11-10 17:04 - 2009-02-05 00:28 - 00000278 ___SH C:\Documents and Settings\PC\ntuser.ini
2013-11-10 16:28 - 2013-11-10 16:28 - 00000000 ____D C:\Documents and Settings\PC\Application Data\Malwarebytes
2013-11-10 16:27 - 2013-11-10 16:27 - 00000790 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-10 16:27 - 2013-11-10 16:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-10 16:27 - 2013-11-10 16:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-11-10 16:27 - 2013-11-10 16:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 _____ C:\rundll33.txt
2013-11-10 14:15 - 2009-02-05 00:43 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-10 12:30 - 2009-10-15 19:04 - 00000000 ____D C:\Documents and Settings\PC\Application Data\BitTorrent
2013-11-10 02:09 - 2013-11-10 02:09 - 00266370 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-11-10 02:06 - 2009-03-11 21:51 - 00112128 _____ C:\Documents and Settings\PC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-10 01:46 - 2013-11-10 01:42 - 00000000 _____ C:\END
2013-11-10 01:45 - 2013-11-10 01:44 - 00000000 ____D C:\Documents and Settings\PC\Local Settings\Application Data\Conduit
2013-11-10 01:44 - 2013-11-10 01:44 - 00000000 ____D C:\Program Files\SweetTunes1
2013-11-10 01:44 - 2013-11-10 01:44 - 00000000 ____D C:\Program Files\Conduit
2013-11-10 01:44 - 2013-11-10 01:44 - 00000000 ____D C:\Documents and Settings\PC\Local Settings\Application Data\SweetTunes1
2013-11-10 01:44 - 2013-11-10 01:44 - 00000000 ____D C:\Documents and Settings\PC\Local Settings\Application Data\NativeMessaging
2013-11-10 01:44 - 2013-11-10 01:44 - 00000000 ____D C:\Documents and Settings\PC\Local Settings\Application Data\CRE
2013-11-10 01:44 - 2013-11-10 01:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Conduit
2013-11-10 01:44 - 2013-10-10 11:32 - 00000000 ____D C:\Program Files\Freemake
2013-11-10 01:44 - 2013-10-10 11:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Freemake
2013-11-10 01:43 - 2013-11-10 01:43 - 00000000 ____D C:\Documents and Settings\PC\Application Data\SearchProtect
2013-11-10 01:43 - 2013-11-10 01:42 - 00000000 ____D C:\Documents and Settings\PC\My Documents\Freemake
2013-11-10 01:41 - 2013-11-10 01:41 - 00000000 ____D C:\Documents and Settings\PC\Application Data\OpenCandy
2013-11-09 19:40 - 2012-06-29 01:42 - 00000000 ____D C:\Documents and Settings\PC\Local Settings\Application Data\PMB Files
2013-11-09 19:40 - 2012-06-29 01:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PMB Files
2013-11-09 17:51 - 2013-11-09 17:29 - 00000000 ____D C:\Documents and Settings\PC\My Documents\My Games
2013-11-09 17:29 - 2013-11-09 17:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Codemasters
2013-11-09 17:26 - 2013-11-09 17:26 - 00445016 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2013-11-09 17:26 - 2013-11-09 17:26 - 00109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2013-11-09 17:26 - 2013-11-09 17:26 - 00000000 ____D C:\Program Files\OpenAL
2013-11-09 17:26 - 2012-02-29 12:58 - 00929712 _____ C:\WINDOWS\setupapi.log
2013-11-09 17:26 - 2009-02-05 00:21 - 00000000 ____D C:\WINDOWS\system32\DirectX
2013-11-09 17:12 - 2013-11-09 17:12 - 00000000 ____D C:\Program Files\Codemasters
2013-11-09 17:12 - 2009-02-05 10:52 - 00002026 _____ C:\WINDOWS\wincmd.ini
2013-11-09 15:17 - 2009-07-16 14:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Electronic Arts
2013-11-08 10:56 - 2013-11-08 10:37 - 00000000 ____D C:\Documents and Settings\PC\My Documents\GTA Vice City User Files
2013-11-08 10:37 - 2013-11-08 10:37 - 00001715 _____ C:\Documents and Settings\PC\Desktop\Play GTA Vice City.lnk
2013-11-08 10:36 - 2009-02-05 13:30 - 00204550 _____ C:\WINDOWS\DirectX.log
2013-11-08 10:33 - 2013-11-08 10:33 - 00000000 ____D C:\Program Files\Rockstar Games
2013-11-08 10:33 - 2013-11-08 10:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Rockstar Games
2013-11-08 09:08 - 2009-02-05 11:01 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-11-07 09:53 - 2012-05-20 18:01 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-06 16:54 - 2013-11-06 16:54 - 00000000 ____D C:\Documents and Settings\PC\chemaxon
2013-11-06 16:54 - 2013-11-06 16:54 - 00000000 ____D C:\Documents and Settings\PC\Application Data\ChemAxon
2013-11-06 16:54 - 2009-02-05 00:28 - 00000000 ____D C:\Documents and Settings\PC
2013-11-06 12:15 - 2013-11-06 09:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-05 23:13 - 2013-11-05 23:13 - 00001752 _____ C:\Documents and Settings\PC\Desktop\Galileo Family Quiz - Unsere Natur verstehen.lnk
2013-11-05 23:13 - 2013-11-05 23:13 - 00000000 ____D C:\Documents and Settings\PC\Start Menu\Programs\Galileo Family Quiz - Spezial I
2013-11-05 23:13 - 2013-11-05 23:12 - 00000000 ____D C:\Program Files\Galileo Family Quiz - Spezial I
2013-11-05 18:54 - 2009-02-05 10:04 - 00002497 _____ C:\Documents and Settings\PC\Desktop\Microsoft Office Word 2003.lnk
2013-10-31 18:55 - 2013-06-28 16:19 - 00000000 ____D C:\Documents and Settings\PC\Application Data\foobar2000
2013-10-29 16:12 - 2009-03-11 21:51 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2013-10-29 00:57 - 2010-08-06 20:05 - 00000000 ____D C:\Documents and Settings\PC\Application Data\Skype
2013-10-28 23:01 - 2010-08-06 20:00 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2013-10-21 22:25 - 2013-09-23 22:38 - 01310720 _____ C:\Documents and Settings\PC\Desktop\Receptori vezani za G-proteine.ppt
2013-10-20 15:44 - 2013-10-10 11:39 - 00000000 ____D C:\Program Files\BonanzaDeals
2013-10-17 18:59 - 2010-08-06 20:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-10-17 09:49 - 2013-10-17 09:49 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-17 09:48 - 2013-10-17 09:47 - 00004705 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-10-17 09:48 - 2012-09-03 10:45 - 00000000 ____D C:\Program Files\Java
2013-10-17 09:47 - 2013-10-17 09:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-16 23:06 - 2013-10-16 23:06 - 00000248 _____ C:\Documents and Settings\PC\My Documents\ax_files.xml
2013-10-16 22:59 - 2013-10-16 22:59 - 00000000 ____D C:\Documents and Settings\PC\My Documents\Alcohol 120%
2013-10-16 22:58 - 2013-10-16 22:58 - 00000839 _____ C:\Documents and Settings\All Users\Desktop\Alcohol 120%.lnk
2013-10-16 22:58 - 2013-10-16 22:58 - 00000000 ____D C:\Program Files\Alcohol Soft
2013-10-16 22:58 - 2013-10-16 22:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Alcohol 120%
2013-10-16 22:51 - 2013-10-16 22:50 - 00000000 ____D C:\Program Files\MyPC Backup
2013-10-16 22:50 - 2009-07-16 14:03 - 00466008 _____ (Duplex Secure Ltd.) C:\WINDOWS\system32\Drivers\sptd.sys
2013-10-16 21:01 - 2010-08-06 20:00 - 00000000 ___RD C:\Program Files\Skype
2013-10-16 20:55 - 2010-02-19 16:45 - 00001819 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-10-15 18:49 - 2013-10-15 18:49 - 00000000 ____D C:\Program Files\BlackBean
2013-10-12 01:05 - 2013-10-12 01:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2013-10-12 01:05 - 2010-10-05 01:04 - 00001781 _____ C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
2013-10-12 01:05 - 2010-10-05 01:04 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-11 01:39 - 2013-10-10 11:33 - 00065536 _____ C:\WINDOWS\system32\config\CaptureL.evt

Some content of TEMP:
====================
C:\Documents and Settings\PC\Local Settings\Temp\207.exe
C:\Documents and Settings\PC\Local Settings\Temp\303.exe
C:\Documents and Settings\PC\Local Settings\Temp\617.exe
C:\Documents and Settings\PC\Local Settings\Temp\851.exe
C:\Documents and Settings\PC\Local Settings\Temp\AlawarGameBoxWebSetup.exe
C:\Documents and Settings\PC\Local Settings\Temp\AskInstallChecker.exe
C:\Documents and Settings\PC\Local Settings\Temp\aswV5Hlp.dll
C:\Documents and Settings\PC\Local Settings\Temp\AutoRun.exe
C:\Documents and Settings\PC\Local Settings\Temp\AutoRunGUI.dll
C:\Documents and Settings\PC\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\PC\Local Settings\Temp\BarControl.dll
C:\Documents and Settings\PC\Local Settings\Temp\bfguni.exe
C:\Documents and Settings\PC\Local Settings\Temp\contentDATs.exe
C:\Documents and Settings\PC\Local Settings\Temp\drm_dialogs.dll
C:\Documents and Settings\PC\Local Settings\Temp\drm_dyndata_7410004.dll
C:\Documents and Settings\PC\Local Settings\Temp\EAInstall.dll
C:\Documents and Settings\PC\Local Settings\Temp\eauninstall.exe
C:\Documents and Settings\PC\Local Settings\Temp\ExPromo.exe
C:\Documents and Settings\PC\Local Settings\Temp\FFoxPackage.exe
C:\Documents and Settings\PC\Local Settings\Temp\FFTB-REAL_signed.exe
C:\Documents and Settings\PC\Local Settings\Temp\fftbapi.dll
C:\Documents and Settings\PC\Local Settings\Temp\FreemakeVideoDownloader_3.5.4.0.exe
C:\Documents and Settings\PC\Local Settings\Temp\GDSSetup.exe
C:\Documents and Settings\PC\Local Settings\Temp\GomAudDnInstaller.exe
C:\Documents and Settings\PC\Local Settings\Temp\GomEncDnInstaller.exe
C:\Documents and Settings\PC\Local Settings\Temp\GoogleInstApp.exe
C:\Documents and Settings\PC\Local Settings\Temp\GoogleToolbar.dll
C:\Documents and Settings\PC\Local Settings\Temp\GoogleToolbarInstaller_en_signed.exe
C:\Documents and Settings\PC\Local Settings\Temp\installhelper.dll
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u11-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u13-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u9-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\MyBabylonTB_I.exe
C:\Documents and Settings\PC\Local Settings\Temp\Need for Speed Carbon_uninst.exe
C:\Documents and Settings\PC\Local Settings\Temp\NEventMessages.dll
C:\Documents and Settings\PC\Local Settings\Temp\NEW7C.tmp.exe
C:\Documents and Settings\PC\Local Settings\Temp\nsbC6.tmp.exe
C:\Documents and Settings\PC\Local Settings\Temp\nse6.tmp.exe
C:\Documents and Settings\PC\Local Settings\Temp\nsfB3.tmp.exe
C:\Documents and Settings\PC\Local Settings\Temp\nsp30.tmp.exe
C:\Documents and Settings\PC\Local Settings\Temp\nstB.tmp.exe
C:\Documents and Settings\PC\Local Settings\Temp\nsu1C.tmp.exe
C:\Documents and Settings\PC\Local Settings\Temp\Offercast2802_MTV_.exe
C:\Documents and Settings\PC\Local Settings\Temp\SecurityScan_Release.exe
C:\Documents and Settings\PC\Local Settings\Temp\SetupDataMngr_Searchqu.exe
C:\Documents and Settings\PC\Local Settings\Temp\Shockwave_Installer_FF.exe
C:\Documents and Settings\PC\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\PC\Local Settings\Temp\SPStub.exe
C:\Documents and Settings\PC\Local Settings\Temp\SPTDinst-x86.exe
C:\Documents and Settings\PC\Local Settings\Temp\swt-win32-3349.dll
C:\Documents and Settings\PC\Local Settings\Temp\tempmessage.bfg
C:\Documents and Settings\PC\Local Settings\Temp\ubiC25.tmp.exe
C:\Documents and Settings\PC\Local Settings\Temp\uitools.dll
C:\Documents and Settings\PC\Local Settings\Temp\uninst1.exe
C:\Documents and Settings\PC\Local Settings\Temp\war3_Install.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2008-04-14 09:00] - [2008-04-14 09:00] - 0108544 ____A (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Addition.txt

kevinf80 · November 10, 2013

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next,

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next,

Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware,

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log

Let me see those logs in next reply...

fixlist.txt

Terza · November 10, 2013

Here are the fixlog results.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2013 01
Ran by PC at 2013-11-10 21:27:27 Run:1
Running from C:\Documents and Settings\PC\My Documents\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKCU\...\Run: [ConduitFloatingPlugin_giolhomkcooifelkdfpejhidfidaahlc] - "C:\WINDOWS\system32\Rundll32.exe" "C:\Program Files\Conduit\CT3282698\plugins\TBVerifier.dll",RunConduitFloatingPlugin giolhomkcooifelkdfpejhidfidaahlc
C:\Program Files\Conduit
MountPoints2: {20f1649e-b675-11de-8037-001e3759e29a} - G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe
MountPoints2: {22e91226-abd7-11e1-8b75-001f1601bcd7} - G:\ActivateWarranty(JF).exe
MountPoints2: {c39442ea-021d-11e1-8997-001e3759e29a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3282698
URLSearchHook: HKCU - SweetTunes1 Toolbar - {f9d1c08c-2031-4e6c-ab51-50330ac2d988} - C:\Program Files\SweetTunes1\prxtbSwee.dll (Conduit Ltd.)
SearchScopes: HKLM - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://tbsearch.ask....3&o=&src=crm&q={searchTerms}&locale=
SearchScopes: HKCU - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://www.searchqu..../web?src=ieb&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282698&CUI=UN25943442802313831&UM=2
BHO: SweetTunes1 Toolbar - {f9d1c08c-2031-4e6c-ab51-50330ac2d988} - C:\Program Files\SweetTunes1\prxtbSwee.dll (Conduit Ltd.)
C:\Program Files\SweetTunes1
Toolbar: HKLM - SweetTunes1 Toolbar - {f9d1c08c-2031-4e6c-ab51-50330ac2d988} - C:\Program Files\SweetTunes1\prxtbSwee.dll (Conduit Ltd.)
FF SelectedSearchEngine: SweetTunes Search
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\sweettunes_search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\sweettunes_search.xml
FF Extension: TFToolbarX - C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\Extensions\TFToolbarX@torrent-finder.xpi
S2 Util lucky leap; "C:\Program Files\lucky leap\bin\utilluckyleap.exe" [x]
S4 IntelIde; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 npkcrypt; \??\C:\Program Files\Lineage II\system\npkcrypt.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [x]
U1 WS2IFSL;
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
U3 a045w2mw; No ImagePath
U3 mbr; \??\C:\DOCUME~1\PC\LOCALS~1\Temp\mbr.sys [x]
2013-11-10 01:44 - 2013-11-10 01:45 - 00000000 ____D C:\Documents and Settings\PC\Local Settings\Application Data\Conduit
2013-11-10 01:44 - 2013-11-10 01:44 - 00000000 ____D C:\Program Files\SweetTunes1
2013-11-10 01:44 - 2013-11-10 01:44 - 00000000 ____D C:\Program Files\Conduit
2013-11-10 01:44 - 2013-11-10 01:44 - 00000000 ____D C:\Documents and Settings\PC\Local Settings\Application Data\SweetTunes1
2013-11-10 01:44 - 2013-11-10 01:44 - 00000000 ____D C:\Documents and Settings\PC\Local Settings\Application Data\NativeMessaging
2013-11-10 01:44 - 2013-11-10 01:44 - 00000000 ____D C:\Documents and Settings\PC\Local Settings\Application Data\CRE
2013-11-10 01:44 - 2013-11-10 01:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Conduit
2013-11-10 01:43 - 2013-11-10 01:43 - 00000000 ____D C:\Documents and Settings\PC\Application Data\SearchProtect
2013-11-10 01:42 - 2013-11-10 01:46 - 00000000 _____ C:\END
2013-11-10 01:42 - 2013-11-10 01:43 - 00000000 ____D C:\Documents and Settings\PC\My Documents\Freemake
2013-11-10 01:41 - 2013-11-10 01:41 - 00000000 ____D C:\Documents and Settings\PC\Application Data\OpenCandy
C:\Documents and Settings\PC\Local Settings\Temp\207.exe
C:\Documents and Settings\PC\Local Settings\Temp\303.exe
C:\Documents and Settings\PC\Local Settings\Temp\617.exe
C:\Documents and Settings\PC\Local Settings\Temp\851.exe
C:\Documents and Settings\PC\Local Settings\Temp\AlawarGameBoxWebSetup.exe
C:\Documents and Settings\PC\Local Settings\Temp\AskInstallChecker.exe
C:\Documents and Settings\PC\Local Settings\Temp\aswV5Hlp.dll
C:\Documents and Settings\PC\Local Settings\Temp\AutoRun.exe
C:\Documents and Settings\PC\Local Settings\Temp\AutoRunGUI.dll
C:\Documents and Settings\PC\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\PC\Local Settings\Temp\BarControl.dll
C:\Documents and Settings\PC\Local Settings\Temp\bfguni.exe
C:\Documents and Settings\PC\Local Settings\Temp\contentDATs.exe
C:\Documents and Settings\PC\Local Settings\Temp\drm_dialogs.dll
C:\Documents and Settings\PC\Local Settings\Temp\drm_dyndata_7410004.dll
C:\Documents and Settings\PC\Local Settings\Temp\EAInstall.dll
C:\Documents and Settings\PC\Local Settings\Temp\eauninstall.exe
C:\Documents and Settings\PC\Local Settings\Temp\ExPromo.exe
C:\Documents and Settings\PC\Local Settings\Temp\FFoxPackage.exe
C:\Documents and Settings\PC\Local Settings\Temp\FFTB-REAL_signed.exe
C:\Documents and Settings\PC\Local Settings\Temp\fftbapi.dll
C:\Documents and Settings\PC\Local Settings\Temp\FreemakeVideoDownloader_3.5.4.0.exe
C:\Documents and Settings\PC\Local Settings\Temp\GDSSetup.exe
C:\Documents and Settings\PC\Local Settings\Temp\GomAudDnInstaller.exe
C:\Documents and Settings\PC\Local Settings\Temp\GomEncDnInstaller.exe
C:\Documents and Settings\PC\Local Settings\Temp\GoogleInstApp.exe
C:\Documents and Settings\PC\Local Settings\Temp\GoogleToolbar.dll
C:\Documents and Settings\PC\Local Settings\Temp\GoogleToolbarInstaller_en_signed.exe
C:\Documents and Settings\PC\Local Settings\Temp\installhelper.dll
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u11-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u13-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u9-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\MyBabylonTB_I.exe
C:\Documents and Settings\PC\Local Settings\Temp\Need for Speed Carbon_uninst.exe
C:\Documents and Settings\PC\Local Settings\Temp\NEventMessages.dll
C:\Documents and Settings\PC\Local Settings\Temp\NEW7C.tmp.exe
C:\Documents and Settings\PC\Local Settings\Temp\nsbC6.tmp.exe
C:\Documents and Settings\PC\Local Settings\Temp\nse6.tmp.exe
C:\Documents and Settings\PC\Local Settings\Temp\nsfB3.tmp.exe
C:\Documents and Settings\PC\Local Settings\Temp\nsp30.tmp.exe
C:\Documents and Settings\PC\Local Settings\Temp\nstB.tmp.exe
C:\Documents and Settings\PC\Local Settings\Temp\nsu1C.tmp.exe
C:\Documents and Settings\PC\Local Settings\Temp\Offercast2802_MTV_.exe
C:\Documents and Settings\PC\Local Settings\Temp\SecurityScan_Release.exe
C:\Documents and Settings\PC\Local Settings\Temp\SetupDataMngr_Searchqu.exe
C:\Documents and Settings\PC\Local Settings\Temp\Shockwave_Installer_FF.exe
C:\Documents and Settings\PC\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\PC\Local Settings\Temp\SPStub.exe
C:\Documents and Settings\PC\Local Settings\Temp\SPTDinst-x86.exe
C:\Documents and Settings\PC\Local Settings\Temp\swt-win32-3349.dll
C:\Documents and Settings\PC\Local Settings\Temp\tempmessage.bfg
C:\Documents and Settings\PC\Local Settings\Temp\ubiC25.tmp.exe
C:\Documents and Settings\PC\Local Settings\Temp\uitools.dll
C:\Documents and Settings\PC\Local Settings\Temp\uninst1.exe
C:\Documents and Settings\PC\Local Settings\Temp\war3_Install.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:067BF339
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:0C5AF2AA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:12EA4DC9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:564F64DB
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:56AD65A1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:581B0446
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:5E73E1C2
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:753A0081
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:7AF9CAEB
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:86148D88
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:9B285B76
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:BD27B7FC
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:C15FE8A0
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:D2397415
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:DE0ED846
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:F5E4BCD5
End

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_giolhomkcooifelkdfpejhidfidaahlc => Value deleted successfully.
C:\Program Files\Conduit => Moved successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20f1649e-b675-11de-8037-001e3759e29a} => Key deleted successfully.
HKCR\CLSID\{20f1649e-b675-11de-8037-001e3759e29a} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22e91226-abd7-11e1-8b75-001f1601bcd7} => Key deleted successfully.
HKCR\CLSID\{22e91226-abd7-11e1-8b75-001f1601bcd7} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c39442ea-021d-11e1-8997-001e3759e29a} => Key deleted successfully.
HKCR\CLSID\{c39442ea-021d-11e1-8997-001e3759e29a} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f9d1c08c-2031-4e6c-ab51-50330ac2d988} => Value deleted successfully.
HKCR\CLSID\{f9d1c08c-2031-4e6c-ab51-50330ac2d988} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f9d1c08c-2031-4e6c-ab51-50330ac2d988} => Key deleted successfully.
HKCR\CLSID\{f9d1c08c-2031-4e6c-ab51-50330ac2d988} => Key not found.
C:\Program Files\SweetTunes1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{f9d1c08c-2031-4e6c-ab51-50330ac2d988} => Value deleted successfully.
HKCR\CLSID\{f9d1c08c-2031-4e6c-ab51-50330ac2d988} => Key not found.
Firefox SelectedSearchEngine deleted successfully.
C:\Program Files\mozilla firefox\searchplugins\babylon.xml => Moved successfully.
C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml => Moved successfully.
C:\Program Files\mozilla firefox\searchplugins\sweettunes_search.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\sweettunes_search.xml => Moved successfully.
C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\Extensions\TFToolbarX@torrent-finder.xpi => Moved successfully.
Util lucky leap => Service deleted successfully.
IntelIde => Service deleted successfully.
massfilter => Service deleted successfully.
npkcrypt => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
WS2IFSL => Service deleted successfully.
ZTEusbmdm6k => Service deleted successfully.
ZTEusbnmea => Service deleted successfully.
ZTEusbser6k => Service deleted successfully.
a045w2mw => Service not found.
mbr => Service not found.
C:\Documents and Settings\PC\Local Settings\Application Data\Conduit => Moved successfully.
"C:\Program Files\SweetTunes1" => File/Directory not found.
"C:\Program Files\Conduit" => File/Directory not found.
C:\Documents and Settings\PC\Local Settings\Application Data\SweetTunes1 => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Application Data\NativeMessaging => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Application Data\CRE => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Conduit => Moved successfully.
C:\Documents and Settings\PC\Application Data\SearchProtect => Moved successfully.
C:\END => Moved successfully.
C:\Documents and Settings\PC\My Documents\Freemake => Moved successfully.
C:\Documents and Settings\PC\Application Data\OpenCandy => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\207.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\303.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\617.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\851.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\AlawarGameBoxWebSetup.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\AskInstallChecker.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\aswV5Hlp.dll => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\AutoRun.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\AutoRunGUI.dll => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\BackupSetup.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\BarControl.dll => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\bfguni.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\contentDATs.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\drm_dialogs.dll => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\drm_dyndata_7410004.dll => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\EAInstall.dll => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\eauninstall.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ExPromo.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\FFoxPackage.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\FFTB-REAL_signed.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\fftbapi.dll => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\FreemakeVideoDownloader_3.5.4.0.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\GDSSetup.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\GomAudDnInstaller.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\GomEncDnInstaller.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\GoogleInstApp.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\GoogleToolbar.dll => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\GoogleToolbarInstaller_en_signed.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\installhelper.dll => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u21-windows-i586-iftw-rv.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u22-windows-i586-iftw-rv.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u23-windows-i586-iftw-rv.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u24-windows-i586-iftw-rv.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u9-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\MyBabylonTB_I.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\Need for Speed Carbon_uninst.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\NEventMessages.dll => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\NEW7C.tmp.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\nsbC6.tmp.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\nse6.tmp.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\nsfB3.tmp.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\nsp30.tmp.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\nstB.tmp.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\nsu1C.tmp.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\Offercast2802_MTV_.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\SetupDataMngr_Searchqu.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\Shockwave_Installer_FF.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\SkypeSetup.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\SPStub.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\SPTDinst-x86.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\swt-win32-3349.dll => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\tempmessage.bfg => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ubiC25.tmp.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\uitools.dll => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\uninst1.exe => Moved successfully.
C:\Documents and Settings\PC\Local Settings\Temp\war3_Install.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":067BF339" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":0C5AF2AA" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":12EA4DC9" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":564F64DB" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":56AD65A1" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":581B0446" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":5E73E1C2" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":753A0081" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":7AF9CAEB" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":86148D88" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":9B285B76" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":BD27B7FC" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":C15FE8A0" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":D2397415" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":DE0ED846" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":F5E4BCD5" ADS removed successfully.

==== End of Fixlog ====

And here is the AdwCleaner[R0], I'm not sure if any of these things are essential, but as much as I can see they are all some sort of ads on the internet so I think I don't need any of them, but you tell me.

# AdwCleaner v3.011 - Report created 10/11/2013 at 21:29:15
# Updated 03/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : PC - COMPUTER-PC
# Running from : C:\Documents and Settings\PC\My Documents\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Util lucky leap

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\bProtector_extensions.rdf
File Found : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\invalidprefs.js
File Found : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\searchplugins\Askcom.xml
File Found : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\searchplugins\SearchquWebSearch.xml
File Found : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\user.js
Folder Found : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found C:\DOCUME~1\PC\LOCALS~1\Temp\AskSearch
Folder Found C:\DOCUME~1\PC\LOCALS~1\Temp\BabylonToolbar
Folder Found C:\DOCUME~1\PC\LOCALS~1\Temp\Conduit
Folder Found C:\Documents and Settings\All Users\Application Data\AlawarWrapper
Folder Found C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found C:\Documents and Settings\PC\Application Data\Babylon
Folder Found C:\Documents and Settings\PC\Application Data\FunWebProducts
Folder Found C:\Program Files\1ClickDownload
Folder Found C:\Program Files\BonanzaDeals
Folder Found C:\Program Files\FunWebProducts
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\MyWebSearch
Folder Found C:\Program Files\TornTV.com

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\5b2ded9bc6de913
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\BonanzaDealsLive
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Crossrider
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\Fun Web Products
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bandoo
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9D1C08C-2031-4E6C-AB51-50330AC2D988}
Key Found : HKCU\Software\MyWebSearch
Key Found : HKCU\Software\SearchquMediabarTb
Key Found : HKCU\Software\smartbar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetTunes1
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Toolbar
Key Found : HKLM\SOFTWARE\5b2ded9bc6de913
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\Bandoo
Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1830E615-ADC4-482A-9AD8-A2F179A0985D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB148894-D0D0-49A7-BDD1-72907F3F1893}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3282698
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Delta
Key Found : HKLM\Software\FocusInteractive
Key Found : HKLM\Software\Fun Web Products
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26905584-7EA3-4961-85C7-59B6D12A4B82}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5561F79-A0C2-43B6-B093-D1AAEC2256E7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Found : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowseFox
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1830E615-ADC4-482A-9AD8-A2F179A0985D}
Key Found : HKLM\Software\MyWebSearch
Key Found : HKLM\Software\SweetTunes1
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F9D1C08C-2031-4E6C-AB51-50330AC2D988}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\1ClickDownload\1ClickDownload.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\TornTV.com\TornTV Downloader.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16762

-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\prefs.js ]

Line Found : user_pref("CT3282698.FF19Solved", "true");
Line Found : user_pref("CT3282698.UserID", "UN11750400089371181");
Line Found : user_pref("CT3282698.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3282698.fullUserID", "UN11750400089371181.IN.20131110014351");
Line Found : user_pref("CT3282698.installDate", "10/11/2013 01:43:55");
Line Found : user_pref("CT3282698.installSessionId", "{2C9CEBD0-9D28-43F3-944E-93EFA4759BD3}");
Line Found : user_pref("CT3282698.installSp", "TRUE");
Line Found : user_pref("CT3282698.installerVersion", "1.7.1.7");
Line Found : user_pref("CT3282698.keyword", "true");
Line Found : user_pref("CT3282698.originalHomepage", "about:home");
Line Found : user_pref("CT3282698.originalSearchAddressUrl", "");
Line Found : user_pref("CT3282698.originalSearchEngine", "");
Line Found : user_pref("CT3282698.originalSearchEngineName", "");
Line Found : user_pref("CT3282698.searchRevert", "false");
Line Found : user_pref("CT3282698.searchUserMode", "2");
Line Found : user_pref("CT3282698.smartbar.homepage", "true");
Line Found : user_pref("CT3282698.versionFromInstaller", "10.22.2.30");
Line Found : user_pref("CT3282698.xpeMode", "0");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("browser.search.defaultthis.engineName", "SweetTunes1 Customized Web Search");
Line Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110143");
Line Found : user_pref("extensions.BabylonToolbar_i.hardId", "04008a5b000000000000001f1601bcd7");
Line Found : user_pref("extensions.BabylonToolbar_i.id", "04008a5b000000000000001f1601bcd7");
Line Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15405");
Line Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar_i.ovrDmn", "isearch.babylon.com");
Line Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:19:10");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.dfltLng", "en");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.id", "04008a5b000000000000001f1601bcd7");
Line Found : user_pref("extensions.delta.instlDay", "15966");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.24.616:47:42");
Line Found : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Found : user_pref("extensions.delta_i.babExt", "");
Line Found : user_pref("extensions.delta_i.babTrack", "affID=119776&tt=150913_enh&tsp=5009");
Line Found : user_pref("extensions.delta_i.srcExt", "ss");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3282698");
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3282698");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3282698");
Line Found : user_pref("smartbar.machineId", "OHM6J+D3WWCNK+BRO4RMAPPY6NBQQ9L+4XRP9XCCPGDMIHQTCGJ/WKM+8RFNJXPSWCJZKACRDTAC2RVHWAY6KQ");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : urls_to_restore_on_startup
Found : homepage
Found : urls_to_restore_on_startup
Found : homepage
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [17304 octets] - [10/11/2013 21:29:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [17365 octets] ##########

When you check it out, then I should do the cleaning, right?

kevinf80 · November 10, 2013

Yes all of those entries in the AdwCleaner log need to go....

Terza · November 10, 2013

# AdwCleaner v3.011 - Report created 10/11/2013 at 22:08:12
# Updated 03/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : PC - COMPUTER-PC
# Running from : C:\Documents and Settings\PC\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Util lucky leap

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AlawarWrapper
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\BonanzaDeals
Folder Deleted : C:\Program Files\FunWebProducts
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\MyWebSearch
Folder Deleted : C:\Program Files\TornTV.com
Folder Deleted : C:\DOCUME~1\PC\LOCALS~1\Temp\AskSearch
Folder Deleted : C:\DOCUME~1\PC\LOCALS~1\Temp\BabylonToolbar
Folder Deleted : C:\DOCUME~1\PC\LOCALS~1\Temp\Conduit
Folder Deleted : C:\Documents and Settings\PC\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\PC\Application Data\FunWebProducts
Folder Deleted : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\bProtector_extensions.rdf
File Deleted : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\invalidprefs.js
File Deleted : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\searchplugins\SearchquWebSearch.xml
File Deleted : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bandoo
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKCU\Software\5b2ded9bc6de913
Key Deleted : HKLM\SOFTWARE\5b2ded9bc6de913
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282698
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB148894-D0D0-49A7-BDD1-72907F3F1893}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1830E615-ADC4-482A-9AD8-A2F179A0985D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9D1C08C-2031-4E6C-AB51-50330AC2D988}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1830E615-ADC4-482A-9AD8-A2F179A0985D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5561F79-A0C2-43B6-B093-D1AAEC2256E7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26905584-7EA3-4961-85C7-59B6D12A4B82}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F9D1C08C-2031-4E6C-AB51-50330AC2D988}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\1ClickDownload\1ClickDownload.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\TornTV.com\TornTV Downloader.exe]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BonanzaDealsLive
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Fun Web Products
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKCU\Software\SearchquMediabarTb
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\SweetTunes1
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\FocusInteractive
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\MyWebSearch
Key Deleted : HKLM\Software\SweetTunes1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowseFox

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16762

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]

-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\zo7hp54f.default\prefs.js ]

Line Deleted : user_pref("CT3282698.FF19Solved", "true");
Line Deleted : user_pref("CT3282698.UserID", "UN11750400089371181");
Line Deleted : user_pref("CT3282698.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3282698.fullUserID", "UN11750400089371181.IN.20131110014351");
Line Deleted : user_pref("CT3282698.installDate", "10/11/2013 01:43:55");
Line Deleted : user_pref("CT3282698.installSessionId", "{2C9CEBD0-9D28-43F3-944E-93EFA4759BD3}");
Line Deleted : user_pref("CT3282698.installSp", "TRUE");
Line Deleted : user_pref("CT3282698.installerVersion", "1.7.1.7");
Line Deleted : user_pref("CT3282698.keyword", "true");
Line Deleted : user_pref("CT3282698.originalHomepage", "about:home");
Line Deleted : user_pref("CT3282698.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3282698.originalSearchEngine", "");
Line Deleted : user_pref("CT3282698.originalSearchEngineName", "");
Line Deleted : user_pref("CT3282698.searchRevert", "false");
Line Deleted : user_pref("CT3282698.searchUserMode", "2");
Line Deleted : user_pref("CT3282698.smartbar.homepage", "true");
Line Deleted : user_pref("CT3282698.versionFromInstaller", "10.22.2.30");
Line Deleted : user_pref("CT3282698.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "SweetTunes1 Customized Web Search");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110143");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "04008a5b000000000000001f1601bcd7");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "04008a5b000000000000001f1601bcd7");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15405");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.ovrDmn", "isearch.babylon.com");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:19:10");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "04008a5b000000000000001f1601bcd7");
Line Deleted : user_pref("extensions.delta.instlDay", "15966");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.616:47:42");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119776&tt=150913_enh&tsp=5009");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3282698");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3282698");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3282698");
Line Deleted : user_pref("smartbar.machineId", "OHM6J+D3WWCNK+BRO4RMAPPY6NBQQ9L+4XRP9XCCPGDMIHQTCGJ/WKM+8RFNJXPSWCJZKACRDTAC2RVHWAY6KQ");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [17446 octets] - [10/11/2013 21:29:15]
AdwCleaner[s0].txt - [17534 octets] - [10/11/2013 22:08:12]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [17595 octets] ##########

And here is the mbam-log.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.10.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
PC :: COMPUTER-PC [administrator]

Protection: Enabled

10-Nov-13 22:15:40
mbam-log-2013-11-10 (22-15-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219055
Time elapsed: 15 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 44
C:\Documents and Settings\PC\My Documents\Downloads\SoftonicDownloader_for_spss (1).exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\My Documents\Downloads\SoftonicDownloader_for_spss.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\My Documents\Downloads\Barn_Yarn_CE_Full_PreCracked_Foxy_Games.exe (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\My Documents\Downloads\winamp5621_full_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\crJK1Z2D.exe.part (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\dyJsxvzt.exe.part (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\LLchSiPS.exe.part (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\8EE7B1AC-BAB0-7891-BE9F-9F825D6ED4DD\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\8EE7B1AC-BAB0-7891-BE9F-9F825D6ED4DD\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\8EE7B1AC-BAB0-7891-BE9F-9F825D6ED4DD\Latest\ccp.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\8EE7B1AC-BAB0-7891-BE9F-9F825D6ED4DD\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\8EE7B1AC-BAB0-7891-BE9F-9F825D6ED4DD\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\8EE7B1AC-BAB0-7891-BE9F-9F825D6ED4DD\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\8EE7B1AC-BAB0-7891-BE9F-9F825D6ED4DD\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\8EE7B1AC-BAB0-7891-BE9F-9F825D6ED4DD\Latest\DSearchLink.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\sl.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\3413D87E-BAB0-7891-9801-2C50BA107053\MyBabylonTB.exe (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\d4292a1a-a26f-4aa4-87f8-c6aa45108c75.tmp (PUP.Optional.4Shared) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\2O0H0KXD\sweettunes1[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\835VK9E3\checktbexist[2].exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\89QLH3E8\conduitinstaller[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\DJ04T47T\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\DJ04T47T\SweetTunes1[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\DJ04T47T\SweetTunes1_wpf[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\DJ04T47T\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\CT3282698.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\CT3282698.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\initdata.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Local Settings\Temp\ct3282698\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)

Terza · November 10, 2013

I think the problem has been solved! Now there is only one regular rundll32.exe process. Thank you very much Kevin! I am in your debt!

kevinf80 · November 10, 2013

Run one more quick scan with Malwarebytes, post that log,

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Terza · November 10, 2013

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.10.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
PC :: COMPUTER-PC [administrator]

Protection: Disabled

10-Nov-13 23:09:09
mbam-log-2013-11-10 (23-09-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218827
Time elapsed: 14 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I can't open either of those two links that you gave me for Security check. Can I download it from somewhere else? Both links that you gave me, stand on "Waiting for http://screen317.spywareinfoforum.org".

kevinf80 · November 10, 2013

Maybe the sites related to the d/l links are down at present, is no big deal I can see what I need from previous logs..

Although your version of Java is current there is an outdated version still present on your system, go to start > control panel > Add/Remove Programs > Uninstall the following:

Java 6 Update 35

Next,

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

Untick the option for any security scanner or toolbar if offered.

Download and install.

Having the latest updates ensures there are no security vulnerabilities in your system.

Next,

We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

Next,

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

Next,

Uninstall adwcleaner.exe

Please close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Uninstall
Click Yes at Would you like to Uninstall Adwcleaner

Let me know if those steps complete, also if any remaining issues or concerns...

Kevin

fixlist.txt

Terza · November 10, 2013

I've completed all of the steps, and I think everything is in right order now. Thanks once again Kevin for all the help! Hope I won't have any more issues,

Best regards!

kevinf80 · November 10, 2013

Excellent, just what we like to hear. Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

Kevin....

AdvancedSetup · November 13, 2013

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Two active rundll32.exe processes and one of them is using gradualy more and more memory

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information