Ultraman Icon

Aristarcus · July 11, 2015

During the Googe Doodles browser celebrating 114 th birthday of Eiji Tsuburayas, who makes films using "monsters", this icon appeared in centre of desktop.The browser ran a montage of which this was one.
Unable to access or delete.
Malware or virus progs wont touch it.

screenshot attached
Any ideas?

ultraman image.bmp

Psychotic · July 12, 2015

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

Run FRST.
Don´t change one of the checkboxes and hit Scan.
Logfiles are created on your desktop.
Poste the FRST.txt and (after the first scan only!) the Addition.txt.

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

Double click the aswMBR.exe icon, and click Run.
There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
Click the Scan button to start the scan once the update has finished downloading
On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Aristarcus · July 12, 2015

Hi

Thank you for quick reply.

.txt enclosed. Addition to follow.

FRST.txt

Aristarcus · July 12, 2015

Addition.txt attached

thanks

Addition.txt

Aristarcus · July 12, 2015

Hi

Here is aswMBR

thanks again

aswMBR.txt

Aristarcus · July 12, 2015

Hi Have re read your instructions.

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-07-12 13:33:58
-----------------------------
13:33:58.093    OS Version: Windows 5.1.2600 Service Pack 3
13:33:58.093    Number of processors: 1 586 0x304
13:33:58.093    ComputerName: DEVALETTE UserName:
13:33:58.875    Initialize success
13:33:59.000    VM: initialized successfully
13:33:59.000    VM: Intel CPU virtualization not supported
13:42:20.531    AVAST engine defs: 15071101
13:42:47.484    The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
13:42:57.187    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
13:42:57.187    Disk 0 Vendor: WDC_WD3200AVJS-63B6A0 01.03A01 Size: 305245MB BusType: 3
13:42:58.500    Disk 0 MBR read successfully
13:42:58.500    Disk 0 MBR scan
13:42:59.390    Disk 0 Windows XP default MBR code
13:42:59.437    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS       305242 MB offset 63
13:42:59.515    Disk 0 unknown boot code
13:42:59.718    Disk 0 statistics 277/0/0 @ 0.23 MB/s
13:42:59.718    Scan finished successfully
13:45:36.531    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
13:45:36.562    The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

Aristarcus · July 12, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2015
Ran by Administrator (administrator) on DEVALETTE on 12-07-2015 13:13:14
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\ati2evxx.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
( ) C:\WINDOWS\system32\lxducoms.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Sony Corporation) C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
() C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
() C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(Microsoft Corporation) C:\PROGRA~1\MICROS~3\rapimgr.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Dropbox, Inc.) C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Reader Library Launcher] => C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-13] (Sony Corporation)
HKLM\...\Run: [lxdumon.exe] => C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe [676520 2008-05-30] ()
HKLM\...\Run: [lxduamon] => C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe [16040 2008-05-30] ()
HKLM\...\Run: [Lexmark 5600-6600 Series Fax Server] => C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe [311976 2008-05-30] ()
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [335872 2004-05-25] (ATI Technologies, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949592 2015-02-14] (APN)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1214440339-1364589140-839522115-500\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKU\S-1-5-21-1214440339-1364589140-839522115-500\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-1214440339-1364589140-839522115-500\...\Run: [Dropbox Update] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-1214440339-1364589140-839522115-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File not found
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-11]
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk [2013-10-29]
ShortcutTarget: AutoCAD LT Startup Accelerator.lnk -> C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2004-02-25] (Autodesk)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=GB&userid=b4b2d7f9-f344-4697-8e96-cd20038fece6&searchtype=ds&q={searchTerms}&installDate=19/09/2013
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=GB&userid=b4b2d7f9-f344-4697-8e96-cd20038fece6&searchtype=ds&q={searchTerms}&installDate=19/09/2013
HKU\S-1-5-21-1214440339-1364589140-839522115-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1214440339-1364589140-839522115-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com"<======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {429559AC-1128-D420-90E1-0E1894E36CB8} URL = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=GB&userid=b4b2d7f9-f344-4697-8e96-cd20038fece6&searchtype=ds&q={searchTerms}&installDate=19/09/2013
SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> URL http://search.conduit.com/Results.aspx?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP33A50045-6736-4DF4-967C-A3C7C549B66D&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtD0FtC0F0D0DzzyCyE0AyBtD0F0AtN0D0Tzu0CyCyCzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=5260213&ir=
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-17] (Oracle Corporation)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File
BHO: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll [2008-05-30] ()
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-17] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
Toolbar: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{FA4A3B1C-2A85-4335-BDE3-E12B2603A7E9}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M95522E8F-2408-494B-BB97-632AC5E227D5&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP046D9554-79E9-450D-B6B2-A664F143E365
FF SelectedSearchEngine: Trovi search
FF Homepage: about:home
FF Keyword.URL:
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-10-14] (Google)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-07-22] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-07-22] (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @sony.com/eBookLibrary -> C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll [2010-07-13] (Sony Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-12] (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\ask-search.xml [2015-02-17]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\trovi-search.xml [2014-06-09]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\searchplugins\trovi-search.xml [2014-06-09]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-05-13]
FF Extension: FindRight - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-21]
FF Extension: ADB Helper - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\adbhelper@mozilla.org [2015-07-03]
FF Extension: Saved Password Editor - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\savedpasswordeditor@daniel.dawson.xpi [2013-10-27]
FF Extension: FindRight - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-21]
FF Extension: NoScript - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-30]
FF Extension: Password Exporter - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2013-11-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-07]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-31]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-18]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-23]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-23]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-23]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-23]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-10-23]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-23]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-23]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-31] (APN LLC.)
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [397312 2004-05-25] ()
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-05-25] () [File not signed]
S2 lxduCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe [98984 2008-05-24] (Lexmark International, Inc.)
R2 lxdu_device; C:\WINDOWS\system32\lxducoms.exe [594600 2008-05-24] ( )
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2222360 2015-06-02] (IBM Corp.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2462160 2014-07-21] (Paramount Software UK Ltd)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 Sony SCSI Helper Service; C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed]
S4 Websteroids; C:\Documents and Settings\All Users\Application Data\Websteroids\Websteroids.exe [150392 2014-02-11] (Creative Island Media, LLC)
S2 SBAMSvc; "C:\Program Files\ParetoLogic\ParetoLogic Internet Security\SBAMSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2011-06-30] (Cisco Systems, Inc.) [File not signed]
S3 atidgllk; C:\dell\drivers\R105090\atidgllk.sys [5120 2005-03-11] (ATI Technologies Inc.) [File not signed]
S3 eyeonedp; C:\WINDOWS\System32\DRIVERS\eyeonedp.sys [44344 2003-11-27] () [File not signed]
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-10-23] ()
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [13528 2014-07-21] ()
R1 RapportCerberus_1412112; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1412112.sys [531416 2015-06-23] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [280088 2015-06-02] (IBM Corp.)
R0 RapportKELL; C:\WINDOWS\System32\Drivers\RapportKELL.sys [218264 2015-06-02] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [337176 2015-06-02] (IBM Corp.)
R1 sbaphd; C:\WINDOWS\System32\drivers\sbaphd.sys [22064 2012-09-12] (GFI Software)
R2 sbapifs; C:\WINDOWS\System32\drivers\sbapifs.sys [66344 2012-09-12] (GFI Software)
R1 SbFw; C:\WINDOWS\System32\drivers\SbFw.sys [337184 2012-09-20] (GFI Software)
S3 SBFWIMCL; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [95488 2012-09-12] (GFI Software)
R3 SBFWIMCLMP; C:\WINDOWS\System32\DRIVERS\SBFWIM.sys [95488 2012-09-12] (GFI Software)
S3 sbhips; C:\WINDOWS\System32\drivers\sbhips.sys [94496 2012-09-20] (GFI Software)
R1 sbtis; C:\WINDOWS\System32\drivers\sbtis.sys [222368 2012-09-20] (GFI Software)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S3 WIMMount; C:\Program Files\Macrium\Reflect\wimmount.sys [19024 2015-03-29] (Microsoft Corporation)
S3 aeaudio; system32\drivers\aeaudio.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S4 IntelIde; No ImagePath
U0 mfewfpk; No ImagePath
S3 rt2870; system32\DRIVERS\rt2870.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 13:12 - 2015-07-12 13:13 - 00000000 ____D C:\FRST
2015-07-12 02:34 - 2015-07-12 12:16 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-11 04:27 - 2015-07-11 04:27 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Dropbox
2015-07-10 09:40 - 2015-07-10 09:40 - 05760054 _____ C:\Documents and Settings\Administrator\Desktop\ultraman image.bmp
2015-07-09 23:04 - 2015-07-09 23:05 - 27093992 _____ (McAfee) C:\Program Files\Common Files\lpuninstall.exe
2015-07-09 23:04 - 2015-07-09 23:04 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\SafeKeytmp
2015-07-09 23:04 - 2015-07-09 23:04 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\SafeKeylang
2015-07-09 23:00 - 2015-07-10 11:24 - 00000000 ____D C:\Program Files\McAfee
2015-07-09 22:33 - 2015-07-10 11:30 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\New Folder
2015-07-09 22:15 - 2015-07-09 22:15 - 00001816 _____ C:\Documents and Settings\Administrator\Desktop\McAfee Security Scan Plus.lnk
2015-06-27 11:29 - 2015-06-27 11:30 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Clued Up
2015-06-24 22:05 - 2015-07-09 00:04 - 00017920 _____ C:\Documents and Settings\Administrator\Desktop\Zorro Memocams.xls
2015-06-18 23:20 - 2015-07-12 12:25 - 00001020 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1214440339-1364589140-839522115-500UA.job
2015-06-18 23:20 - 2015-07-11 23:25 - 00000968 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1214440339-1364589140-839522115-500Core.job
2015-06-18 23:20 - 2015-06-18 23:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Dropbox
2015-06-18 23:20 - 2015-06-18 23:20 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 13:13 - 2013-12-03 15:22 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 13:13 - 2011-03-28 22:41 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-07-12 12:58 - 2011-03-29 21:53 - 01716991 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-12 12:52 - 2011-03-31 00:00 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-07-12 11:16 - 2013-10-29 20:39 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-07-12 10:10 - 2014-07-24 18:56 - 00000466 _____ C:\WINDOWS\Tasks\At1.job
2015-07-12 09:13 - 2013-12-03 15:22 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-12 02:34 - 2014-09-02 00:32 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2015-07-12 02:34 - 2013-10-23 14:12 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-12 02:34 - 2013-10-23 14:12 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-07-11 22:06 - 2014-02-23 22:56 - 00000410 _____ C:\WINDOWS\Tasks\ProgramUpdateCheck.job
2015-07-11 21:59 - 2014-02-23 22:56 - 00000394 _____ C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job
2015-07-11 21:58 - 2014-02-23 22:56 - 00000466 _____ C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job
2015-07-11 20:40 - 2014-07-24 18:56 - 00000466 _____ C:\WINDOWS\Tasks\At2.job
2015-07-11 19:25 - 2011-03-28 22:41 - 00032442 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-11 18:56 - 2014-07-24 18:56 - 00000466 _____ C:\WINDOWS\Tasks\At3.job
2015-07-11 14:55 - 2013-10-29 20:39 - 00000820 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2015-07-11 14:00 - 2014-07-24 18:56 - 00000466 _____ C:\WINDOWS\Tasks\At4.job
2015-07-11 13:50 - 2013-10-23 02:47 - 00454311 _____ C:\WINDOWS\setupapi.log
2015-07-11 04:28 - 2014-08-05 12:32 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\Dropbox
2015-07-11 04:28 - 2014-08-05 12:27 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Dropbox
2015-07-11 01:25 - 2013-10-29 20:39 - 00000302 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1214440339-1364589140-839522115-500.job
2015-07-10 11:24 - 2011-09-13 10:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2015-07-10 11:23 - 2011-03-28 23:20 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-07-10 11:23 - 2011-03-28 23:20 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-07-10 11:23 - 2003-07-16 17:46 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-10 11:22 - 2014-03-31 12:45 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-07-10 11:22 - 2013-10-30 17:13 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-07-10 11:22 - 2013-10-29 20:39 - 00000294 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1214440339-1364589140-839522115-500.job
2015-07-10 11:22 - 2011-03-28 22:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-10 11:21 - 2013-10-30 16:22 - 00524288 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2015-07-10 11:21 - 2011-03-28 22:41 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-07-09 23:15 - 2013-05-24 15:27 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2015-07-09 22:22 - 2011-03-28 22:25 - 00000000 ____D C:\WINDOWS\Registration
2015-07-09 00:48 - 2011-03-31 00:06 - 00000000 ____D C:\Documents and Settings\All Users\Lx_cats
2015-07-08 15:00 - 2014-03-31 12:45 - 00000232 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-07-07 12:37 - 2015-06-06 16:35 - 00015360 _____ C:\Documents and Settings\Administrator\Desktop\values for tank switching.xls
2015-07-07 11:40 - 2013-10-30 16:22 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-07-05 18:22 - 2013-10-02 18:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-05 18:17 - 2015-04-07 22:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-01 07:47 - 2013-10-30 17:13 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-07-01 07:46 - 2013-10-30 17:13 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-06-25 18:11 - 2014-09-06 11:04 - 00002702 _____ C:\Documents and Settings\Administrator\My Documents\plot.log
2015-06-25 18:11 - 2011-08-04 16:34 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\CutePDF Writer
2015-06-23 13:00 - 2013-09-18 16:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection

==================== Files in the root of some directories =======

2014-03-21 18:23 - 2014-06-23 11:42 - 0000000 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2015-07-09 23:04 - 2015-07-09 23:05 - 27093992 _____ (McAfee) C:\Program Files\Common Files\lpuninstall.exe
2013-04-13 19:03 - 2013-04-13 19:03 - 0002528 _____ () C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
2013-09-13 00:37 - 2013-09-13 00:37 - 0184514 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
2013-09-13 00:38 - 2013-09-13 00:38 - 0236111 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
2011-08-09 14:20 - 2014-05-09 15:11 - 0011776 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-31 23:48 - 2011-03-31 23:48 - 0000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
2013-09-13 00:01 - 2013-09-13 00:01 - 0000036 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
2013-10-24 10:43 - 2013-10-24 10:43 - 0000252 _____ () C:\Documents and Settings\All Users\FastPics.log
2013-10-23 22:16 - 2013-10-26 14:47 - 0008156 _____ () C:\Documents and Settings\All Users\lxdu.log
2013-10-23 22:06 - 2013-10-25 14:32 - 0000561 _____ () C:\Documents and Settings\All Users\lxduDiagnostics.log
2013-11-03 15:20 - 2013-11-03 15:31 - 0004660 _____ () C:\Documents and Settings\All Users\lxduJSW.log
2013-10-24 00:30 - 2013-10-24 00:30 - 0141432 _____ () C:\Documents and Settings\All Users\SPL103.tmp
2013-11-09 20:42 - 2013-11-09 20:42 - 0186098 _____ () C:\Documents and Settings\All Users\SPL2.tmp
2013-11-10 00:43 - 2013-11-10 00:43 - 0177340 _____ () C:\Documents and Settings\All Users\SPL24.tmp
2014-10-25 20:47 - 2014-10-25 20:47 - 2396603 _____ () C:\Documents and Settings\All Users\SPL609.tmp
2013-11-09 15:04 - 2013-11-09 15:04 - 0186098 _____ () C:\Documents and Settings\All Users\SPL9C.tmp
2011-03-30 23:56 - 2011-03-30 23:56 - 0000000 _____ () C:\Documents and Settings\All Users\UpdaterLog.txt

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf_6cb9.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Aristarcus · July 12, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2015
Ran by Administrator (administrator) on DEVALETTE on 12-07-2015 13:13:14
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\ati2evxx.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
( ) C:\WINDOWS\system32\lxducoms.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Sony Corporation) C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
() C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
() C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(Microsoft Corporation) C:\PROGRA~1\MICROS~3\rapimgr.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Dropbox, Inc.) C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Reader Library Launcher] => C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-13] (Sony Corporation)
HKLM\...\Run: [lxdumon.exe] => C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe [676520 2008-05-30] ()
HKLM\...\Run: [lxduamon] => C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe [16040 2008-05-30] ()
HKLM\...\Run: [Lexmark 5600-6600 Series Fax Server] => C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe [311976 2008-05-30] ()
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [335872 2004-05-25] (ATI Technologies, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949592 2015-02-14] (APN)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1214440339-1364589140-839522115-500\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKU\S-1-5-21-1214440339-1364589140-839522115-500\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-1214440339-1364589140-839522115-500\...\Run: [Dropbox Update] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-1214440339-1364589140-839522115-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File not found
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-11]
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk [2013-10-29]
ShortcutTarget: AutoCAD LT Startup Accelerator.lnk -> C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2004-02-25] (Autodesk)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=GB&userid=b4b2d7f9-f344-4697-8e96-cd20038fece6&searchtype=ds&q={searchTerms}&installDate=19/09/2013
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=GB&userid=b4b2d7f9-f344-4697-8e96-cd20038fece6&searchtype=ds&q={searchTerms}&installDate=19/09/2013
HKU\S-1-5-21-1214440339-1364589140-839522115-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1214440339-1364589140-839522115-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com"<======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {429559AC-1128-D420-90E1-0E1894E36CB8} URL = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=GB&userid=b4b2d7f9-f344-4697-8e96-cd20038fece6&searchtype=ds&q={searchTerms}&installDate=19/09/2013
SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> URL http://search.conduit.com/Results.aspx?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP33A50045-6736-4DF4-967C-A3C7C549B66D&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtD0FtC0F0D0DzzyCyE0AyBtD0F0AtN0D0Tzu0CyCyCzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=5260213&ir=
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-17] (Oracle Corporation)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File
BHO: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll [2008-05-30] ()
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-17] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
Toolbar: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{FA4A3B1C-2A85-4335-BDE3-E12B2603A7E9}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M95522E8F-2408-494B-BB97-632AC5E227D5&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP046D9554-79E9-450D-B6B2-A664F143E365
FF SelectedSearchEngine: Trovi search
FF Homepage: about:home
FF Keyword.URL:
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-10-14] (Google)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-07-22] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-07-22] (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @sony.com/eBookLibrary -> C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll [2010-07-13] (Sony Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-12] (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\ask-search.xml [2015-02-17]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\trovi-search.xml [2014-06-09]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\searchplugins\trovi-search.xml [2014-06-09]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-05-13]
FF Extension: FindRight - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-21]
FF Extension: ADB Helper - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\adbhelper@mozilla.org [2015-07-03]
FF Extension: Saved Password Editor - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\savedpasswordeditor@daniel.dawson.xpi [2013-10-27]
FF Extension: FindRight - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-21]
FF Extension: NoScript - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-30]
FF Extension: Password Exporter - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2013-11-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-07]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-31]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-18]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-23]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-23]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-23]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-23]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-10-23]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-23]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-23]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-31] (APN LLC.)
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [397312 2004-05-25] ()
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-05-25] () [File not signed]
S2 lxduCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe [98984 2008-05-24] (Lexmark International, Inc.)
R2 lxdu_device; C:\WINDOWS\system32\lxducoms.exe [594600 2008-05-24] ( )
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2222360 2015-06-02] (IBM Corp.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2462160 2014-07-21] (Paramount Software UK Ltd)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 Sony SCSI Helper Service; C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed]
S4 Websteroids; C:\Documents and Settings\All Users\Application Data\Websteroids\Websteroids.exe [150392 2014-02-11] (Creative Island Media, LLC)
S2 SBAMSvc; "C:\Program Files\ParetoLogic\ParetoLogic Internet Security\SBAMSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2011-06-30] (Cisco Systems, Inc.) [File not signed]
S3 atidgllk; C:\dell\drivers\R105090\atidgllk.sys [5120 2005-03-11] (ATI Technologies Inc.) [File not signed]
S3 eyeonedp; C:\WINDOWS\System32\DRIVERS\eyeonedp.sys [44344 2003-11-27] () [File not signed]
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-10-23] ()
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [13528 2014-07-21] ()
R1 RapportCerberus_1412112; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1412112.sys [531416 2015-06-23] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [280088 2015-06-02] (IBM Corp.)
R0 RapportKELL; C:\WINDOWS\System32\Drivers\RapportKELL.sys [218264 2015-06-02] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [337176 2015-06-02] (IBM Corp.)
R1 sbaphd; C:\WINDOWS\System32\drivers\sbaphd.sys [22064 2012-09-12] (GFI Software)
R2 sbapifs; C:\WINDOWS\System32\drivers\sbapifs.sys [66344 2012-09-12] (GFI Software)
R1 SbFw; C:\WINDOWS\System32\drivers\SbFw.sys [337184 2012-09-20] (GFI Software)
S3 SBFWIMCL; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [95488 2012-09-12] (GFI Software)
R3 SBFWIMCLMP; C:\WINDOWS\System32\DRIVERS\SBFWIM.sys [95488 2012-09-12] (GFI Software)
S3 sbhips; C:\WINDOWS\System32\drivers\sbhips.sys [94496 2012-09-20] (GFI Software)
R1 sbtis; C:\WINDOWS\System32\drivers\sbtis.sys [222368 2012-09-20] (GFI Software)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S3 WIMMount; C:\Program Files\Macrium\Reflect\wimmount.sys [19024 2015-03-29] (Microsoft Corporation)
S3 aeaudio; system32\drivers\aeaudio.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S4 IntelIde; No ImagePath
U0 mfewfpk; No ImagePath
S3 rt2870; system32\DRIVERS\rt2870.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 13:12 - 2015-07-12 13:13 - 00000000 ____D C:\FRST
2015-07-12 02:34 - 2015-07-12 12:16 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-11 04:27 - 2015-07-11 04:27 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Dropbox
2015-07-10 09:40 - 2015-07-10 09:40 - 05760054 _____ C:\Documents and Settings\Administrator\Desktop\ultraman image.bmp
2015-07-09 23:04 - 2015-07-09 23:05 - 27093992 _____ (McAfee) C:\Program Files\Common Files\lpuninstall.exe
2015-07-09 23:04 - 2015-07-09 23:04 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\SafeKeytmp
2015-07-09 23:04 - 2015-07-09 23:04 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\SafeKeylang
2015-07-09 23:00 - 2015-07-10 11:24 - 00000000 ____D C:\Program Files\McAfee
2015-07-09 22:33 - 2015-07-10 11:30 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\New Folder
2015-07-09 22:15 - 2015-07-09 22:15 - 00001816 _____ C:\Documents and Settings\Administrator\Desktop\McAfee Security Scan Plus.lnk
2015-06-27 11:29 - 2015-06-27 11:30 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Clued Up
2015-06-24 22:05 - 2015-07-09 00:04 - 00017920 _____ C:\Documents and Settings\Administrator\Desktop\Zorro Memocams.xls
2015-06-18 23:20 - 2015-07-12 12:25 - 00001020 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1214440339-1364589140-839522115-500UA.job
2015-06-18 23:20 - 2015-07-11 23:25 - 00000968 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1214440339-1364589140-839522115-500Core.job
2015-06-18 23:20 - 2015-06-18 23:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Dropbox
2015-06-18 23:20 - 2015-06-18 23:20 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 13:13 - 2013-12-03 15:22 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 13:13 - 2011-03-28 22:41 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-07-12 12:58 - 2011-03-29 21:53 - 01716991 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-12 12:52 - 2011-03-31 00:00 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-07-12 11:16 - 2013-10-29 20:39 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-07-12 10:10 - 2014-07-24 18:56 - 00000466 _____ C:\WINDOWS\Tasks\At1.job
2015-07-12 09:13 - 2013-12-03 15:22 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-12 02:34 - 2014-09-02 00:32 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2015-07-12 02:34 - 2013-10-23 14:12 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-12 02:34 - 2013-10-23 14:12 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-07-11 22:06 - 2014-02-23 22:56 - 00000410 _____ C:\WINDOWS\Tasks\ProgramUpdateCheck.job
2015-07-11 21:59 - 2014-02-23 22:56 - 00000394 _____ C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job
2015-07-11 21:58 - 2014-02-23 22:56 - 00000466 _____ C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job
2015-07-11 20:40 - 2014-07-24 18:56 - 00000466 _____ C:\WINDOWS\Tasks\At2.job
2015-07-11 19:25 - 2011-03-28 22:41 - 00032442 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-11 18:56 - 2014-07-24 18:56 - 00000466 _____ C:\WINDOWS\Tasks\At3.job
2015-07-11 14:55 - 2013-10-29 20:39 - 00000820 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2015-07-11 14:00 - 2014-07-24 18:56 - 00000466 _____ C:\WINDOWS\Tasks\At4.job
2015-07-11 13:50 - 2013-10-23 02:47 - 00454311 _____ C:\WINDOWS\setupapi.log
2015-07-11 04:28 - 2014-08-05 12:32 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\Dropbox
2015-07-11 04:28 - 2014-08-05 12:27 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Dropbox
2015-07-11 01:25 - 2013-10-29 20:39 - 00000302 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1214440339-1364589140-839522115-500.job
2015-07-10 11:24 - 2011-09-13 10:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2015-07-10 11:23 - 2011-03-28 23:20 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-07-10 11:23 - 2011-03-28 23:20 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-07-10 11:23 - 2003-07-16 17:46 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-10 11:22 - 2014-03-31 12:45 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-07-10 11:22 - 2013-10-30 17:13 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-07-10 11:22 - 2013-10-29 20:39 - 00000294 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1214440339-1364589140-839522115-500.job
2015-07-10 11:22 - 2011-03-28 22:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-10 11:21 - 2013-10-30 16:22 - 00524288 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2015-07-10 11:21 - 2011-03-28 22:41 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-07-09 23:15 - 2013-05-24 15:27 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2015-07-09 22:22 - 2011-03-28 22:25 - 00000000 ____D C:\WINDOWS\Registration
2015-07-09 00:48 - 2011-03-31 00:06 - 00000000 ____D C:\Documents and Settings\All Users\Lx_cats
2015-07-08 15:00 - 2014-03-31 12:45 - 00000232 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-07-07 12:37 - 2015-06-06 16:35 - 00015360 _____ C:\Documents and Settings\Administrator\Desktop\values for tank switching.xls
2015-07-07 11:40 - 2013-10-30 16:22 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-07-05 18:22 - 2013-10-02 18:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-05 18:17 - 2015-04-07 22:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-01 07:47 - 2013-10-30 17:13 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-07-01 07:46 - 2013-10-30 17:13 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-06-25 18:11 - 2014-09-06 11:04 - 00002702 _____ C:\Documents and Settings\Administrator\My Documents\plot.log
2015-06-25 18:11 - 2011-08-04 16:34 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\CutePDF Writer
2015-06-23 13:00 - 2013-09-18 16:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection

==================== Files in the root of some directories =======

2014-03-21 18:23 - 2014-06-23 11:42 - 0000000 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2015-07-09 23:04 - 2015-07-09 23:05 - 27093992 _____ (McAfee) C:\Program Files\Common Files\lpuninstall.exe
2013-04-13 19:03 - 2013-04-13 19:03 - 0002528 _____ () C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
2013-09-13 00:37 - 2013-09-13 00:37 - 0184514 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
2013-09-13 00:38 - 2013-09-13 00:38 - 0236111 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
2011-08-09 14:20 - 2014-05-09 15:11 - 0011776 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-31 23:48 - 2011-03-31 23:48 - 0000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
2013-09-13 00:01 - 2013-09-13 00:01 - 0000036 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
2013-10-24 10:43 - 2013-10-24 10:43 - 0000252 _____ () C:\Documents and Settings\All Users\FastPics.log
2013-10-23 22:16 - 2013-10-26 14:47 - 0008156 _____ () C:\Documents and Settings\All Users\lxdu.log
2013-10-23 22:06 - 2013-10-25 14:32 - 0000561 _____ () C:\Documents and Settings\All Users\lxduDiagnostics.log
2013-11-03 15:20 - 2013-11-03 15:31 - 0004660 _____ () C:\Documents and Settings\All Users\lxduJSW.log
2013-10-24 00:30 - 2013-10-24 00:30 - 0141432 _____ () C:\Documents and Settings\All Users\SPL103.tmp
2013-11-09 20:42 - 2013-11-09 20:42 - 0186098 _____ () C:\Documents and Settings\All Users\SPL2.tmp
2013-11-10 00:43 - 2013-11-10 00:43 - 0177340 _____ () C:\Documents and Settings\All Users\SPL24.tmp
2014-10-25 20:47 - 2014-10-25 20:47 - 2396603 _____ () C:\Documents and Settings\All Users\SPL609.tmp
2013-11-09 15:04 - 2013-11-09 15:04 - 0186098 _____ () C:\Documents and Settings\All Users\SPL9C.tmp
2011-03-30 23:56 - 2011-03-30 23:56 - 0000000 _____ () C:\Documents and Settings\All Users\UpdaterLog.txt

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf_6cb9.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Aristarcus · July 12, 2015

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-07-2015
Ran by Administrator at 2015-07-12 13:14:16
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1214440339-1364589140-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1214440339-1364589140-839522115-1004 - Limited - Enabled)
Guest (S-1-5-21-1214440339-1364589140-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1214440339-1364589140-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1214440339-1364589140-839522115-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: PC Cleaner Pro (Disabled - Up to date) {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ParetoLogic ParetoLogic Internet Security (Disabled - Out of date) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: ParetoLogic ParetoLogic Internet Security (Disabled) {FF1CD5B7-1553-4625-A258-1775385CED33}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARRL 2012 Handbook (HKLM\...\{8745CF29-FA1B-49D6-862F-1328D3D628EF}) (Version: 16.00.0000 - ARRL)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1008 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5103 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.012.1-040525b-015827C-Dell - )
Audacity 1.3.13 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
AutoCAD LT 2005 - English (HKLM\...\{5783F2D7-0309-0409-0002-0060B0CE6BBA}) (Version: 16.1.63.10 - Autodesk)
Autodesk DWF Viewer (HKLM\...\Autodesk DWF Viewer) (Version: 4.1 - Autodesk, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}) (Version: 7.03.09 - Broadcom)
Broadcom Gigabit Integrated Controller (Version: 7.03.09 - Broadcom) Hidden
Calcute 11.5.27.0 (Remove only) (HKLM\...\Calcute 11.5.27.0) (Version: - )
Camera Support Core Library (Version: 7.0.1.17 - Canon) Hidden
Camera Window (Version: 4.6.1 - Canon) Hidden
Canon Camera Support Core Library (HKLM\...\InstallShield_{B9B9863A-32FD-4133-ADB7-46244ED77694}) (Version: 7.0.1.17 - Canon)
Canon Camera Window for ZoomBrowser EX (HKLM\...\InstallShield_{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}) (Version: 4.6.1 - Canon)
Canon Internet Library for ZoomBrowser EX (HKLM\...\InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}) (Version: 1.3.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}) (Version: 1.1.1.41 - Canon)
Canon PhotoRecord (HKLM\...\{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}) (Version: 02.00.00029 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\InstallShield_{9518F764-C54D-47B2-9E73-154B21E79FD2}) (Version: 1.0 - Canon)
Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\InstallShield_{2C164906-E68F-462A-9010-70DD022223EF}) (Version: 1.0.2 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}) (Version: 3.1.13 - Canon)
Canon Utilities ZoomBrowser EX (HKLM\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 04.06.00032 - CISRA)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
CutePDF Writer Free Download Packages (HKU\S-1-5-21-1214440339-1364589140-839522115-500\...\CutePDF Writer Free Download Packages) (Version: - ) <==== ATTENTION
DashBoard 6.0.0 (HKLM\...\DashBoard) (Version: 6.0.0 - Ross Video Limited)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Dell Power Applet Update (HKLM\...\{F650704B-D32D-493F-B0C1-CB064782D19E}) (Version: - )
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Dropbox (HKU\S-1-5-21-1214440339-1364589140-839522115-500\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
File Type Assistant (HKLM\...\Trusted Software Assistant_is1) (Version: 2014.1.24.0 - ) <==== ATTENTION
FindRight (HKLM\...\FindRight) (Version: 2014.02.21.042329 - FindRight) <==== ATTENTION
Flip-Q 2.33 (HKLM\...\Flip-Q Version 2.33 Application_is1) (Version: - Flip-Q)
Free File Viewer 2014 (HKLM\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
FUJIFILM MyFinePix Studio 4.1 (HKLM\...\MyFinePix Studio_is1) (Version: - )
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{2BDCE73D-C1CF-45BF-B6EB-B010365314A3}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{6CC74460-AC9B-4E7E-91FF-833C751C092F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Internet Library (Version: 1.3.3 - Canon Inc.) Hidden
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LAME v3.98.3 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - )
Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version: - Lexmark International, Inc.)
Lexmark Printable Web (HKLM\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lexmark Tools for Office (HKLM\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.24.0.0 - )
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7290 - Paramount Software (UK) Ltd.) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft ActiveSync (HKLM\...\{99052DB7-9592-4522-A558-5417BBAD48EE}) (Version: 4.5.5096.0 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MovieEdit Task (Version: 1.1.1.41 - Canon) Hidden
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.7.0 (x86 en-US)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
PhotoStitch (Version: 3.1.13 - Canon) Hidden
PRS-500 USB driver (HKLM\...\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}) (Version: 1.0.00.08110 - Sony)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rapport (Version: 3.5.1412.176 - Trusteer) Hidden
RAW Image Task 1.0 (Version: 1.0 - Canon) Hidden
Reader Library by Sony (HKLM\...\{B70E5793-F912-4C62-AFE2-C4F0B078FD31}) (Version: 3.3.00.07130 - Sony Corporation)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RemoteCapture Task 1.0.2 (Version: 1.0.2 - Canon) Hidden
Search App by Ask (HKLM\...\{4F524A2D-5350-4500-76A7-A758B70C1902}) (Version: 12.25.2.60 - APN, LLC) <==== ATTENTION
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SoftwareWatcher bundle (HKLM\...\SoftwareWatcher bundle) (Version: 2.0.0.3 - SoftwareWatcher)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.7000 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1412.176 - Trusteer)
Vipre (Version: 6.1.5496 - Vipre) Hidden
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Websteroids (Version: 2.6.63 - Creative Island Media, LLC) Hidden <==== ATTENTION
Winamp (HKLM\...\Winamp) (Version: 5.622 - Nullsoft, Inc)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080) (HKLM\...\75070B1806113224B16C70296B90DD1AD8A53479) (Version: 08/08/2006 1.0.03.08080 - Sony Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XnView 2.20 (HKLM\...\XnView_is1) (Version: 2.20 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{74F5CC00-49A9-11CF-A2F9-444553540000}\InprocServer32 -> C:\Program Files\AutoCAD LT 2005\acltficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{8E75D913-3D21-11D2-85C4-080009A0C626}\localserver32 -> C:\Program Files\AutoCAD LT 2005\aclt.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1364589140-839522115-500_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)

==================== Restore Points =========================

05-06-2015 14:06:42 System Checkpoint
06-06-2015 15:44:37 System Checkpoint
07-06-2015 16:20:53 System Checkpoint
08-06-2015 16:28:55 System Checkpoint
09-06-2015 18:50:44 System Checkpoint
10-06-2015 19:39:14 System Checkpoint
11-06-2015 03:00:20 Software Distribution Service 3.0
12-06-2015 03:29:00 System Checkpoint
13-06-2015 04:28:58 System Checkpoint
14-06-2015 05:29:00 System Checkpoint
15-06-2015 06:29:00 System Checkpoint
16-06-2015 06:31:58 System Checkpoint
17-06-2015 06:36:25 System Checkpoint
18-06-2015 06:45:29 System Checkpoint
19-06-2015 06:50:00 System Checkpoint
20-06-2015 06:56:39 System Checkpoint
21-06-2015 07:00:04 System Checkpoint
22-06-2015 08:00:03 System Checkpoint
23-06-2015 08:03:54 System Checkpoint
23-06-2015 12:59:32 Installed Rapport
24-06-2015 13:02:03 System Checkpoint
25-06-2015 13:11:39 System Checkpoint
26-06-2015 13:57:47 System Checkpoint
27-06-2015 14:05:10 System Checkpoint
28-06-2015 15:02:18 System Checkpoint
29-06-2015 15:34:20 System Checkpoint
30-06-2015 15:37:45 System Checkpoint
01-07-2015 15:42:15 System Checkpoint
02-07-2015 15:52:19 System Checkpoint
03-07-2015 15:56:50 System Checkpoint
04-07-2015 16:56:49 System Checkpoint
05-07-2015 18:00:54 System Checkpoint
06-07-2015 18:51:14 System Checkpoint
07-07-2015 18:56:53 System Checkpoint
07-07-2015 12:05:16 System Checkpoint
08-07-2015 12:28:19 System Checkpoint
09-07-2015 13:28:19 System Checkpoint
10-07-2015 14:26:39 System Checkpoint
11-07-2015 14:42:20 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2003-07-16 17:23 - 2015-07-10 10:54 - 00431523 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   1000gratisproben.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   10sek.com
127.0.0.1   www.10sek.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   1-2005-search.com
127.0.0.1   123fporn.info
127.0.0.1   www.123fporn.info
127.0.0.1   123haustiereundmehr.com
127.0.0.1   www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1214440339-1364589140-839522115-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1214440339-1364589140-839522115-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job => C:\Program Files\File Type Assistant\TSASetup.exe
Task: C:\WINDOWS\Tasks\ProgramUpdateCheck.job => C:\Program Files\File Type Assistant\tsassist.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1214440339-1364589140-839522115-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1214440339-1364589140-839522115-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (Whitelisted) ==============

2011-03-30 09:35 - 2004-05-25 23:15 - 00397312 _____ () C:\WINDOWS\system32\Ati2evxx.exe
2013-10-30 17:13 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-10-30 17:13 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2011-04-01 00:16 - 2009-11-05 08:39 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2013-10-24 22:03 - 2008-05-01 13:41 - 00045056 _____ () C:\WINDOWS\system32\LXDUPMON.DLL
2013-10-24 22:03 - 2008-05-30 01:35 - 00086016 _____ () C:\WINDOWS\system32\LXDUOEM.DLL
2013-10-24 22:03 - 2008-05-30 01:33 - 00032768 _____ () C:\Program Files\Lexmark 5600-6600 Series\ipcmt.dll
2013-10-24 10:43 - 2008-05-24 01:17 - 00121856 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxdudrpp.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-10-30 17:13 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-10-30 17:13 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-10-30 17:13 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-07-13 01:28 - 2010-07-13 01:28 - 00856064 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\fsk.dll
2010-07-13 01:13 - 2010-07-13 01:13 - 00033792 _____ () C:\Program Files\Sony\Reader\Data\bin\FskMediaPlayers.dll
2010-07-13 01:15 - 2010-07-13 01:15 - 00233472 _____ () C:\Program Files\Sony\Reader\Data\bin\Fskin.dll
2010-07-13 01:22 - 2010-07-13 01:22 - 00020480 _____ () C:\Program Files\Sony\Reader\Data\bin\FskinLocalize.dll
2010-04-02 21:23 - 2010-04-02 21:23 - 00815104 _____ () C:\Program Files\Sony\Reader\Data\bin\FskSecurity.dll
2010-07-13 01:16 - 2010-07-13 01:16 - 00118784 _____ () C:\Program Files\Sony\Reader\Data\bin\FskDocumentViewer.dll
2010-07-13 01:22 - 2010-07-13 01:22 - 00009728 _____ () C:\Program Files\Sony\Reader\Data\bin\FskPower.dll
2010-07-13 01:26 - 2010-07-13 01:26 - 00018432 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\FskNetInterface.dll
2010-07-13 01:15 - 2010-07-13 01:15 - 00010240 _____ () C:\Program Files\Sony\Reader\Data\bin\FskMobileMediaDevice.dll
2010-07-13 01:25 - 2010-07-13 01:25 - 00008704 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll
2010-07-13 01:25 - 2010-07-13 01:25 - 00028160 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\ticket.dll
2010-07-13 01:25 - 2010-07-13 01:25 - 00011776 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
2010-04-02 20:44 - 2010-04-02 20:44 - 00086016 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\ebookUsb.dll
2010-07-13 01:29 - 2010-07-13 01:29 - 00143360 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\connectionDetector.dll
2010-07-13 01:10 - 2010-07-13 01:10 - 00172032 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\USBDetector.dll
2013-10-24 22:02 - 2008-05-30 02:04 - 00676520 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
2013-10-24 22:02 - 2008-05-30 01:43 - 00380928 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduscw.dll
2013-10-24 22:04 - 2008-05-24 01:02 - 00188416 _____ () C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdudatr.dll
2013-10-24 22:02 - 2008-05-30 01:43 - 01036288 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduDRS.dll
2013-10-24 22:02 - 2008-05-30 01:43 - 00081920 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxducaps.dll
2013-10-24 22:02 - 2008-05-30 01:31 - 00069632 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxducnv4.dll
2013-10-24 22:02 - 2008-05-30 02:04 - 00025256 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
2013-10-24 22:02 - 2008-05-19 14:58 - 00028672 _____ () C:\Program Files\Lexmark 5600-6600 Series\App4R.Monitor.Common.dll
2013-10-24 22:02 - 2008-05-19 14:58 - 00036864 _____ () C:\Program Files\Lexmark 5600-6600 Series\App4R.Monitor.Core.dll
2013-10-24 22:02 - 2008-05-19 14:57 - 00065536 _____ () C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll
2013-10-24 22:02 - 2008-03-25 17:53 - 00012288 _____ () C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2013-10-24 22:03 - 2008-05-10 02:42 - 01036288 _____ () C:\WINDOWS\system32\lxdudrs.dll
2013-10-24 22:03 - 2008-05-10 02:42 - 00081920 _____ () C:\WINDOWS\system32\lxducaps.dll
2013-10-24 22:03 - 2008-05-10 02:29 - 00069632 _____ () C:\WINDOWS\system32\lxducnv4.dll
2013-10-24 22:04 - 2008-05-24 01:14 - 00811008 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduptpc.dll
2013-10-24 22:04 - 2008-05-24 01:17 - 00149504 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdudrui.dll
2015-07-11 04:28 - 2015-07-11 04:28 - 00043008 _____ () c:\Documents and Settings\Administrator\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf_6cb9.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00750080 _____ () C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\libGLESv2.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00047616 _____ () C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\libEGL.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00865280 _____ () C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00200704 _____ () C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-05-20 15:08 - 2015-05-20 15:09 - 03350640 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2015-05-20 15:08 - 2015-05-20 15:09 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-05-20 15:08 - 2015-05-20 15:09 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:798A3728
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BC359956

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbaphd => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbapifs => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbapifsl => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbhips => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbaphd => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbapifs => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbapifsl => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbhips => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7593 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1214440339-1364589140-839522115-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
DomainProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\rapimgr.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
DomainProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\wcescomm.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
DomainProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
StandardProfile\AuthorizedApplications: [C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe] => Enabled:Lexmark Device Monitor
StandardProfile\AuthorizedApplications: [C:\Program Files\Lexmark 5600-6600 Series\frun.exe] => Enabled:Lexmark Productivity Studio
StandardProfile\AuthorizedApplications: [C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe] => Enabled:ABBYY FineReader
StandardProfile\AuthorizedApplications: [C:\Program Files\Lexmark 5600-6600 Series\lxdufax.exe] => Enabled:Fax software
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\client\googleearth.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre6\bin\java.exe] => Enabled:Java Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 2 for dmt_redux.zip\DMT.exe] => Enabled:DMTv7 ADSLv1/2/2plus Annex A/B/M
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Desktop\UpgradeWizard\Win2KXPVista\STSetup.exe] => Enabled:SpeedTouch Setup Wizard
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\rapimgr.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\wcescomm.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
StandardProfile\AuthorizedApplications: [C:\ATSCallingCard\CallingCard.exe] => Enabled:LogMeIn Rescue Calling Card
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Disabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe] => Enabled:LogMeIn Rescue
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0002.tmp\lmi_rescue.exe] => Enabled:LogMeIn Rescue
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0003.tmp\lmi_rescue.exe] => Enabled:LogMeIn Rescue
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\lxducoms.exe] => Enabled:5600-6600 Series Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe] => Enabled:FreeFileViewerUpdateChecker
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP Deskjet 3050A J611 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe] => :LocalSubNet:Enabled:HP Network Communicator (HP Deskjet 3050A J611 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP Deskjet 3050A J611 series)
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe] => Enabled:McAfee Shared Service Host
DomainProfile\GloballyOpenPorts: [26675:TCP] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
StandardProfile\GloballyOpenPorts: [1542:TCP] => Enabled:Realtek WPS TCP Prot
StandardProfile\GloballyOpenPorts: [1542:UDP] => Enabled:Realtek WPS UDP Prot
StandardProfile\GloballyOpenPorts: [53:UDP] => Enabled:Realtek AP UDP Prot
StandardProfile\GloballyOpenPorts: [26675:TCP] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2015 11:08:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application thunderbird.exe, version 31.7.0.5605, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/10/2015 10:35:19 AM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket -413036403.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (07/10/2015 10:35:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application McSvHost.exe, version 3.8.703.0, faulting module unknown, version 0.0.0.0, fault address 0x00640068.
Processing media-specific event for [McSvHost.exe!ws!]

Error: (07/10/2015 10:34:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 39.0.0.5659, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/10/2015 09:55:07 AM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 734562961.

Error: (07/10/2015 09:54:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/10/2015 09:52:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application thunderbird.exe, version 31.7.0.5605, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/10/2015 09:44:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application thunderbird.exe, version 31.7.0.5605, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/10/2015 09:20:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mcagent.exe, version 12.8.957.0, faulting module mcagent.exe, version 12.8.957.0, fault address 0x0000edec.
Processing media-specific event for [mcagent.exe!ws!]

Error: (07/09/2015 11:31:07 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket -413036403.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

System errors:
=============
Error: (04/04/2015 12:47:41 PM) (Source: Print) (EventID: 6161) (User: DEVALETTE)
Description: The document C:\Documents and Settings\Administrator\My Documents\User\LFA Projects\Broadley\Broadley Studios 11.dwg Model (1) owned by Administrator failed to print on printer Lexmark 5600-6600 Series (USB). Data type: LEMF. Size of the spool file in bytes: 106660. Number of bytes printed: 106660. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\DEVALETTE. Win32 error code returned by the print processor: C:\Documents and Settings\Administrator\My Documents\User\LFA Projects\Broadley\Broadley Studios 11.dwg Model (1)0. C:\Documents and Settings\Administrator\My Documents\User\LFA Projects\Broadley\Broadley Studios 11.dwg Model (1)1

Error: (04/02/2015 12:49:56 AM) (Source: Print) (EventID: 6161) (User: DEVALETTE)
Description: The document C:\Documents and Settings\Administrator\My Documents\User\LFA Projects\Creation Company\Blake Mews Revamp\CCR4.dwg Model (1) owned by Administrator failed to print on printer Lexmark 5600-6600 Series (USB). Data type: LEMF. Size of the spool file in bytes: 165196. Number of bytes printed: 165196. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\DEVALETTE. Win32 error code returned by the print processor: C:\Documents and Settings\Administrator\My Documents\User\LFA Projects\Creation Company\Blake Mews Revamp\CCR4.dwg Model (1)0. C:\Documents and Settings\Administrator\My Documents\User\LFA Projects\Creation Company\Blake Mews Revamp\CCR4.dwg Model (1)1

Error: (04/01/2015 06:24:24 PM) (Source: Print) (EventID: 6161) (User: DEVALETTE)
Description: The document C:\Documents and Settings\Administrator\My Documents\Drawing1.dwg Model (1) owned by Administrator failed to print on printer Lexmark 5600-6600 Series (USB). Data type: LEMF. Size of the spool file in bytes: 2756. Number of bytes printed: 2756. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\DEVALETTE. Win32 error code returned by the print processor: C:\Documents and Settings\Administrator\My Documents\Drawing1.dwg Model (1)0. C:\Documents and Settings\Administrator\My Documents\Drawing1.dwg Model (1)1

Error: (04/01/2015 06:16:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (04/01/2015 06:16:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (04/01/2015 06:16:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (04/01/2015 06:16:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (04/01/2015 06:16:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ParetoLogic Internet Security service failed to start due to the following error:
%%3

Error: (04/01/2015 06:16:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxduCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (04/01/2015 06:16:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the lxduCATSCustConnectService service to connect.

Microsoft Office:
=========================
Error: (07/10/2015 11:08:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: thunderbird.exe31.7.0.5605hungapp0.0.0.000000000

Error: (07/10/2015 10:35:19 AM) (Source: Application Error) (EventID: 1001) (User: )
Description: -413036403

Error: (07/10/2015 10:35:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.0unknown0.0.0.000640068

Error: (07/10/2015 10:34:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe39.0.0.5659hungapp0.0.0.000000000

Error: (07/10/2015 09:55:07 AM) (Source: Application Hang) (EventID: 1001) (User: )
Description: 734562961

Error: (07/10/2015 09:54:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (07/10/2015 09:52:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: thunderbird.exe31.7.0.5605hungapp0.0.0.000000000

Error: (07/10/2015 09:44:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: thunderbird.exe31.7.0.5605hungapp0.0.0.000000000

Error: (07/10/2015 09:20:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mcagent.exe12.8.957.0mcagent.exe12.8.957.00000edec

Error: (07/09/2015 11:31:07 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: -413036403

==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 79%
Total physical RAM: 1022.07 MB
Available physical RAM: 206.6 MB
Total Virtual: 5019.91 MB
Available Virtual: 4032.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:246.04 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 55157E4E)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of log ============================

Psychotic · July 13, 2015

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either PC Cleaner Pro, avast! or ParetoLogic.

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

Search App by Ask
Websteroids
Free File Viewer 2014
FindRight
File Type Assistant
CutePDF Writer Free Download Packages

Close the window.

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Download the attached fixlist.txt and save it to the location where FRST is saved to.
Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

Full System Scan with Malwarebytes Antimalware

If not existing, please download Malwarebytes Anti-Malware to your desktop.
Double-click the downloaded setup file and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Launch Malwarebytes Anti-Malware
- A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.

If the program is already installed:

Run Malwarebytes Antimalware
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

fixlist.txt

Aristarcus · July 13, 2015

Before I proceed.

Pro Cleaner Pro and Pareto logic progs removed some months ago.(cant find in Add/Remove folder)

Avast removed two days ago (computer v slow).

Presently running Spy Bot.

Search App by Ask- removed some time ago (cant find in Add/Remove folder)
Websteroids- never installed (cant find in Add/Remove folder)
Free File Viewer 2014 -removed
FindRight -removed
File Type Assistant -removed
CutePDF Writer Free Download Packages -removed.

Should I continue to look for these missing progs.?

Psychotic · July 13, 2015

No, please proceed with my instructions.

Aristarcus · July 13, 2015

Fixlog herewith

Fix result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by Administrator at 2015-07-13 17:47:28 Run:2
Running from C:\Documents and Settings\Administrator\Desktop\FRST Folder
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:798A3728
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BC359956
FF Extension: FindRight - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-21]
FF Extension: FindRight - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-21]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\ask-search.xml [2015-02-17]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\trovi-search.xml [2014-06-09]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\searchplugins\trovi-search.xml [2014-06-09]
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M95522E8F-2408-494B-BB97-632AC5E227D5&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP046D9554-79E9-450D-B6B2-A664F143E365
FF SelectedSearchEngine: Trovi search
BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...&cr=5260213&ir=
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=19/09/2013
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=19/09/2013
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File not found
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949592 2015-02-14] (APN)

S4 Websteroids; C:\Documents and Settings\All Users\Application Data\Websteroids\Websteroids.exe [150392 2014-02-11] (Creative Island Media, LLC)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-31] (APN LLC.)

C:\PROGRA~1\SearchProtect
C:\Program Files\FreeFileViewer
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Documents and Settings\All Users\Application Data\Websteroids
C:\Program Files\AskPartnerNetwork

EmptyTemp:

*****************

C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":373E1720" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":798A3728" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":BC359956" ADS not found.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi => not found.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi => not found.
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\ask-search.xml" => not found.
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\trovi-search.xml" => not found.
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\searchplugins\trovi-search.xml" => not found.
Firefox newtab removed successfully.
Firefox SelectedSearchEngine removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => key not found.
HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{429559AC-1128-D420-90E1-0E1894E36CB8} => key not found.
HKCR\CLSID\{429559AC-1128-D420-90E1-0E1894E36CB8} => key not found.
HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value not found.
HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value not found.
HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Search Page => value not found.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => value not found.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Search Page => value not found.
"C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => value data not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => value removed successfully.
Websteroids => Service not found.
APNMCP => Service not found.
"C:\PROGRA~1\SearchProtect" => File/Folder not found.
"C:\Program Files\FreeFileViewer" => File/Folder not found.
"C:\Windows\Tasks\At1.job" => File/Folder not found.
"C:\Windows\Tasks\At2.job" => File/Folder not found.
"C:\Windows\Tasks\At3.job" => File/Folder not found.
"C:\Windows\Tasks\At4.job" => File/Folder not found.
"C:\Documents and Settings\All Users\Application Data\Websteroids" => File/Folder not found.
"C:\Program Files\AskPartnerNetwork" => File/Folder not found.
EmptyTemp: => 569.9 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 17:48:55 ====

Aristarcus · July 13, 2015

MBAM application log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 13/07/2015
Scan Time: 20:34:29
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.13.04
Rootkit Database: v2015.07.10.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332763
Time Elapsed: 24 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 19
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [4ff96e7369219d992da891f528daef11],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [c781825fb5d5979f5c574d39bb47e21e],
PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\AskPartnerNetwork, Quarantined, [52f6b72a17730d292fcbda2715eede22],
PUP.Optional.FindRight.A, HKLM\SOFTWARE\FindRight, Quarantined, [034560814f3bd5612d111b2b93707888],
PUP.Optional.SupraSavings, HKLM\SOFTWARE\suprasavings, Quarantined, [4efa78693e4c78bec74bd75406fd0bf5],
PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [e46417ca0b7f0333be61f39e24e00ff1],
PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}, Quarantined, [72d6fce5a9e183b31907a3ee887ce11f],
PUP.Optional.BrowserSafeguard.A, HKLM\SOFTWARE\MICROSOFT\ESENT\PROCESS\BrowserSafeguard, Quarantined, [97b120c1aedc5fd74612e79335cf6898],
PUP.Optional.SmartBar.A, HKLM\SOFTWARE\MICROSOFT\ESENT\PROCESS\Smartbar, Quarantined, [163238a9fe8c51e50940f38c6d978e72],
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5350-4500-76A7-A758B70C1902}, Quarantined, [22263ea394f684b24f69eb15dd269769],
PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CLTMNGSVC, Quarantined, [b69221c03852221433e3671126deb24e],
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, Quarantined, [a0a8c8190a80f04609f07889af548977],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [430550917f0b5dd9e13dc7cae61e8080],
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\AskPartnerNetwork, Quarantined, [1e2a05dce3a78bab54a5f011f40ff30d],
PUP.Optional.DynConIE.A, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\DynConIE, Quarantined, [50f85e83c9c1290ddb2bfd4c60a305fb],
PUP.Optional.FindRight.A, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\FindRight, Quarantined, [a1a76c755b2fce6854eb67dfd132b14f],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [ef597c65d9b140f6001e2d640cf8728e],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, Quarantined, [ba8e6c758bff16201bf3003f29da56aa],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\CONDUIT\DistributionEngine, Quarantined, [79cf578a8505bb7b35188c033aca0ff1],

Registry Values: 1
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5350-4500-76A7-A758B70C1902}|InstallSource, C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\ORJ-SPE\, Quarantined, [22263ea394f684b24f69eb15dd269769]

Registry Data: 0
(No malicious items detected)

Folders: 14
PUP.Optional.Websteroids.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Websteroids, Quarantined, [6bdd5b86cfbbfd39f0a2d7fdfc06a45c],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\APN\APN-Stub, Quarantined, [e266924f12787eb835be946a5da58f71],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork, Quarantined, [00486f72b6d455e1ec09817de81a49b7],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar, Quarantined, [00486f72b6d455e1ec09817de81a49b7],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater, Quarantined, [00486f72b6d455e1ec09817de81a49b7],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC, Quarantined, [00486f72b6d455e1ec09817de81a49b7],
PUP.Optional.BundleInstaller.A, C:\Documents and Settings\Administrator\Application Data\1O1L1I1PtF1F1C1N, Quarantined, [d96f38a93e4c1125398235ca9a68dc24],
PUP.Optional.BundleInstaller.A, C:\Documents and Settings\Administrator\Application Data\1O1L1I1PtF1F1C1N\CutePDF Writer Free Download Packages, Quarantined, [d96f38a93e4c1125398235ca9a68dc24],

Files: 18
PUP.Optional.InstallIQ.A, C:\Documents and Settings\Administrator\My Documents\Downloads\FreeFileViewer2011Setup.exe, Quarantined, [d474ad349feb6acc30a12bc44eb29c64],
PUP.Optional.Bitberry, C:\Documents and Settings\Administrator\My Documents\Downloads\FreeFileViewerSetup.exe, Quarantined, [6bddbd246c1e8da95738b85af40d7d83],
PUP.Optional.ClientConnect, C:\Documents and Settings\Administrator\My Documents\Downloads\Winzip_TSV46NIU2.exe, Quarantined, [291f2db48505ee4897a2330c39c8f40c],
PUP.Optional.OptimumInstaller.A, C:\Documents and Settings\Administrator\My Documents\Downloads\Player-Firefox(1).exe, Quarantined, [78d0aa37b4d6f83e10adfc156f92a55b],
PUP.Optional.OptimumInstaller.A, C:\Documents and Settings\Administrator\My Documents\Downloads\Player-Firefox.exe, Quarantined, [291fda07a3e793a39a23da3743be59a7],
Adware.SaMon, C:\WINDOWS\system32\Websteroids.B324755F3F87.dll, Quarantined, [014706db4e3c6fc73e80b26924dd649c],
PUP.Optional.Websteroids.A, C:\WINDOWS\system32\Websteroids.B324755F3F87.dll, Quarantined, [78d0d809f89238fe0e512b14907343bd],
PUP.Optional.FindRight.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2kd98lai.default\extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi, Quarantined, [5debc51cfd8d4ee863246ed37192e41c],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.15.1.0-4.xml, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.16.2.0-4.xml, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response\Response.31.16.2.0-21.xml, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response\Response.31.16.2.0-22.xml, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe, Quarantined, [00486f72b6d455e1ec09817de81a49b7],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll, Quarantined, [00486f72b6d455e1ec09817de81a49b7],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, Quarantined, [00486f72b6d455e1ec09817de81a49b7],
PUP.Optional.Trovi, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\prefs.js, Good: (), Bad: (user_pref("browser.search.selectedEngine", "Trovi search"), Replaced,[351318c92862ca6cfed4c99d38cd837d]
PUP.Optional.Trovi.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M95522E8F-2408-494B-BB97-632AC5E227D5&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP046D9554-79E9-450D-B6B2-A664F143E365"),Replaced,[2721f3ee8ffb52e459ba521502030df3]
PUP.Optional.ASK.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.search.ask.com/?tpid=ORJ-SPE&o=APN11409&pf=V7&trgb=FF&p2=Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EBBHReplaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EOSJ000Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EYYReplaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EGB&gct=hp&apn_ptnrs=BBH&apn_dtid=Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EOSJ000Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EYYReplaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EGB&apn_dbr=ff_35.0.1.5500&apn_uid=19658256-118A-4B3A-8199-0390117C06D6&itbv=12.24.1.51&doi=2015-02-17&psv=&pt=tb"),Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84]

Physical Sectors: 0
(No malicious items detected)

(end)Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 13/07/2015
Scan Time: 20:34:29
Logfile: scanlog.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.13.04
Rootkit Database: v2015.07.10.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332763
Time Elapsed: 24 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 19
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [4ff96e7369219d992da891f528daef11],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [c781825fb5d5979f5c574d39bb47e21e],
PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\AskPartnerNetwork, Quarantined, [52f6b72a17730d292fcbda2715eede22],
PUP.Optional.FindRight.A, HKLM\SOFTWARE\FindRight, Quarantined, [034560814f3bd5612d111b2b93707888],
PUP.Optional.SupraSavings, HKLM\SOFTWARE\suprasavings, Quarantined, [4efa78693e4c78bec74bd75406fd0bf5],
PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [e46417ca0b7f0333be61f39e24e00ff1],
PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}, Quarantined, [72d6fce5a9e183b31907a3ee887ce11f],
PUP.Optional.BrowserSafeguard.A, HKLM\SOFTWARE\MICROSOFT\ESENT\PROCESS\BrowserSafeguard, Quarantined, [97b120c1aedc5fd74612e79335cf6898],
PUP.Optional.SmartBar.A, HKLM\SOFTWARE\MICROSOFT\ESENT\PROCESS\Smartbar, Quarantined, [163238a9fe8c51e50940f38c6d978e72],
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5350-4500-76A7-A758B70C1902}, Quarantined, [22263ea394f684b24f69eb15dd269769],
PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CLTMNGSVC, Quarantined, [b69221c03852221433e3671126deb24e],
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, Quarantined, [a0a8c8190a80f04609f07889af548977],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [430550917f0b5dd9e13dc7cae61e8080],
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\AskPartnerNetwork, Quarantined, [1e2a05dce3a78bab54a5f011f40ff30d],
PUP.Optional.DynConIE.A, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\DynConIE, Quarantined, [50f85e83c9c1290ddb2bfd4c60a305fb],
PUP.Optional.FindRight.A, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\FindRight, Quarantined, [a1a76c755b2fce6854eb67dfd132b14f],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [ef597c65d9b140f6001e2d640cf8728e],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, Quarantined, [ba8e6c758bff16201bf3003f29da56aa],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\CONDUIT\DistributionEngine, Quarantined, [79cf578a8505bb7b35188c033aca0ff1],

Registry Values: 1
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5350-4500-76A7-A758B70C1902}|InstallSource, C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\ORJ-SPE\, Quarantined, [22263ea394f684b24f69eb15dd269769]

Registry Data: 0
(No malicious items detected)

Folders: 14
PUP.Optional.Websteroids.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Websteroids, Quarantined, [6bdd5b86cfbbfd39f0a2d7fdfc06a45c],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\APN\APN-Stub, Quarantined, [e266924f12787eb835be946a5da58f71],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork, Quarantined, [00486f72b6d455e1ec09817de81a49b7],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar, Quarantined, [00486f72b6d455e1ec09817de81a49b7],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater, Quarantined, [00486f72b6d455e1ec09817de81a49b7],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC, Quarantined, [00486f72b6d455e1ec09817de81a49b7],
PUP.Optional.BundleInstaller.A, C:\Documents and Settings\Administrator\Application Data\1O1L1I1PtF1F1C1N, Quarantined, [d96f38a93e4c1125398235ca9a68dc24],
PUP.Optional.BundleInstaller.A, C:\Documents and Settings\Administrator\Application Data\1O1L1I1PtF1F1C1N\CutePDF Writer Free Download Packages, Quarantined, [d96f38a93e4c1125398235ca9a68dc24],

Files: 18
PUP.Optional.InstallIQ.A, C:\Documents and Settings\Administrator\My Documents\Downloads\FreeFileViewer2011Setup.exe, Quarantined, [d474ad349feb6acc30a12bc44eb29c64],
PUP.Optional.Bitberry, C:\Documents and Settings\Administrator\My Documents\Downloads\FreeFileViewerSetup.exe, Quarantined, [6bddbd246c1e8da95738b85af40d7d83],
PUP.Optional.ClientConnect, C:\Documents and Settings\Administrator\My Documents\Downloads\Winzip_TSV46NIU2.exe, Quarantined, [291f2db48505ee4897a2330c39c8f40c],
PUP.Optional.OptimumInstaller.A, C:\Documents and Settings\Administrator\My Documents\Downloads\Player-Firefox(1).exe, Quarantined, [78d0aa37b4d6f83e10adfc156f92a55b],
PUP.Optional.OptimumInstaller.A, C:\Documents and Settings\Administrator\My Documents\Downloads\Player-Firefox.exe, Quarantined, [291fda07a3e793a39a23da3743be59a7],
Adware.SaMon, C:\WINDOWS\system32\Websteroids.B324755F3F87.dll, Quarantined, [014706db4e3c6fc73e80b26924dd649c],
PUP.Optional.Websteroids.A, C:\WINDOWS\system32\Websteroids.B324755F3F87.dll, Quarantined, [78d0d809f89238fe0e512b14907343bd],
PUP.Optional.FindRight.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2kd98lai.default\extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi, Quarantined, [5debc51cfd8d4ee863246ed37192e41c],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.15.1.0-4.xml, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.16.2.0-4.xml, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response\Response.31.16.2.0-21.xml, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response\Response.31.16.2.0-22.xml, Quarantined, [0b3da33e3e4ca98dcb2926d839c9de22],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe, Quarantined, [00486f72b6d455e1ec09817de81a49b7],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll, Quarantined, [00486f72b6d455e1ec09817de81a49b7],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, Quarantined, [00486f72b6d455e1ec09817de81a49b7],
PUP.Optional.Trovi, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\prefs.js, Good: (), Bad: (user_pref("browser.search.selectedEngine", "Trovi search"), Replaced,[351318c92862ca6cfed4c99d38cd837d]
PUP.Optional.Trovi.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M95522E8F-2408-494B-BB97-632AC5E227D5&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP046D9554-79E9-450D-B6B2-A664F143E365"),Replaced,[2721f3ee8ffb52e459ba521502030df3]
PUP.Optional.ASK.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.search.ask.com/?tpid=ORJ-SPE&o=APN11409&pf=V7&trgb=FF&p2=Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EBBHReplaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EOSJ000Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EYYReplaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EGB&gct=hp&apn_ptnrs=BBH&apn_dtid=Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EOSJ000Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EYYReplaced,[ea5ea73aa7e38caad89b8ed92adb7c84]EGB&apn_dbr=ff_35.0.1.5500&apn_uid=19658256-118A-4B3A-8199-0390117C06D6&itbv=12.24.1.51&doi=2015-02-17&psv=&pt=tb"),Replaced,[ea5ea73aa7e38caad89b8ed92adb7c84]

Physical Sectors: 0
(No malicious items detected)

(end)

Aristarcus · July 13, 2015

Fixlog hetrewith

Fix result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by Administrator at 2015-07-13 17:47:28 Run:2
Running from C:\Documents and Settings\Administrator\Desktop\FRST Folder
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:798A3728
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BC359956
FF Extension: FindRight - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-21]
FF Extension: FindRight - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-21]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\ask-search.xml [2015-02-17]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\trovi-search.xml [2014-06-09]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\searchplugins\trovi-search.xml [2014-06-09]
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M95522E8F-2408-494B-BB97-632AC5E227D5&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP046D9554-79E9-450D-B6B2-A664F143E365
FF SelectedSearchEngine: Trovi search
BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKU\S-1-5-21-1214440339-1364589140-839522115-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...&cr=5260213&ir=
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=19/09/2013
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=19/09/2013
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File not found
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949592 2015-02-14] (APN)

S4 Websteroids; C:\Documents and Settings\All Users\Application Data\Websteroids\Websteroids.exe [150392 2014-02-11] (Creative Island Media, LLC)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-31] (APN LLC.)

C:\PROGRA~1\SearchProtect
C:\Program Files\FreeFileViewer
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Documents and Settings\All Users\Application Data\Websteroids
C:\Program Files\AskPartnerNetwork

EmptyTemp:

*****************

C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":373E1720" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":798A3728" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":BC359956" ADS not found.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi => not found.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi => not found.
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\ask-search.xml" => not found.
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7l146elc.default-1382530802734\searchplugins\trovi-search.xml" => not found.
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0ovjqe9.default-1382548411328\searchplugins\trovi-search.xml" => not found.
Firefox newtab removed successfully.
Firefox SelectedSearchEngine removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => key not found.
HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{429559AC-1128-D420-90E1-0E1894E36CB8} => key not found.
HKCR\CLSID\{429559AC-1128-D420-90E1-0E1894E36CB8} => key not found.
HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value not found.
HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value not found.
HKU\S-1-5-21-1214440339-1364589140-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Search Page => value not found.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => value not found.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Search Page => value not found.
"C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => value data not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => value removed successfully.
Websteroids => Service not found.
APNMCP => Service not found.
"C:\PROGRA~1\SearchProtect" => File/Folder not found.
"C:\Program Files\FreeFileViewer" => File/Folder not found.
"C:\Windows\Tasks\At1.job" => File/Folder not found.
"C:\Windows\Tasks\At2.job" => File/Folder not found.
"C:\Windows\Tasks\At3.job" => File/Folder not found.
"C:\Windows\Tasks\At4.job" => File/Folder not found.
"C:\Documents and Settings\All Users\Application Data\Websteroids" => File/Folder not found.
"C:\Program Files\AskPartnerNetwork" => File/Folder not found.
EmptyTemp: => 569.9 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 17:48:55 ====

Psychotic · July 14, 2015

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Aristarcus · July 14, 2015

Txt file herewith

C:\AdwCleaner\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\MixiDJ_V30\hk64tbMixi.dll.vir   Win64/Toolbar.Conduit.B potentially unwanted application   cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\MixiDJ_V30\hktbMixi.dll.vir   Win32/Toolbar.Conduit.X potentially unwanted application   cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\MixiDJ_V30\ldrtbMixi.dll.vir   a variant of Win32/Toolbar.Conduit.P potentially unwanted application   cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\MixiDJ_V30\tbMixi.dll.vir   a variant of Win32/Toolbar.Conduit.X potentially unwanted application   cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\MixiDJ_V30\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir   a variant of Win32/PriceGong.A potentially unwanted application   cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\File Type Assistant\ftacfg.exe.vir   Win32/FileTypeAssistant.A potentially unwanted application   cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\File Type Assistant\TSASetup.exe.vir   a variant of Win32/FileTypeAssistant.A potentially unwanted application   deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\File Type Assistant\tsassist.exe.vir   a variant of Win32/FileTypeAssistant.A potentially unwanted application   cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\MixiDJ_V30\hk64tbMixi.dll.vir   Win64/Toolbar.Conduit.B potentially unwanted application   cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\MixiDJ_V30\hktbMixi.dll.vir   Win32/Toolbar.Conduit.X potentially unwanted application   cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\MixiDJ_V30\ldrtbMixi.dll.vir   a variant of Win32/Toolbar.Conduit.P potentially unwanted application   cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\MixiDJ_V30\MixiDJ_V30ToolbarHelper.exe.vir   Win32/Toolbar.Conduit.V potentially unwanted application   cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\MixiDJ_V30\prxtbMixi.dll.vir   Win32/Toolbar.Conduit.X potentially unwanted application   cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\MixiDJ_V30\tbMixi.dll.vir   a variant of Win32/Toolbar.Conduit.X potentially unwanted application   cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Mozilla Firefox\nsprotector.js.vir   Win32/Conduit.SearchProtect.A potentially unwanted application   cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\TempDIR\PIP2691_NDV2_.exe   a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application   cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\CutePDFWriterSetup.exe   a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application   deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\CuteWriter(1).exe   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\CuteWriter(2).exe   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\CuteWriter.exe   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\dfsetup219.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\DriverGuide_Driver_Download_1249336.exe   a variant of Win32/InstallCore.CH potentially unwanted application   cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\FreeFileViewerSetup [1].exe   a variant of Win32/FileTypeAssistant.A potentially unwanted application   deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\grsetup(1).exe   a variant of Win32/Toolbar.Conduit.H potentially unwanted application   deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\grsetup.exe   a variant of Win32/Toolbar.Conduit.H potentially unwanted application   deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\PandaCloudAntivirus_v2.1.exe   a variant of Win32/DownloadSponsor.C potentially unwanted application   cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\Samsung_SM-352F_Driver_Update_10-2013.exe   a variant of Win32/Systweak.R potentially unwanted application   deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\tb_free.exe   a variant of Win32/TFTPD32.A potentially unsafe application   deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\winzip160.exe   Win32/Toolbar.Conduit potentially unwanted application   deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\CuteWriter\CuteWriter.exe   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\Winzip_TSV46NIU2\b84a291d6f2dd32622e3a7e1bb64aa0b_WinZip180.exe   a variant of Win32/OpenInstall potentially unwanted application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Documents and Settings\All Users\Application Data\Websteroids\Websteroids.exe   a variant of MSIL/Adware.PullUpdate.B application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Documents and Settings\All Users\Application Data\Websteroids\WebsteroidsService.exe   a variant of MSIL/Adware.PullUpdate.A application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe   a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\UpdateManager.exe   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\SO.dll   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\VNT\vntldr.exe   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll   a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application   cleaned by deleting - quarantined

Psychotic · July 15, 2015

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

Run adwcleaner.exe
Hit Scan and wait for the scan to finish.
Confirm the message but don´t uncheck anything.
Hit Clean
When the run is finished, it will open up a text file
Please post its contents within your next reply
You´ll find the log file at C:\AdwCleaner[s1].txt also

Delete junk with JRT

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

Save it to your desktop, start it and follow the instructions in the window.
After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Psychotic · July 15, 2015

------------------

Aristarcus · July 15, 2015

AdwCleaner file herewith

# AdwCleaner v4.208 - Logfile created 15/07/2015 at 18:53:41
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Administrator - DEVALETTE
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users\Application Data\FileCure
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Avg_Update_0814tb
Folder Deleted : C:\Program Files\AVG Security Toolbar
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js

***** [ Scheduled tasks ] *****

Task Deleted : ProgramRefresh-ATFST
Task Deleted : ProgramUpdateCheck

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Key Deleted : HKCU\Software\Bitberry Software
Key Deleted : HKCU\Software\Bitberry
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FileTypeAssistant
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Condut
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKU\.DEFAULT\Software\Winamp Toolbar
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4F524A2D-5350-4500-76A7-A758B70C1902}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v39.0 (x86 en-US)

[z0ovjqe9.default-1382548411328\prefs.js] - Line Deleted : user_pref("extensions.ORJ-SPE.domain", "\"www.search.ask.com\"");
[z0ovjqe9.default-1382548411328\prefs.js] - Line Deleted : user_pref("extensions.ORJ-SPE.hpr_ff", "\"hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11409&pf=V7&trgb=FF&p2=%5EBBH%5EOSJ000%5EYY%5EGB&gct=hp&apn_ptnrs=BBH&apn_dtid=%5EOSJ000%5EYY%5EGB&apn_dbr=ff_35.[...]
[z0ovjqe9.default-1382548411328\prefs.js] - Line Deleted : user_pref("extensions.ORJ-SPE.newTabSearchURL", "\"hxxp://www.search.ask.com/web?o=APN11409&p2=%5EBBH%5EOSJ000%5EYY%5EGB&tpid=ORJ-SPE&gct=tab&apn_uid=19658256-118A-4B3A-8199-0390117C06D6&apn_ptnrs=BBH[...]
[z0ovjqe9.default-1382548411328\prefs.js] - Line Deleted : user_pref("extensions.ORJ-SPE.searchURL", "\"hxxp://www.search.ask.com/web?o=APN11409&p2=%5EBBH%5EOSJ000%5EYY%5EGB&tpid=ORJ-SPE&gct=tab&apn_uid=19658256-118A-4B3A-8199-0390117C06D6&apn_ptnrs=BBH&apn_d[...]
[z0ovjqe9.default-1382548411328\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.aflt", "irmsd103");
[z0ovjqe9.default-1382548411328\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtD0FtC0F0D0DzzyCyE0AyBtD0F0AtN0D0Tzu0CyCyCzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");
[z0ovjqe9.default-1382548411328\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.cr", "5260213");
[z0ovjqe9.default-1382548411328\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.instlRef", "");

-\\ Google Chrome v

[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://blekko.com/?source=c3348dd4&tbp=rbox&q={searchTerms}
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtD0FtC0F0D0DzzyCyE0AyBtD0F0AtN0D0Tzu0CyCyCzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=5260213&ir=

*************************

AdwCleaner[R0].txt - [19716 bytes] - [07/03/2014 01:22:17]
AdwCleaner[R1].txt - [5457 bytes] - [15/07/2015 18:50:09]
AdwCleaner[s0].txt - [18312 bytes] - [07/03/2014 01:24:52]
AdwCleaner[s1].txt - [5538 bytes] - [15/07/2015 18:53:41]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [5597 bytes] ##########

Aristarcus · July 15, 2015

JRT file...

Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.9 (07.14.2015:2)
OS: Microsoft Windows XP x86
Ran by Administrator on 15/07/2015 at 19:05:04.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81FA428925F22ACB3A965
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09F45BAFAAE1D7546ED4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050B2E46B9C4B67A8F59577
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606D43BB064BD63CBD87E
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28C944FBC7579CF4949414
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3DC1468548785DC856EDA
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8D249B526503432F99D4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4BA46856BF57969F6A36
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56C49B56F6B83E293C15
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927C4E9B7BC1D3FD1E49F
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327DC64C9A8B641A9E89646
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{429559AC-1128-D420-90E1-0E1894E36CB8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update FindRight
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util FindRight

~~~ Files

Successfully deleted: [File] C:\Documents and Settings\All Users\SPL103.tmp
Successfully deleted: [File] C:\Documents and Settings\All Users\SPL2.tmp
Successfully deleted: [File] C:\Documents and Settings\All Users\SPL24.tmp
Successfully deleted: [File] C:\Documents and Settings\All Users\SPL609.tmp
Successfully deleted: [File] C:\Documents and Settings\All Users\SPL9C.tmp

~~~ Folders

Successfully deleted: [Folder] C:\Program Files\003
Successfully deleted: [Folder] C:\Program Files\regzooka

~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\7l146elc.default-1382530802734\extensions\staged
Successfully deleted the following from C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\z0ovjqe9.default-1382548411328\prefs.js

user_pref(extensions.ORJ-SPE.domain, \www.search.ask.com\);
user_pref(extensions.ORJ-SPE.hpr_ff, \hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11409&pf=V7&trgb=FF&p2=%5EBBH%5EOSJ000%5EYY%5EGB&gct=hp&apn_ptnrs=BBH&apn_dtid=%5EOSJ000
user_pref(extensions.ORJ-SPE.newTabSearchURL, \hxxp://www.search.ask.com/web?o=APN11409&p2=%5EBBH%5EOSJ000%5EYY%5EGB&tpid=ORJ-SPE&gct=tab&apn_uid=19658256-118A-4B3A-8199-0
user_pref(extensions.ORJ-SPE.searchURL, \hxxp://www.search.ask.com/web?o=APN11409&p2=%5EBBH%5EOSJ000%5EYY%5EGB&tpid=ORJ-SPE&gct=tab&apn_uid=19658256-118A-4B3A-8199-0390117
user_pref(extensions.irmysearch.instlRef, );
Emptied folder: C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\z0ovjqe9.default-1382548411328\minidumps [4 files]

~~~ Chrome

[C:\Documents and Settings\Administrator\local settings\application data\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Documents and Settings\Administrator\local settings\application data\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Documents and Settings\Administrator\local settings\application data\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Documents and Settings\Administrator\local settings\application data\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/07/2015 at 19:12:01.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Aristarcus · July 15, 2015

LINK1...

Results of screen317's Security Check version 1.005
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
PC Cleaner Pro
avast! Antivirus
ParetoLogic ParetoLogic Internet Security
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java 8 Update 31
Java version 32-bit out of Date!
Adobe Flash Player    18.0.0.209
Adobe Reader XI
Mozilla Firefox (39.0)
Mozilla Thunderbird 31.7.0 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Spybot Teatimer.exe is disabled!
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

LINK2...

Results of screen317's Security Check version 1.005
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
PC Cleaner Pro
avast! Antivirus
ParetoLogic ParetoLogic Internet Security
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java 8 Update 31
Java version 32-bit out of Date!
Adobe Flash Player    18.0.0.209
Adobe Reader XI
Mozilla Firefox (39.0)
Mozilla Thunderbird 31.7.0 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Spybot Teatimer.exe is disabled!
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Psychotic · July 16, 2015

Are any problems left or may I post the final reply?

Aristarcus · July 16, 2015

Hi Marius

The icon is still present on desktop.

Is there a risk if i reinstall Cute PDF writer?

thanks

Les

Psychotic · July 16, 2015

Is this a movable icon or has your desktop background been changed?

Ultraman Icon

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information