Jump to content

Need help removing PUM.Optional.ProxyHijacker


Recommended Posts

  • Root Admin

Hello @TroubleWithOlaf sorry for the delay.

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

 

 

adwcleaner_new.png Fix with AdwCleaner

 

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

Hi Ron,

Thanks for posting this. I have run the tests you recommended and am listing the results below. Please let me know what else you'd like me to do.

Thanks!

 

JUNKWARE REMOVAL JRT.TXT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Microsoft Windows XP x86
Ran by Administrator (Administrator) on Fri 06/02/2017 at 11:43:34.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 10

Successfully deleted: C:\Documents and Settings\All Users\Start Menu\Programs\coupons (Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\45IFKH6R (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8LAJW1QB (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8TYRK9IB (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XINWTEV (Temporary Internet Files Folder)
Successfully deleted: C:\Program Files\coupons (Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\45IFKH6R (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8LAJW1QB (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8TYRK9IB (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8XINWTEV (Temporary Internet Files Folder)

 

Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/02/2017 at 11:44:23.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


ADWCLEANER AdwCleaner[S0].txt

# AdwCleaner v6.047 - Logfile created 02/06/2017 at 11:49:25
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Administrator - OLAF
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
Key Found:  HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Value Found:  HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1746 Bytes] - [02/06/2017 11:49:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1819 Bytes] ##########

 

ADWCLEANER AdwCleaner[C0].txt

# AdwCleaner v6.047 - Logfile created 02/06/2017 at 11:52:37
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Administrator - OLAF
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

***** [ Folders ] *****

 

***** [ Files ] *****

 

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
[-] Key deleted: HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]


***** [ Web browsers ] *****

 

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1584 Bytes] - [02/06/2017 11:52:37]
C:\AdwCleaner\AdwCleaner[S0].txt - [1898 Bytes] - [02/06/2017 11:49:25]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1730 Bytes] ##########

 

SOPHOS

Found no threats (no report generated)

 

FARBAR FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2017
Ran by Administrator (administrator) on OLAF (06-06-2017 09:45:24)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Steve & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\WINDOWS\system32\netdde.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Realtek) C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(HP) C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
() C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
() C:\Program Files\Microsoft Office\Office\OSA.EXE
(American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16806912 2008-08-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-08-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [8169Diag] => C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe [909312 2008-02-26] (Realtek)
HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [45056 2005-08-12] (ATI Technologies Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [AdobeCS4ServiceManager] => C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2010-02-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe_ID0ENQBO] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Share-to-Web Namespace Daemon] => c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [69632 2002-04-17] (Hewlett-Packard)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [ToolBoxFX] => C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe [49152 2006-06-15] (HP)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49152 2005-02-16] (Hewlett-Packard Co.)
HKLM\...\Run: [hpbdfawep] => C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-12-11] (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\ DisallowedCertificates: 08738A96A4853A52ACEF23F782E8E1FEA7BCED02 (U)
HKLM\ DisallowedCertificates: 09271DD621EBD3910C2EA1D059F99B8181405A17 (U)
HKLM\ DisallowedCertificates: 09FF2CC86CEEFA8A8BB3F2E3E84D6DA3FABBF63E (U)
HKLM\ DisallowedCertificates: 23EF3384E21F70F034C467D4CBA6EB61429F174E (U)
HKLM\ DisallowedCertificates: 330D8D3FD325A0E5FDDDA27013A2E75E7130165F (U)
HKLM\ DisallowedCertificates: 374D5B925B0BD83494E656EB8087127275DB83CE (U)
HKLM\ DisallowedCertificates: 3A26012171855D4020C973BEC3F4F9DA45BD2B83 (U)
HKLM\ DisallowedCertificates: 4D8547B7F864132A7F62D9B75B068521F10B68E3 (U)
HKLM\ DisallowedCertificates: 4DF13947493CFF69CDE554881C5F114E97C3D03B (U)
HKLM\ DisallowedCertificates: 4ED8AA06D1BC72CA64C47B1DFE05ACC8D51FC76F (U)
HKLM\ DisallowedCertificates: 587B59FB52D8A683CBE1CA00E6393D7BB923BC92 (U)
HKLM\ DisallowedCertificates: 5CE339465F41A1E423149F65544095404DE6EBE2 (U)
HKLM\ DisallowedCertificates: 5D5185DF1EB7DC76015422EC8138A5724BEE2886 (U)
HKLM\ DisallowedCertificates: 6690C02B922CBD3FF0D0A5994DBD336592887E3F (U)
HKLM\ DisallowedCertificates: 7613BF0BA261006CAC3ED2DDBEF343425357F18B (U)
HKLM\ DisallowedCertificates: 838FFD509DE868F481C29819992E38A4F7082873 (U)
HKLM\ DisallowedCertificates: 8977E8569D2A633AF01D0394851681CE122683A6 (U)
HKLM\ DisallowedCertificates: A1505D9843C826DD67ED4EA5209804BDBB0DF502 (U)
HKLM\ DisallowedCertificates: A221D360309B5C3C4097C44CC779ACC5A9845B66 (U)
HKLM\ DisallowedCertificates: A35A8C727E88BCCA40A3F9679CE8CA00C26789FD (U)
HKLM\ DisallowedCertificates: A7B5531DDC87129E2C3BB14767953D6745FB14A6 (U)
HKLM\ DisallowedCertificates: A81706D31E6F5C791CD9D3B1B9C63464954BA4F5 (U)
HKLM\ DisallowedCertificates: BED412B1334D7DFCEBA3015E5F9F905D571C45CF (U)
HKLM\ DisallowedCertificates: C69F28C825139E65A646C434ACA5A1D200295DB1 (U)
HKLM\ DisallowedCertificates: D0BB3E3DFBFB86C0EEE2A047E328609E6E1F185E (U)
HKLM\ DisallowedCertificates: D43153C8C25F0041287987250F1E3CABAC8C2177 (U)
HKLM\ DisallowedCertificates: D8CE8D07F9F19D2569C2FB854401BC99C1EB7C3B (U)
HKLM\ DisallowedCertificates: E38A2B7663B86796436D8DF5898D9FAA6835B238 (U)
HKLM\ DisallowedCertificates: E95DD86F32C771F0341743EBD75EC33C74A3DED9 (U)
HKLM\ DisallowedCertificates: E9809E023B4512AA4D4D53F40569C313C1D0294D (U)
HKLM\ DisallowedCertificates: F5A874F3987EB0A9961A564B669A9050F770308A (U)
HKLM\ DisallowedCertificates: F92BE5266CC05DB2DC0DC3F2DC74E02DEFD949CB (U)
HKU\S-1-5-21-3394948068-354880341-3553192288-500\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-3394948068-354880341-3553192288-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-3394948068-354880341-3553192288-500\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3394948068-354880341-3553192288-500\...\Run: [Dropbox Update] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.3.0.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2009-08-27]
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Office Startup.lnk [2009-08-27]
ShortcutTarget: Office Startup.lnk -> C:\Program Files\Microsoft Office\Office\OSA.EXE ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk [2009-08-29]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2009-07-23]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:5577
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:5577
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0D847542-2424-476D-859B-48DE5666D858}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USSMB/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USSMB/1
HKU\S-1-5-21-3394948068-354880341-3553192288-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.live.com
HKU\S-1-5-21-3394948068-354880341-3553192288-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USSMB/1
SearchScopes: HKU\S-1-5-21-3394948068-354880341-3553192288-500 -> DefaultScope {B32BDA5B-CA8A-40E3-BA77-28FDB63E4943} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3394948068-354880341-3553192288-500 -> {B32BDA5B-CA8A-40E3-BA77-28FDB63E4943} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3394948068-354880341-3553192288-500 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-27] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: bunkvxce.default-1399910637187
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bunkvxce.default-1399910637187 [2017-06-06]
FF DefaultSearchEngine: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bunkvxce.default-1399910637187 -> Google
FF DefaultSearchEngine.US: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bunkvxce.default-1399910637187 -> Google
FF Homepage: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bunkvxce.default-1399910637187 -> hxxps://my.yahoo.com/
FF Session Restore: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bunkvxce.default-1399910637187 -> is enabled.
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bunkvxce.default-1399910637187 -> type", 0
FF Extension: (Xmarks) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bunkvxce.default-1399910637187\Extensions\foxmarks@kei.com [2017-02-09]
FF Extension: (Tabs on Bottom (Australis)) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bunkvxce.default-1399910637187\Extensions\jid1-OesGFwaQGIBASw@jetpack.xpi [2017-01-30]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bunkvxce.default-1399910637187\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-08-24] (DivX,Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-05-30] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-05-30] (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-05-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-05-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-05-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-05-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-05-16] (Apple Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2010-02-05] (Adobe Systems Incorporated)
R2 APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [176193 2005-12-12] (American Power Conversion Corporation) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2005-12-11] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
S2 wfxsvc; C:\WINDOWS\system32\WFXSVC.EXE [90112 1997-03-01] (Symantec Corporation) [File not signed]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2008-04-14] (Microsoft Corporation)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [16384 2004-07-09] (Microsoft Corporation)
R3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11264 2007-12-03] (Realtek Semiconductor Corporation) [File not signed]
R2 DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
R2 DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
R2 DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
R2 DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
R2 DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
R2 DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
R2 DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
R2 DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59904 2017-05-04] ()
R3 HPFXBULK; C:\WINDOWS\System32\drivers\hpfxbulk.sys [9344 2006-04-04] (Hewlett Packard)
R2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8960 2007-11-20] (Realtek Semiconductor Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [148256 2017-06-02] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [39360 2017-06-02] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220088 2017-06-02] (Malwarebytes)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10112 2004-07-09] (Microsoft Corporation)
S3 RTLVLAN; C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [16640 2007-11-20] (Realtek Semiconductor Corporation)
S3 sonypvs1; C:\WINDOWS\System32\DRIVERS\sonypvs1.sys [102220 2006-10-30] (Sony Corporation) [File not signed]
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-06 09:45 - 2017-06-06 09:45 - 00023861 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2017-06-06 09:44 - 2017-06-06 09:44 - 01774080 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2017-06-02 12:05 - 2017-06-02 12:05 - 00000000 ____D C:\WINDOWS\LastGood
2017-06-02 12:04 - 2017-06-02 12:04 - 00002465 _____ C:\Documents and Settings\All Users\Desktop\Sophos Virus Removal Tool.lnk
2017-06-02 12:04 - 2017-06-02 12:04 - 00000000 ____D C:\Program Files\Sophos
2017-06-02 12:04 - 2017-06-02 12:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
2017-06-02 12:04 - 2017-06-02 12:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sophos
2017-06-02 11:58 - 2017-06-02 11:59 - 168658936 _____ (Sophos Limited) C:\Documents and Settings\Administrator\Desktop\Sophos Virus Removal Tool.exe
2017-06-02 11:47 - 2017-06-02 11:52 - 00000000 ____D C:\AdwCleaner
2017-06-02 11:46 - 2017-06-02 11:46 - 04110280 _____ C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
2017-06-02 11:44 - 2017-06-02 11:44 - 00002235 _____ C:\Documents and Settings\Administrator\Desktop\JRT.txt
2017-06-02 11:39 - 2017-06-02 11:39 - 01663672 _____ (Malwarebytes) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2017-05-23 17:22 - 2017-05-23 17:21 - 00081920 _____ C:\WINDOWS\Minidump\Mini052317-01.dmp
2017-05-15 09:49 - 2017-05-15 09:49 - 01920725 _____ C:\Documents and Settings\Administrator\Desktop\ProcessExplorer.zip
2017-05-15 09:18 - 2017-05-15 09:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB4012598$

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-06 09:45 - 2014-06-01 16:01 - 00000000 ____D C:\FRST
2017-06-06 09:45 - 2010-07-10 11:02 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-06-06 09:45 - 2009-08-26 16:01 - 00004418 _____ C:\WINDOWS\ModemLog_Standard 28800 bps Modem.txt
2017-06-06 09:37 - 2016-01-31 18:57 - 00000438 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{6C18420D-9451-4222-9B7D-6881C75A8CC0}.job
2017-06-06 09:28 - 2015-06-17 15:00 - 00001020 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3394948068-354880341-3553192288-500UA.job
2017-06-06 07:28 - 2015-06-17 15:00 - 00000968 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3394948068-354880341-3553192288-500Core.job
2017-06-06 05:29 - 2011-04-08 13:18 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Dropbox
2017-06-06 02:37 - 2008-04-25 17:32 - 00032490 _____ C:\WINDOWS\SchedLgU.Txt
2017-06-02 19:52 - 2013-02-11 20:59 - 00000302 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3394948068-354880341-3553192288-500.job
2017-06-02 19:52 - 2010-04-22 14:23 - 00000302 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3394948068-354880341-3553192288-500.job
2017-06-02 11:57 - 2017-05-04 21:46 - 00148256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-02 11:57 - 2017-05-04 21:46 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-02 11:56 - 2017-05-04 21:45 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-02 11:55 - 2014-04-28 09:32 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-06-02 11:55 - 2013-02-11 20:59 - 00000294 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3394948068-354880341-3553192288-500.job
2017-06-02 11:55 - 2010-04-22 14:23 - 00000294 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3394948068-354880341-3553192288-500.job
2017-06-02 11:55 - 2008-04-25 17:35 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
2017-06-02 11:55 - 2008-04-25 12:16 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-06-02 11:55 - 1996-11-17 00:00 - 00021407 ____H C:\WINDOWS\system32\FFASTLOG.TXT
2017-06-02 11:54 - 2012-05-07 19:34 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-06-02 11:54 - 2008-04-25 17:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-02 11:53 - 2009-08-26 09:15 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2017-06-02 11:53 - 2008-04-25 17:32 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2017-06-02 11:45 - 2016-11-18 00:15 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-02 11:41 - 2015-06-17 15:00 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox
2017-05-23 17:25 - 2009-08-28 12:14 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2017-05-23 17:22 - 2010-07-10 17:57 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-23 17:22 - 2009-08-25 16:20 - 00000000 __SHD C:\WINDOWS\CSC
2017-05-15 09:33 - 2012-04-08 19:19 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
2017-05-15 09:30 - 2008-04-25 05:22 - 00661392 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-15 09:25 - 2014-04-21 19:57 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-05-15 09:18 - 2008-04-25 05:17 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2017-05-15 09:18 - 2008-04-25 05:17 - 00000000 ___HD C:\WINDOWS\inf
2017-05-08 15:00 - 2014-04-28 09:32 - 00000232 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

==================== Files in the root of some directories =======

2009-09-05 10:09 - 2010-04-07 11:27 - 0003009 _____ () C:\Documents and Settings\Administrator\Application Data\HPCOM_48BitScanUpdate.log
2009-08-27 10:17 - 2011-08-23 16:34 - 0683801 _____ () C:\Documents and Settings\Administrator\Application Data\unins000.exe
2015-10-19 13:34 - 2015-10-19 13:34 - 0078260 _____ () C:\Documents and Settings\Administrator\Application Data\unins001.dat
2015-10-19 13:34 - 2015-10-19 13:33 - 0715253 _____ () C:\Documents and Settings\Administrator\Application Data\unins001.exe
2010-01-29 14:36 - 2010-01-29 14:39 - 0000392 _____ () C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2009-09-09 23:19 - 2016-02-14 15:49 - 0128512 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-26 09:15 - 2009-08-26 09:15 - 0000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
2010-11-21 10:01 - 2010-11-21 10:01 - 0000567 _____ () C:\Documents and Settings\All Users\Application Data\afl.log
2009-08-25 13:14 - 2011-06-30 17:18 - 0002545 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Files to move or delete:
====================
C:\Documents and Settings\Administrator\hpothb07.dat


Some files in TEMP:
====================
2016-02-18 10:04 - 2011-09-12 12:43 - 0926560 _____ (DivX, LLC) C:\Documents and Settings\Administrator\Local Settings\temp\DivXSetup.exe
2015-12-02 20:12 - 2015-12-02 20:12 - 0071168 _____ () C:\Documents and Settings\Administrator\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgiupww.dll
2014-11-13 23:53 - 2014-11-13 23:53 - 0114176 _____ () C:\Documents and Settings\Administrator\Local Settings\temp\is64.exe
2014-11-13 23:53 - 2014-11-13 23:53 - 1805704 _____ (Zebra Technologies International, LLC) C:\Documents and Settings\Administrator\Local Settings\temp\PrnInst.exe
2014-11-13 23:53 - 2014-11-13 23:53 - 2795056 _____ () C:\Documents and Settings\Administrator\Local Settings\temp\Setup.exe
2014-11-13 23:53 - 2014-11-13 23:53 - 0144504 _____ () C:\Documents and Settings\Administrator\Local Settings\temp\silentinstall.exe
2014-11-13 23:53 - 2014-11-13 23:53 - 2827824 _____ () C:\Documents and Settings\Administrator\Local Settings\temp\ZebraUninstaller.exe
2015-08-19 12:10 - 2015-08-19 12:10 - 0075264 _____ (SanDisk Corporation) C:\Documents and Settings\Administrator\Local Settings\temp\~tmp1440000638410.exe
2009-08-24 22:20 - 2009-08-24 22:20 - 1925560 _____ (Adobe Systems Incorporated) C:\Documents and Settings\Steve\Local Settings\temp\FP_PL_PFS_INSTALLER.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

FARBAR Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-06-2017
Ran by Administrator (06-06-2017 09:46:22)
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2009-08-25 00:23:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3394948068-354880341-3553192288-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-3394948068-354880341-3553192288-1009 - Limited - Enabled)
Guest (S-1-5-21-3394948068-354880341-3553192288-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-3394948068-354880341-3553192288-1004 - Limited - Disabled)
Steve (S-1-5-21-3394948068-354880341-3553192288-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Steve
SUPPORT_388945a0 (S-1-5-21-3394948068-354880341-3553192288-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Design Premium (HKLM\...\Adobe_55230b0b70661df0f212e88f0b655f7) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
APC PowerChute Personal Edition (HKLM\...\{5A0C892E-FD1C-4203-941E-0956AED20A6A}) (Version: 2.0 - American Power Conversion Corporation)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 6 (HKLM\...\{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}) (Version: 6.0.1.148 - ArcSoft)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1014 - )
ATI Catalyst Control Center (HKLM\...\{D71C2B3D-9895-4D2A-A392-2FB9F58D1BE6}) (Version: 1.2.2172.2074 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.203-051211a-029564C-ATI - )
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bulk Rename Utility 2.7.1.1 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Canon CanoScan 9000F User Registration (HKLM\...\Canon CanoScan 9000F User Registration) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM\...\MP Navigator EX 3.1) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
CanoScan 9000F Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq9602) (Version:  - )
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CorePLS_Full_QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
CorePLS_Min_QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DAZzle (HKLM\...\DAZzle) (Version:  - )
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Diagnostics Utility (HKLM\...\{88253B77-33C9-4A9D-9E4C-4579E39D9158}) (Version: 1.00.0000 - Realtek)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3394948068-354880341-3553192288-500\...\Dropbox) (Version: 20.4.19 - Dropbox, Inc.)
ffdshow [rev 2583] [2009-01-05] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
FileZilla Client 3.5.3 (HKLM\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
focus booster (HKLM\...\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1) (Version: 1.2 - The Memphis Agency)
focus booster (Version: 1.2 - The Memphis Agency) Hidden
GoldWave v5.52 (HKLM\...\GoldWave v5.52) (Version:  - )
GroupMail :: Personal Edition (HKLM\...\{72FC0445-FE6D-4E12-815B-3A8C5E3704DA}_is1) (Version: 6.0.0.16 - Infacta Ltd.)
Hotfix 2055 for SQL Server 2000 ENU (KB960082) (HKLM\...\KB960082(ENU)) (Version: 1 - Microsoft Corporation)
HP Care Pack Core (HKLM\...\{3BC341BD-3736-45F0-B0E0-5664792AC528}) (Version: 1.0.0.0 - Hewlett-Packard)
HP Extended Capabilities 6.0 (HKLM\...\HPExtendedCapabilities) (Version: 6.0 - HP)
HP LaserJet P2015 Series 1.0 (HKLM\...\HP LaserJet P2015) (Version: 1.0 - HP)
HP Memories Disc (HKLM\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company)
HP Photo and Imaging 2.0 - Scanners (HKLM\...\{6CC93102-135E-49E2-99A4-C431E671C12A}) (Version: 2.0.0000 - {&Tahoma8}Hewlett-Packard)
HP Software Update (HKLM\...\{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}) (Version: 3.0.6.003 - HEWLET~1|Hewlett-Packard)
hppFonts (Version: 000.106.00040 - Hewlett-Packard) Hidden
hppIOFiles (Version: 001.001.00024 - Hewlett-Packard) Hidden
hppLJP2015 (Version: 000.104.00224 - Hewlett-Packard) Hidden
hppManualsP2015 (Version: 000.104.00210 - Hewlett-Packard) Hidden
hppMSRedist (Version: 1.01.0000 - Hewlett-Packard) Hidden
hppTLBXFXP2015 (Version: 001.000.00012 - Hewlett-Packard) Hidden
hppusgP2015 (Version: 001.000.00012 - Hewlett-Packard) Hidden
hppWebRegMM (Version: 000.001.00001 - Hewlett-Packard) Hidden
hpzTLBXFX (Version: 002.002.00170 - Hewlett-Packard) Hidden
Image Resizer Powertoy for Windows XP (HKLM\...\{1CB92574-96F2-467B-B793-5CEB35C40C29}) (Version: 1.00.0001 - Microsoft Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MarketResearch (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 52.1.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.1.2 ESR (x86 en-US)) (Version: 52.1.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.1.2.6346 - Mozilla)
Mozilla Thunderbird 45.5.1 (x86 en-US) (HKLM\...\Mozilla Thunderbird 45.5.1 (x86 en-US)) (Version: 45.5.1 - Mozilla)
Mp3tag v2.61a (HKLM\...\Mp3tag) (Version: v2.61a - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org 3.2 (HKLM\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
Product_SF_Full_QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Product_SF_Min_QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Activation Module (HKLM\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.5.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.1 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
ShareIns (Version: 1.00.0000 - Hewlett-Packard) Hidden
Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 2.0.01.13310 - Sony Corporation)
Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
UPSVC2008MM (Version: 1.00.0000 - UPS) Hidden
UPSVCMM (Version: 11.00.0000 - UPS) Hidden
UPSVCMM (Version: 12.00.0000 - UPS) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
WinFax PRO (HKLM\...\WinFax) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Zebra Font Downloader (HKLM\...\Zebra Font Downloader_is1) (Version:  - Zebra Technologies Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{04EBE69E-2DED-44F6-9854-9A3988F751ED}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.51.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.33\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{2027D000-8CEB-4191-9620-15DD2561855F}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.57.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{2C2CC1E6-7DAE-437A-92C1-5A36F40920E9}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.0\Plugins\YBPAddon_2.7.0.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{974C34A4-7FB0-4F2F-AA02-655E0CCCA662}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\YBPAddon_2.6.0.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{D09C464F-07DE-4C04-ABB4-88C30329C02D}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo!\BrowserPlus\2.5.1\Plugins\YBPAddon_2.5.1.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{F6406B2D-39A7-4566-A174-E19DDD818A95}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\YBPAddon_2.4.21.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-3394948068-354880341-3553192288-500_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3394948068-354880341-3553192288-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3394948068-354880341-3553192288-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3394948068-354880341-3553192288-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3394948068-354880341-3553192288-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3394948068-354880341-3553192288-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3394948068-354880341-3553192288-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{6C18420D-9451-4222-9B7D-6881C75A8CC0}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

1996-11-05 06:47 - 1996-11-05 06:47 - 00015360 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\wfxpnt40.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-04 21:43 - 2017-05-04 22:45 - 01736992 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2012-01-08 09:41 - 2012-01-08 09:41 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2007-07-23 16:04 - 2007-07-23 16:04 - 00068080 _____ () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
2012-04-14 20:15 - 2011-10-26 17:41 - 00325120 _____ () C:\Program Files\TeraCopy\TeraCopy.dll
2014-04-26 14:17 - 2014-04-26 14:17 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5f17321e\mscorlib.dll
2014-04-26 14:17 - 2014-04-26 14:17 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_37a82839\system.windows.forms.dll
2014-04-26 14:16 - 2014-04-26 14:16 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_64e62b70\system.dll
2014-04-26 14:17 - 2014-04-26 14:17 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_a139ab04\system.xml.dll
2014-04-26 14:17 - 2014-04-26 14:17 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_6e85be6f\system.drawing.dll
2016-05-31 16:41 - 2009-02-27 17:39 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
2016-05-31 16:41 - 2009-02-27 17:32 - 00020480 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2002-04-17 10:49 - 2002-04-17 10:49 - 00024576 _____ () c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
2006-06-15 08:42 - 2006-06-15 08:42 - 00053248 _____ () C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\nativeutils.dll
2011-07-28 19:08 - 2011-07-28 19:08 - 01259376 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2011-07-28 19:09 - 2011-07-28 19:09 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2002-04-17 10:49 - 2002-04-17 10:49 - 00077824 _____ () c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
1996-11-17 00:00 - 1996-11-17 00:00 - 00051984 _____ () C:\Program Files\Microsoft Office\Office\OSA.EXE
1996-11-17 00:00 - 2009-08-27 11:54 - 03792896 _____ () C:\Program Files\Microsoft Office\Office\MSO97.DLL
2008-04-25 12:16 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2008-04-25 12:16 - 2008-04-14 08:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-25 12:16 - 2008-04-14 08:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2007-07-31 03:26 - 2010-11-30 09:08 - 00207344 _____ () C:\Program Files\Common Files\Sonic Shared\SonicHDDemuxer.dll
2011-04-02 14:31 - 2009-01-05 18:02 - 02706432 _____ () C:\Program Files\ffdshow\ffdshow.ax
2015-06-09 01:06 - 2015-06-09 01:06 - 16867504 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3394948068-354880341-3553192288-500\...\taxsoftware.com -> taxsoftware.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-25 12:16 - 2010-07-10 11:03 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3394948068-354880341-3553192288-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\usmt\migwiz.exe] => Enabled:Files and Settings Transfer Wizard
StandardProfile\AuthorizedApplications: [C:\Program Files\NOVA\viaWARP\Updates.exe] => Enabled:Automatic Update Utility
StandardProfile\AuthorizedApplications: [C:\Program Files\NOVA\viaWARP\WARP.exe] => Enabled:Web Based Application for Real-Time Processing
StandardProfile\AuthorizedApplications: [C:\Program Files\NOVA\viaWARP\viawarp_ssl.exe] => Enabled:viawarp_ssl
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe] => Enabled:Adobe CSI CS4
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe] => Enabled:Adobe Version Cue CS4 Server
StandardProfile\AuthorizedApplications: [C:\Program Files\eBay\Turbo Lister2\Tl.exe] => Enabled:eBay Turbo Lister 2
StandardProfile\AuthorizedApplications: [C:\Program Files\Envelope Manager\DAZzle\DAZZLE.EXE] => Enabled:DAZzle
StandardProfile\AuthorizedApplications: [C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe] => Enabled:Acrobat.com
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\fxsclnt.exe] => Enabled:Microsoft  Fax Console
StandardProfile\AuthorizedApplications: [C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe] => C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe:*:Enabled:UPS WorldShip MSDE
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe] => Enabled:Google Talk Plugin
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe] => Enabled:LogMeIn Rescue
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0002.tmp\lmi_rescue.exe] => Enabled:LogMeIn Rescue
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0003.tmp\lmi_rescue.exe] => Enabled:LogMeIn Rescue
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [3389:TCP] => Enabled:@xpsp2res.dll,-22009
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [3389:TCP] => Enabled:@xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [5353:TCP] => Enabled:Adobe CSI CS4
StandardProfile\GloballyOpenPorts: [3703:TCP] => Enabled:Adobe Version Cue CS4 Server
StandardProfile\GloballyOpenPorts: [3704:TCP] => Enabled:Adobe Version Cue CS4 Server
StandardProfile\GloballyOpenPorts: [51000:TCP] => Enabled:Adobe Version Cue CS4 Server
StandardProfile\GloballyOpenPorts: [51001:TCP] => Enabled:Adobe Version Cue CS4 Server
StandardProfile\GloballyOpenPorts: [1434:UDP] => Enabled:UDP 1434

==================== Restore Points =========================

08-03-2017 22:28:35 System Checkpoint
09-03-2017 23:28:35 System Checkpoint
11-03-2017 00:27:22 System Checkpoint
12-03-2017 01:27:23 System Checkpoint
13-03-2017 01:30:04 System Checkpoint
14-03-2017 02:27:23 System Checkpoint
15-03-2017 03:27:23 System Checkpoint
16-03-2017 04:27:27 System Checkpoint
17-03-2017 05:27:25 System Checkpoint
18-03-2017 06:27:24 System Checkpoint
19-03-2017 06:31:53 System Checkpoint
20-03-2017 07:31:54 System Checkpoint
21-03-2017 08:31:53 System Checkpoint
22-03-2017 09:31:53 System Checkpoint
23-03-2017 10:31:53 System Checkpoint
24-03-2017 11:31:53 System Checkpoint
25-03-2017 11:36:25 System Checkpoint
26-03-2017 12:36:26 System Checkpoint
27-03-2017 12:41:02 System Checkpoint
28-03-2017 13:06:37 System Checkpoint
29-03-2017 13:36:46 System Checkpoint
30-03-2017 14:32:22 System Checkpoint
31-03-2017 15:27:02 System Checkpoint
01-04-2017 16:21:37 System Checkpoint
02-04-2017 17:16:31 System Checkpoint
03-04-2017 18:12:06 System Checkpoint
04-04-2017 19:06:32 System Checkpoint
05-04-2017 20:06:32 System Checkpoint
06-04-2017 21:06:33 System Checkpoint
07-04-2017 22:06:31 System Checkpoint
08-04-2017 23:06:31 System Checkpoint
10-04-2017 00:06:31 System Checkpoint
11-04-2017 01:05:19 System Checkpoint
12-04-2017 02:04:18 System Checkpoint
13-04-2017 02:59:46 System Checkpoint
14-04-2017 03:54:07 System Checkpoint
15-04-2017 04:49:29 System Checkpoint
16-04-2017 05:44:59 System Checkpoint
17-04-2017 06:39:34 System Checkpoint
18-04-2017 07:35:15 System Checkpoint
19-04-2017 08:29:34 System Checkpoint
20-04-2017 09:23:58 System Checkpoint
21-04-2017 10:17:29 System Checkpoint
22-04-2017 11:11:10 System Checkpoint
23-04-2017 12:05:00 System Checkpoint
24-04-2017 12:58:32 System Checkpoint
25-04-2017 13:53:21 System Checkpoint
26-04-2017 14:46:01 System Checkpoint
27-04-2017 15:40:09 System Checkpoint
28-04-2017 16:33:46 System Checkpoint
29-04-2017 17:28:07 System Checkpoint
30-04-2017 18:21:39 System Checkpoint
01-05-2017 19:15:13 System Checkpoint
02-05-2017 20:09:47 System Checkpoint
03-05-2017 21:03:30 System Checkpoint
04-05-2017 22:14:35 System Checkpoint
05-05-2017 22:56:21 System Checkpoint
06-05-2017 22:57:42 System Checkpoint
07-05-2017 23:07:43 System Checkpoint
08-05-2017 23:48:06 System Checkpoint
10-05-2017 00:43:45 System Checkpoint
11-05-2017 01:39:07 System Checkpoint
12-05-2017 01:47:55 System Checkpoint
13-05-2017 01:58:57 System Checkpoint
14-05-2017 02:10:17 System Checkpoint
15-05-2017 03:04:58 System Checkpoint
15-05-2017 09:18:32 Installed Windows XP KB4012598.
15-05-2017 09:32:09 Software Distribution Service 3.0
23-05-2017 17:42:49 System Checkpoint
24-05-2017 18:32:29 System Checkpoint
25-05-2017 18:37:00 System Checkpoint
26-05-2017 19:38:05 System Checkpoint
27-05-2017 20:37:00 System Checkpoint
28-05-2017 21:37:00 System Checkpoint
29-05-2017 22:09:17 System Checkpoint
30-05-2017 22:31:14 System Checkpoint
31-05-2017 23:31:14 System Checkpoint
02-06-2017 00:31:14 System Checkpoint
02-06-2017 11:41:50 JRT Pre-Junkware Removal
02-06-2017 11:43:38 JRT Pre-Junkware Removal
02-06-2017 12:04:02 Installed Sophos Virus Removal Tool.
03-06-2017 12:30:30 System Checkpoint
04-06-2017 12:45:01 System Checkpoint
05-06-2017 13:34:04 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Intel(R) G45/G43 Express Chipset
Description: Intel(R) G45/G43 Express Chipset
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: ialm
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) G45/G43 Express Chipset
Description: Intel(R) G45/G43 Express Chipset
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: ialm
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/06/2017 09:48:07 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (06/06/2017 09:48:07 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/06/2017 09:48:06 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (06/06/2017 09:48:06 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/06/2017 09:47:41 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (06/06/2017 09:47:41 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/06/2017 09:47:41 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (06/06/2017 09:47:41 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/06/2017 09:47:41 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (06/06/2017 09:47:41 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (06/04/2017 07:01:18 PM) (Source: 0) (EventID: 9) (User: )
Description: Event-ID 9

Error: (06/02/2017 11:56:28 AM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 1000008e, parameter1 c0000005, parameter2 8062853c, parameter3 b98fdc50, parameter4 00000000.

Error: (06/02/2017 11:55:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinFax PRO service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (06/02/2017 11:55:11 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The wfxsvc service was unable to log on as .\Administrator with the currently configured
password due to the following error:
Logon failure: unknown user name or bad password.


To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (06/02/2017 11:52:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 3 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/02/2017 11:52:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Fax service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/02/2017 11:52:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/02/2017 11:52:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/02/2017 11:52:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/02/2017 11:43:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 57%
Total physical RAM: 3036.91 MB
Available physical RAM: 1285.65 MB
Total Virtual: 4922.13 MB
Available Virtual: 3302.34 MB

==================== Drives ================================

Drive c: (HD) (Fixed) (Total:698.58 GB) (Free:81.46 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

Link to post
Share on other sites

  • Root Admin

Are you still using WinFax PRO ? That is a very old program back from 1997 and it's having issues running. If you're not using it I'd suggest you uninstall it.

Please uninstall all versions of Java from Control Panel, Add/Remove

Then run the following. It will also issue a command to run a Full disk check on reboot of the computer. That may take a few hours to run, please let it run until it completes.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

After you run this fix script and reboot the computer you should now be able to download and run Malwarebytes 3 or run it if already installed. Please run a Threat Scan with Malwarebytes 3 and post back that log too as an attachment. Please try not to copy/paste into the forum as the parsing engine for the forum often corrupts entries from your logs.

Thanks

Ron

 

 

 

 

Link to post
Share on other sites

It doesn't seem like it's there anymore.  I'm running another threat scan today to verify.

Could this PUM have been something innocuous? On this page, it says, "If you made the modification, you can add them to ignore after your next scan or allow them to be set to Microsoft default settings by our software."  I don't recall making any modifications, but how can I know for sure that this wasn't caused by malware?

Many thanks!

Link to post
Share on other sites

  • Root Admin

So many ways that these little things can get on your computer. I'll go ahead and give you a closing speech.

Take care and stay safe out there @TroubleWithOlaf

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot


Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.


 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.