PDA

View Full Version : unwanted games windows



bobbym
2014-04-01, 15:40
sorry the attach file is not zipped my computer does not give me the option to SENT IT TO.

my problem.
when opening another window e.g. selecting an article in a newspaper, an additional window opens advertising computer games. I do not know how this adware has got onto my machine. I ran Avira antivirus, spybot and malewarebyts and removing all adware before entering my banks web site. I have not ever had this adware before.

I have run Avira antivirus, spybot and malewarebyts, again and cleared any adware found, but the windows still open. any help would be appreciated.
when running aswMBR it asked me if I wanted to load "Avast" as I have avera installed I declined the request and then ran aswMBR.


FF - user.js: extensions.delta.newTab - false
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-9-15 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-9-15 440400]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-9-15 440400]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-9-15 90400]
R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-29 418376]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-29 701512]
R2 PirritUpdater;PirritUpdater;c:\program files\pirrit\AutoUpdater.exe [2013-11-21 55296]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-9-26 1033688]
R2 WinRST;WinRST;c:\program files\winrst\WinRST.exe [2014-3-30 59904]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2014-3-30 17149]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-9-29 22856]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2014-3-30 362944]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-9-26 1817560]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-9-26 171928]
S3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;c:\windows\system32\drivers\n100325.sys [2013-9-15 128000]
S3 S3U10Scanner;600 CU Still Image Device Service;c:\windows\system32\drivers\UsbScan.sys [2013-10-9 14976]
S3 Sheetfed Scanner;Sheetfed Scanner;c:\windows\system32\drivers\sheetfed scanner.sys --> c:\windows\system32\drivers\Sheetfed Scanner.sys [?]
S4 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-9-15 1017424]
.
=============== Created Last 30 ================
.
2014-03-31 17:08:40 -------- d-----w- c:\program files\CCleaner
2014-03-30 15:42:00 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2014-03-30 15:41:46 651264 ----a-w- c:\windows\system32\libeay32.dll
2014-03-30 15:41:45 94208 ----a-w- c:\windows\system32\DNIN50.dll
2014-03-30 15:41:45 17149 ----a-w- c:\windows\system32\DNINDIS5.sys
2014-03-30 15:41:45 147456 ----a-w- c:\windows\system32\ssleay32.dll
2014-03-30 15:41:42 362944 ----a-w- c:\windows\system32\drivers\WPN111.sys
2014-03-30 15:41:42 149392 ----a-w- c:\windows\system32\drivers\ar5523.bin
2014-03-30 15:41:42 -------- d-----w- c:\program files\NETGEAR
2014-03-30 11:14:35 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-30 11:14:35 13312 ------w- c:\windows\system32\xp_eos.exe
2014-03-30 11:08:41 -------- d-----w- c:\program files\AppsHat Mobile Apps
2014-03-30 11:07:06 -------- d-----w- c:\documents and settings\millam\local settings\application data\WinRST
2014-03-30 11:06:34 -------- d-----w- c:\program files\WinRST
.
==================== Find3M ====================
.
2014-03-30 13:23:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-30 13:23:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-30 11:27:41 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-02-24 11:46:36 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45:57 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45:42 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54:21 385024 ----a-w- c:\windows\system32\html.iec
2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 13:44:30.34 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 15/09/2013 12:57:13
System Uptime: 01/04/2014 10:08:29 (3 hours ago)
.
Motherboard: Compaq | | 07E4h
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | XU1 PROCESSOR | 2392/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 33 GiB total, 21.356 GiB free.
D: is FIXED (NTFS) - 41 GiB total, 40.705 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP87: 30/03/2014 13:32:37 - Software Distribution Service 3.0
RP88: 30/03/2014 17:41:41 - Installed NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
RP89: 31/03/2014 10:29:15 - Made by Registry Mechanic O
RP90: 31/03/2014 10:33:12 - Made by Registry Mechanic O
RP91: 31/03/2014 19:03:31 - Made by Registry Mechanic O
RP92: 31/03/2014 19:05:48 - Made by Registry Mechanic O
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Avira Free Antivirus
CCleaner
ERUNT 1.1j
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Intel(R) Network Connections 16.2.49.0
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 97, Professional Edition
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
Mustek 600 CU v2.0a
NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
Registry Mechanic 10.0.0.132
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SoundMAX
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
31/03/2014 15:05:56, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
31/03/2014 15:04:16, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
31/03/2014 15:04:16, error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
31/03/2014 15:02:57, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
30/03/2014 14:39:35, error: Service Control Manager [7022] - The WinRST service hung on starting.
30/03/2014 14:39:35, error: Service Control Manager [7022] - The PirritUpdater service hung on starting.
30/03/2014 14:38:21, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
30/03/2014 14:38:21, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
30/03/2014 14:01:06, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
30/03/2014 14:01:05, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
01/04/2014 09:22:11, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr Fips intelppm ssmdrv
01/04/2014 09:21:27, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-04-01 13:49:11
-----------------------------
13:49:11.218 OS Version: Windows 5.1.2600 Service Pack 3
13:49:11.218 Number of processors: 1 586 0x207
13:49:11.218 ComputerName: BOB-276AB2C0593 UserName: millam
13:49:11.500 Initialize success
13:49:40.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
13:49:40.609 Disk 0 Vendor: ST380021A 3.75 Size: 76319MB BusType: 3
13:49:40.750 Disk 0 MBR read successfully
13:49:40.750 Disk 0 MBR scan
13:49:40.750 Disk 0 Windows XP default MBR code
13:49:40.750 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 33997 MB offset 63
13:49:40.765 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 42318 MB offset 69627600
13:49:40.765 Disk 0 scanning sectors +156295440
13:49:40.890 Disk 0 scanning C:\WINDOWS\system32\drivers
13:49:48.000 Service scanning
13:50:00.828 Modules scanning
13:50:10.187 Disk 0 trace - called modules:
13:50:10.203 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
13:50:10.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823d0ab8]
13:50:10.703 3 CLASSPNP.SYS[f8575fd7] -> nt!IofCallDriver -> \Device\00000059[0x822934e8]
13:50:10.703 5 ACPI.sys[f84ec620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x823e3438]
13:50:10.703 Scan finished successfully
13:50:57.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\millam\Desktop\MBR.dat"
13:50:57.375 The log file has been saved successfully to "C:\Documents and Settings\millam\Desktop\aswMBR.txt"

Juliet
2014-04-01, 19:27
Hi and welcome


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)


~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)

(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))
and Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/



Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Please copy and paste these 3 logs in your next reply.

bobbym
2014-04-01, 21:15
as requested.



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by millam at 2014-04-01 20:06:01
Running from C:\Documents and Settings\millam\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
Intel(R) Network Connections 16.2.49.0 (HKLM\...\{EBDDD05E-EBCF-40FF-9BBD-C3E099A2B684}) (Version: 16.2.49.0 - Intel)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mustek 600 CU v2.0a (HKLM\...\Mustek 600 CU v2.0a) (Version: - )
NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111 (HKLM\...\{582E9125-32B6-4CBA-AB48-3E33CE3DB389}) (Version: 1.0.0 - NETGEAR)
Registry Mechanic 10.0.0.132 (HKLM\...\Registry Mechanic_is1) (Version: 10.0.0.132 - PC Tools)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.3620 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points =========================

30-03-2014 11:32:37 Software Distribution Service 3.0
30-03-2014 15:41:41 Installed NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
31-03-2014 08:29:15 Made by Registry Mechanic O
31-03-2014 08:33:12 Made by Registry Mechanic O
31-03-2014 17:03:31 Made by Registry Mechanic O
31-03-2014 17:05:48 Made by Registry Mechanic O
01-04-2014 17:11:25 Made by Registry Mechanic O

==================== Hosts content: ==========================

2004-08-04 14:00 - 2004-08-04 14:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoforFilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\RMSchedule.job => D:\Program Files\Registry Mechanic\RegMech.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2013-09-26 20:51 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-26 20:51 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-15 08:52 - 2013-09-15 21:45 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2013-11-21 14:44 - 2013-12-02 15:28 - 00055296 _____ () C:\Program Files\Pirrit\AutoUpdater.exe
2014-03-30 17:41 - 2004-04-18 16:43 - 00147456 _____ () C:\WINDOWS\system32\ssleay32.dll
2014-03-30 17:41 - 2004-04-18 16:43 - 00651264 _____ () C:\WINDOWS\system32\LIBEAY32.dll
2014-03-30 13:06 - 2014-02-26 17:42 - 00059904 _____ () C:\Program Files\WinRST\WinRST.exe
2013-09-26 20:51 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-30 15:39 - 2014-03-30 15:41 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-30 15:23 - 2014-03-30 15:23 - 16276872 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2014 07:33:23 PM) (Source: Application Error) (User: )
Description: Faulting application sdscan.exe, version 2.1.18.177, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [sdscan.exe!ws!]

Error: (04/01/2014 10:22:41 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005].

Error: (03/31/2014 11:08:19 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 8.0.0.4412, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/31/2014 10:34:57 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 8.0.0.4412, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/31/2014 10:33:38 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 8.0.0.4412, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/31/2014 10:32:40 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 8.0.0.4412, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/31/2014 08:04:36 PM) (Source: Application Error) (User: )
Description: Fault bucket 134906018.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (03/31/2014 08:04:05 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 28.0.0.5186, faulting module xul.dll, version 28.0.0.5186, fault address 0x008ae8da.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/30/2014 04:56:13 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x03330fef.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/09/2013 01:00:44 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (04/01/2014 00:19:29 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:26 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:22 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:19 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:15 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:11 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:08 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:04 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:00 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 10:22:41 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {301F9B76-643D-4370-BD56-B92C16D80667} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (04/01/2014 07:33:23 PM) (Source: Application Error)(User: )
Description: sdscan.exe2.1.18.1770.0.0.000000000

Error: (04/01/2014 10:22:41 AM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80080005

Error: (03/31/2014 11:08:19 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE8.0.0.4412hungapp0.0.0.000000000

Error: (03/31/2014 10:34:57 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE8.0.0.4412hungapp0.0.0.000000000

Error: (03/31/2014 10:33:38 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE8.0.0.4412hungapp0.0.0.000000000

Error: (03/31/2014 10:32:40 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE8.0.0.4412hungapp0.0.0.000000000

Error: (03/31/2014 08:04:36 PM) (Source: Application Error)(User: )
Description: 134906018

Error: (03/31/2014 08:04:05 PM) (Source: Application Error)(User: )
Description: plugin-container.exe28.0.0.5186xul.dll28.0.0.5186008ae8da

Error: (03/30/2014 04:56:13 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.003330fef

Error: (12/09/2013 01:00:44 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


==================== Memory info ===========================

Percentage of memory in use: 90%
Total physical RAM: 511.48 MB
Available physical RAM: 47.73 MB
Total Pagefile: 2014.21 MB
Available Pagefile: 944.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:33.2 GB) (Free:21.04 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:41.33 GB) (Free:40.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: F022F022)

Partition: GPT Partition Type.

==================== End Of Log ============================Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/01/2014 07:59:51 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe (PID: 1300) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 04/01/2014 08:01:08 PM
Execution time: 0 hours(s), 1 minute(s), and 16 seconds(s)


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by millam at 2014-04-01 20:06:01
Running from C:\Documents and Settings\millam\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
Intel(R) Network Connections 16.2.49.0 (HKLM\...\{EBDDD05E-EBCF-40FF-9BBD-C3E099A2B684}) (Version: 16.2.49.0 - Intel)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mustek 600 CU v2.0a (HKLM\...\Mustek 600 CU v2.0a) (Version: - )
NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111 (HKLM\...\{582E9125-32B6-4CBA-AB48-3E33CE3DB389}) (Version: 1.0.0 - NETGEAR)
Registry Mechanic 10.0.0.132 (HKLM\...\Registry Mechanic_is1) (Version: 10.0.0.132 - PC Tools)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.3620 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points =========================

30-03-2014 11:32:37 Software Distribution Service 3.0
30-03-2014 15:41:41 Installed NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
31-03-2014 08:29:15 Made by Registry Mechanic O
31-03-2014 08:33:12 Made by Registry Mechanic O
31-03-2014 17:03:31 Made by Registry Mechanic O
31-03-2014 17:05:48 Made by Registry Mechanic O
01-04-2014 17:11:25 Made by Registry Mechanic O

==================== Hosts content: ==========================

2004-08-04 14:00 - 2004-08-04 14:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoforFilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\RMSchedule.job => D:\Program Files\Registry Mechanic\RegMech.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2013-09-26 20:51 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-26 20:51 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-15 08:52 - 2013-09-15 21:45 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2013-11-21 14:44 - 2013-12-02 15:28 - 00055296 _____ () C:\Program Files\Pirrit\AutoUpdater.exe
2014-03-30 17:41 - 2004-04-18 16:43 - 00147456 _____ () C:\WINDOWS\system32\ssleay32.dll
2014-03-30 17:41 - 2004-04-18 16:43 - 00651264 _____ () C:\WINDOWS\system32\LIBEAY32.dll
2014-03-30 13:06 - 2014-02-26 17:42 - 00059904 _____ () C:\Program Files\WinRST\WinRST.exe
2013-09-26 20:51 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-30 15:39 - 2014-03-30 15:41 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-30 15:23 - 2014-03-30 15:23 - 16276872 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2014 07:33:23 PM) (Source: Application Error) (User: )
Description: Faulting application sdscan.exe, version 2.1.18.177, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [sdscan.exe!ws!]

Error: (04/01/2014 10:22:41 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005].

Error: (03/31/2014 11:08:19 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 8.0.0.4412, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/31/2014 10:34:57 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 8.0.0.4412, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/31/2014 10:33:38 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 8.0.0.4412, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/31/2014 10:32:40 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 8.0.0.4412, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/31/2014 08:04:36 PM) (Source: Application Error) (User: )
Description: Fault bucket 134906018.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (03/31/2014 08:04:05 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 28.0.0.5186, faulting module xul.dll, version 28.0.0.5186, fault address 0x008ae8da.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/30/2014 04:56:13 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x03330fef.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/09/2013 01:00:44 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (04/01/2014 00:19:29 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:26 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:22 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:19 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:15 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:11 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:08 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:04 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:00 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 10:22:41 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {301F9B76-643D-4370-BD56-B92C16D80667} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (04/01/2014 07:33:23 PM) (Source: Application Error)(User: )
Description: sdscan.exe2.1.18.1770.0.0.000000000

Error: (04/01/2014 10:22:41 AM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80080005

Error: (03/31/2014 11:08:19 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE8.0.0.4412hungapp0.0.0.000000000

Error: (03/31/2014 10:34:57 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE8.0.0.4412hungapp0.0.0.000000000

Error: (03/31/2014 10:33:38 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE8.0.0.4412hungapp0.0.0.000000000

Error: (03/31/2014 10:32:40 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE8.0.0.4412hungapp0.0.0.000000000

Error: (03/31/2014 08:04:36 PM) (Source: Application Error)(User: )
Description: 134906018

Error: (03/31/2014 08:04:05 PM) (Source: Application Error)(User: )
Description: plugin-container.exe28.0.0.5186xul.dll28.0.0.5186008ae8da

Error: (03/30/2014 04:56:13 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.003330fef

Error: (12/09/2013 01:00:44 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


==================== Memory info ===========================

Percentage of memory in use: 90%
Total physical RAM: 511.48 MB
Available physical RAM: 47.73 MB
Total Pagefile: 2014.21 MB
Available Pagefile: 944.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:33.2 GB) (Free:21.04 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:41.33 GB) (Free:40.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: F022F022)

Partition: GPT Partition Type.

==================== End Of Log ============================

bobbym
2014-04-01, 21:18
might have given you the same one twice sorry

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by millam (administrator) on BOB-276AB2C0593 on 01-04-2014 20:04:14
Running from C:\Documents and Settings\millam\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
(adi) C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(NETGEAR) C:\Program Files\NETGEAR\WPN111\wpn111.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\Pirrit\AutoUpdater.exe
(Malwarebytes Corporation) d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
() C:\Program Files\WinRST\WinRST.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-30] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Smapp] - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [143360 2003-05-05] (Analog Devices, Inc.)
HKLM\...\Run: [DrvLsnr] - C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe [69632 2003-05-08] (adi)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1343024091-1214440339-725345543-1003\...\Run: [AppsHat] - C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
HKU\S-1-5-21-1343024091-1214440339-725345543-1003\...\Run: [Apps Hat] - C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
ShortcutTarget: NETGEAR WPN111 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)
Startup: C:\Documents and Settings\millam\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> D:\ERUNT\AUTOBACK.EXE ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {41CA4D65-DC9E-406E-9236-5A807A96FE4A} URL = http://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms}
SearchScopes: HKCU - {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = http://eseeky.com/ws/?source=728386ab?tbp=rbox&toolbarid=base&u=91cc6323d75b58860c0002c552bd45d26d3b0122&q={searchTerms}
BHO: IEExtension.Extension - {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 217.168.160.41 217.168.160.42

FireFox:
========
FF ProfilePath: C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default
FF user.js: detected! => C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\user.js
FF NewTab: hxxp://www.google.com
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\searchplugins\eseeky-search.xml
FF SearchPlugin: C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\searchplugins\mixidj.xml
FF Extension: Apps Hat Mini - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com [2014-03-30]
FF Extension: Flash Video Downloader - Full HD Download - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\artur.dubovoy@gmail.com [2014-03-30]
FF Extension: LemurLeap - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\firefox@lemurleap.info [2013-10-01]
FF Extension: AppsHat - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF} [2013-10-10]
FF Extension: Default Tab - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\addon@defaulttab.com.xpi [2013-10-01]
FF Extension: LemurLeap - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\firefox@lemurleap.info.xpi [2013-09-26]
FF Extension: Pirrit Suggestor - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\suggestor@pirrit.com.xpi [2013-11-21]
FF Extension: Pirrit Suggestor - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\suggestor@suggestor.pirrit.com.xpi [2013-12-02]
FF Extension: Modify Headers - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2013-09-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-30] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-30] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PirritUpdater; C:\Program Files\Pirrit\AutoUpdater.exe [55296 2013-12-02] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)
R2 WinRST; C:\Program Files\WinRST\WinRST.exe [59904 2014-02-26] ()

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17801 2014-03-30] (Meetinghouse Data Communications)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [90400 2014-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [135648 2014-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 DNINDIS5; C:\WINDOWS\system32\DNINDIS5.SYS [17149 2003-07-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000nt5.sys [50719 2001-08-17] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 N100; C:\WINDOWS\System32\DRIVERS\n100325.sys [128000 2001-08-17] (Compaq Computer Corporation)
S3 S3U10Scanner; C:\WINDOWS\System32\drivers\usbscan.sys [14976 2013-07-03] (Microsoft Corporation)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-09-15] (Avira GmbH)
R3 WPN111; C:\WINDOWS\System32\DRIVERS\WPN111.sys [362944 2005-09-26] (NETGEAR, Inc.)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 Sheetfed Scanner; System32\drivers\Sheetfed Scanner.sys [X]
U1 WS2IFSL;
U3 aswMBR; \??\C:\DOCUME~1\millam\LOCALS~1\Temp\aswMBR.sys [X]
U3 mbr; \??\C:\DOCUME~1\millam\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-01 20:03 - 2014-04-01 20:04 - 00000000 ____D () C:\FRST
2014-04-01 19:59 - 2014-04-01 20:01 - 00002666 _____ () C:\Documents and Settings\millam\Desktop\Rkill.txt
2014-04-01 14:18 - 2014-04-01 14:18 - 00000000 ___HD () C:\WINDOWS\PIF
2014-04-01 13:50 - 2014-04-01 13:50 - 00001686 _____ () C:\Documents and Settings\millam\Desktop\aswMBR.txt
2014-04-01 13:50 - 2014-04-01 13:50 - 00000512 _____ () C:\Documents and Settings\millam\Desktop\MBR.dat
2014-04-01 13:44 - 2014-04-01 13:44 - 00011465 _____ () C:\Documents and Settings\millam\Desktop\attach.txt
2014-04-01 13:44 - 2014-04-01 13:44 - 00010497 _____ () C:\Documents and Settings\millam\Desktop\dds.txt
2014-04-01 13:36 - 2014-04-01 13:36 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-04-01 13:33 - 2014-04-01 13:33 - 00000420 _____ () C:\Documents and Settings\millam\Desktop\ERUNT.lnk
2014-04-01 13:33 - 2014-04-01 13:33 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ERUNT
2014-04-01 09:23 - 2014-04-01 09:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Avira
2014-04-01 09:21 - 2014-04-01 09:21 - 00000884 __RSH () C:\Documents and Settings\Administrator\ntuser.pol
2014-04-01 09:21 - 2014-04-01 09:21 - 00000020 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-04-01 09:21 - 2014-04-01 09:21 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-04-01 09:21 - 2014-04-01 09:21 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-04-01 09:21 - 2013-09-15 12:53 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-04-01 09:21 - 2013-09-15 12:53 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-04-01 09:21 - 2013-09-15 12:53 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-03-31 19:11 - 2014-03-31 19:11 - 00027778 _____ () C:\Documents and Settings\millam\My Documents\cc_20140331_191114.reg
2014-03-31 19:08 - 2014-03-31 19:08 - 00000682 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
2014-03-31 19:08 - 2014-03-31 19:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-31 19:08 - 2014-03-31 19:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
2014-03-31 13:36 - 2004-08-04 14:00 - 00000734 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140331-133640.backup
2014-03-30 17:42 - 2014-03-30 17:42 - 00017801 _____ (Meetinghouse Data Communications) C:\WINDOWS\system32\Drivers\AegisP.sys
2014-03-30 17:41 - 2014-03-30 17:41 - 00001385 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\NETGEAR WPN111 Smart Wizard.lnk
2014-03-30 17:41 - 2014-03-30 17:41 - 00000000 ____D () C:\Program Files\NETGEAR
2014-03-30 17:41 - 2014-03-30 17:41 - 00000000 ____D () C:\Documents and Settings\millam\Start Menu\Programs\NETGEAR WPN111 Adapter
2014-03-30 17:41 - 2014-03-30 17:41 - 00000000 ____D () C:\Documents and Settings\millam\Application Data\InstallShield
2014-03-30 17:41 - 2014-03-30 17:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\NETGEAR WPN111 Adapter
2014-03-30 17:41 - 2005-09-26 16:02 - 00362944 _____ (NETGEAR, Inc.) C:\WINDOWS\system32\Drivers\WPN111.sys
2014-03-30 17:41 - 2005-07-27 21:15 - 00149392 _____ () C:\WINDOWS\system32\Drivers\ar5523.bin
2014-03-30 17:41 - 2004-04-18 16:43 - 00651264 _____ () C:\WINDOWS\system32\libeay32.dll
2014-03-30 17:41 - 2004-04-18 16:43 - 00147456 _____ () C:\WINDOWS\system32\ssleay32.dll
2014-03-30 17:41 - 2003-07-24 12:10 - 00094208 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\WINDOWS\system32\DNIN50.dll
2014-03-30 17:41 - 2003-07-24 12:10 - 00017149 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\WINDOWS\system32\DNINDIS5.sys
2014-03-30 15:39 - 2014-03-31 10:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-30 13:55 - 2014-04-01 10:09 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-30 13:55 - 2014-03-30 14:40 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-30 13:52 - 2014-03-30 13:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-30 13:52 - 2014-03-30 13:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-30 13:52 - 2014-03-30 13:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-03-30 13:51 - 2014-03-30 13:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-30 13:33 - 2014-03-30 13:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-03-30 13:14 - 2014-02-26 03:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-30 13:14 - 2014-02-26 03:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-30 13:07 - 2014-03-30 13:07 - 00000000 ____D () C:\Documents and Settings\millam\Local Settings\Application Data\WinRST
2014-03-30 13:06 - 2014-03-30 13:06 - 00000000 ____D () C:\Program Files\WinRST

==================== One Month Modified Files and Folders =======

2014-04-01 20:04 - 2014-04-01 20:03 - 00000000 ____D () C:\FRST
2014-04-01 20:01 - 2014-04-01 19:59 - 00002666 _____ () C:\Documents and Settings\millam\Desktop\Rkill.txt
2014-04-01 19:33 - 2013-09-16 15:41 - 00000256 _____ () C:\WINDOWS\Tasks\RMSchedule.job
2014-04-01 19:22 - 2013-09-16 16:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-01 18:42 - 2011-12-31 17:28 - 00000245 ___SH () C:\boot.ini
2014-04-01 18:18 - 2013-09-26 20:51 - 00458752 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-04-01 17:00 - 2013-09-15 12:51 - 01406627 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-01 14:18 - 2014-04-01 14:18 - 00000000 ___HD () C:\WINDOWS\PIF
2014-04-01 13:50 - 2014-04-01 13:50 - 00001686 _____ () C:\Documents and Settings\millam\Desktop\aswMBR.txt
2014-04-01 13:50 - 2014-04-01 13:50 - 00000512 _____ () C:\Documents and Settings\millam\Desktop\MBR.dat
2014-04-01 13:44 - 2014-04-01 13:44 - 00011465 _____ () C:\Documents and Settings\millam\Desktop\attach.txt
2014-04-01 13:44 - 2014-04-01 13:44 - 00010497 _____ () C:\Documents and Settings\millam\Desktop\dds.txt
2014-04-01 13:36 - 2014-04-01 13:36 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-04-01 13:33 - 2014-04-01 13:33 - 00000420 _____ () C:\Documents and Settings\millam\Desktop\ERUNT.lnk
2014-04-01 13:33 - 2014-04-01 13:33 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ERUNT
2014-04-01 12:21 - 2013-11-06 20:09 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-04-01 10:33 - 2011-12-31 17:42 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-01 10:13 - 2013-09-26 20:52 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-01 10:12 - 2004-08-04 14:00 - 00013694 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-01 10:10 - 2013-09-15 13:44 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-01 10:10 - 2013-09-15 13:44 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-04-01 10:09 - 2014-03-30 13:55 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-01 10:09 - 2013-10-16 14:58 - 00000302 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1343024091-1214440339-725345543-1003.job
2014-04-01 10:09 - 2013-10-16 14:41 - 00000280 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1343024091-1214440339-725345543-1003.job
2014-04-01 10:09 - 2013-10-10 14:12 - 00000282 _____ () C:\WINDOWS\Tasks\GoforFilesUpdate.job
2014-04-01 10:09 - 2013-09-15 12:58 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-01 09:23 - 2014-04-01 09:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Avira
2014-04-01 09:21 - 2014-04-01 09:21 - 00000884 __RSH () C:\Documents and Settings\Administrator\ntuser.pol
2014-04-01 09:21 - 2014-04-01 09:21 - 00000020 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-04-01 09:21 - 2014-04-01 09:21 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-04-01 09:21 - 2014-04-01 09:21 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-04-01 09:20 - 2013-09-15 08:23 - 00000000 __SHD () C:\WINDOWS\CSC
2014-03-31 23:20 - 2013-09-15 12:58 - 00032578 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-31 23:19 - 2013-09-15 12:59 - 00000178 ___SH () C:\Documents and Settings\millam\ntuser.ini
2014-03-31 23:19 - 2013-09-15 12:59 - 00000000 ____D () C:\Documents and Settings\millam
2014-03-31 19:11 - 2014-03-31 19:11 - 00027778 _____ () C:\Documents and Settings\millam\My Documents\cc_20140331_191114.reg
2014-03-31 19:08 - 2014-03-31 19:08 - 00000682 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
2014-03-31 19:08 - 2014-03-31 19:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-31 19:08 - 2014-03-31 19:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
2014-03-31 15:02 - 2011-12-31 19:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982665$
2014-03-31 10:33 - 2014-03-30 15:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-31 10:33 - 2011-12-31 17:21 - 00000000 ____D () C:\WINDOWS\security
2014-03-31 10:15 - 2013-02-13 12:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-30 17:44 - 2013-09-15 13:40 - 00509828 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-30 17:42 - 2014-03-30 17:42 - 00017801 _____ (Meetinghouse Data Communications) C:\WINDOWS\system32\Drivers\AegisP.sys
2014-03-30 17:41 - 2014-03-30 17:41 - 00001385 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\NETGEAR WPN111 Smart Wizard.lnk
2014-03-30 17:41 - 2014-03-30 17:41 - 00000000 ____D () C:\Program Files\NETGEAR
2014-03-30 17:41 - 2014-03-30 17:41 - 00000000 ____D () C:\Documents and Settings\millam\Start Menu\Programs\NETGEAR WPN111 Adapter
2014-03-30 17:41 - 2014-03-30 17:41 - 00000000 ____D () C:\Documents and Settings\millam\Application Data\InstallShield
2014-03-30 17:41 - 2014-03-30 17:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\NETGEAR WPN111 Adapter
2014-03-30 17:41 - 2013-09-16 15:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-30 15:32 - 2013-10-17 10:02 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-03-30 15:23 - 2013-09-16 16:05 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-30 15:23 - 2013-09-16 16:05 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-30 14:40 - 2014-03-30 13:55 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-30 13:55 - 2013-09-15 13:39 - 00107008 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-30 13:52 - 2014-03-30 13:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-30 13:52 - 2014-03-30 13:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-30 13:52 - 2014-03-30 13:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-03-30 13:52 - 2011-12-31 18:22 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-30 13:51 - 2014-03-30 13:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-30 13:45 - 2013-09-17 10:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-30 13:33 - 2014-03-30 13:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-03-30 13:27 - 2013-09-15 21:46 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-03-30 13:27 - 2013-09-15 21:46 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-03-30 13:17 - 2013-10-26 11:11 - 00002347 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader XI.lnk
2014-03-30 13:08 - 2013-10-10 14:30 - 00002170 _____ () C:\Documents and Settings\millam\Desktop\AppsHat.lnk
2014-03-30 13:08 - 2013-10-10 14:30 - 00000000 ____D () C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer
2014-03-30 13:07 - 2014-03-30 13:07 - 00000000 ____D () C:\Documents and Settings\millam\Local Settings\Application Data\WinRST
2014-03-30 13:06 - 2014-03-30 13:06 - 00000000 ____D () C:\Program Files\WinRST
2014-03-02 14:03 - 2013-09-17 10:45 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Documents and Settings\millam\Local Settings\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Juliet
2014-04-01, 22:38
Registry Mechanic
We do not recommend the use of registry cleaners. No registry cleaner is completely safe since most do not even create a backup the potential is ever present to cause more problems than they claim to fix.
If you do not have knowledge of the registry, then you would probably be better off leaving it alone, and definitely not placing blind trust in a program to do the job for you.
Our colleague miekiemoes has an excellent writeup here
http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

We suggest uninstalling them via Add or Remove Programs in your Control Panel.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Running from C:\Documents and Settings\millam\My Documents\Downloads

Locate Farbar Recovery Scan Tool, we need to move this to desktop.
Locate it, right click select copy, then go to your desktop and right click, select paste.
Or
Click the Start. Then click Computer.
Double click the C:\ drive to open it.(Or whatever drive letter it's listed as)
Right click the FRST.txt file and click Delete.
Repeat for the Addition.txt file.
Right click the Farbar Recovery Scan Tool icon and click Copy
Close the C:\ drive. You should now be back to the desktop.
Right click on an empty space on the desktop and click Paste. This should put the FRST file on the desktop.


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
Task: C:\WINDOWS\Tasks\GoforFilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
HKU\S-1-5-21-1343024091-1214440339-725345543-1003\...\Run: [AppsHat] - C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
HKU\S-1-5-21-1343024091-1214440339-725345543-1003\...\Run: [Apps Hat] - C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
SearchScopes: HKCU - {41CA4D65-DC9E-406E-9236-5A807A96FE4A} URL = http://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms}
SearchScopes: HKCU - {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = http://eseeky.com/ws/?source=728386ab?tbp=rbox&toolbarid=base&u=91cc6323d75b58860c0002c552bd45d26d3b0122&q={searchTerms}
FF user.js: detected! => C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\user.js
FF SearchPlugin: C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\searchplugins\eseeky-search.xml
FF SearchPlugin: C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\searchplugins\mixidj.xml
FF Extension: Apps Hat Mini - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com [2014-03-30]
FF Extension: AppsHat - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF} [2013-10-10]
FF Extension: Pirrit Suggestor - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\suggestor@pirrit.com.xpi [2013-11-21]
FF Extension: Pirrit Suggestor - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\suggestor@suggestor.pirrit.com.xpi [2013-12-02]
C:\Documents and Settings\millam\Local Settings\Temp\avgnt.exe
C:\Program Files\Pirrit\AutoUpdater.exe
Reboot:
end


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


~~~~~~~~~~~~~~~~~~~`

AdwCleaner by Xplode

Close all open windows and browsers.

Right click the AdwCleaner icon http://i1059.photobucket.com/albums/t432/cinjo23/RightClickonAdwCleanerIcon.jpg on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

*****
https://dl.dropbox.com/u/73555776/AdwCleaner.GIF


Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please don't delete anything at this time.
Click the Report button to get the log
Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.

~~~~~~~~~~~~~~~~~~~~~~~~~~`

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.


Please post these logs in your next reply. Also, please give me an update on how the computer is now.
Fixlog.txt
AdwCleaner.txt
JRT.txt

bobbym
2014-04-01, 23:53
I have got as far as "AdwCleaner by Xplode" but it is not on my desk top and you did not give a link to where I can down load it. I tried a quick web search but got a registry cleaner not what you wanted, please can you give me the link.

I normally use registry repair pro (an early trial version) that has never given me any problems on any of my computers, I have already uninstalled this one.
it is now getting late hear and I am about to go to bed. will look out for your reply in the morning. thanks for your help, as a matter of interest while awaiting your last reply I have not had any more unwanted web pages, but I expect I will tomorrow. unless your last fix fixed it.

Juliet
2014-04-02, 00:06
try this

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

bobbym
2014-04-02, 11:14
ok back up and running. first thing I notice is that the password keeper is working again. but I have only just turned it on will try other things while I wait.



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by millam at 2014-04-01 22:09:32 Run:1
Running from C:\Documents and Settings\millam\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
Task: C:\WINDOWS\Tasks\GoforFilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
HKU\S-1-5-21-1343024091-1214440339-725345543-1003\...\Run: [AppsHat] - C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
HKU\S-1-5-21-1343024091-1214440339-725345543-1003\...\Run: [Apps Hat] - C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
SearchScopes: HKCU - {41CA4D65-DC9E-406E-9236-5A807A96FE4A} URL = http://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms}
SearchScopes: HKCU - {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = http://eseeky.com/ws/?source=728386ab?tbp=rbox&toolbarid=base&u=91cc6323d75b58860c0002c552bd45d26d3b0122&q={searchTerms}
FF user.js: detected! => C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\user.js
FF SearchPlugin: C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\searchplugins\eseeky-search.xml
FF SearchPlugin: C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\searchplugins\mixidj.xml
FF Extension: Apps Hat Mini - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com [2014-03-30]
FF Extension: AppsHat - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF} [2013-10-10]
FF Extension: Pirrit Suggestor - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\suggestor@pirrit.com.xpi [2013-11-21]
FF Extension: Pirrit Suggestor - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\suggestor@suggestor.pirrit.com.xpi [2013-12-02]
C:\Documents and Settings\millam\Local Settings\Temp\avgnt.exe
C:\Program Files\Pirrit\AutoUpdater.exe
Reboot:
end
*****************

C:\WINDOWS\Tasks\GoforFilesUpdate.job => Moved successfully.
HKU\S-1-5-21-1343024091-1214440339-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AppsHat => Value deleted successfully.
HKU\S-1-5-21-1343024091-1214440339-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Apps Hat => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{41CA4D65-DC9E-406E-9236-5A807A96FE4A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{41CA4D65-DC9E-406E-9236-5A807A96FE4A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8105727-97B2-4B68-8BA5-57150A17B1B3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A8105727-97B2-4B68-8BA5-57150A17B1B3} => Key not found.
C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\user.js => Moved successfully.
C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\searchplugins\eseeky-search.xml => Moved successfully.
C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\searchplugins\mixidj.xml => Moved successfully.
C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com => Moved successfully.
C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF} => Moved successfully.
C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\suggestor@pirrit.com.xpi => Moved successfully.
C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\suggestor@suggestor.pirrit.com.xpi => Moved successfully.
C:\Documents and Settings\millam\Local Settings\Temp\avgnt.exe => Moved successfully.
C:\Program Files\Pirrit\AutoUpdater.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====



# AdwCleaner v3.023 - Report created 02/04/2014 at 09:34:35
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : millam - BOB-276AB2C0593
# Running from : C:\Documents and Settings\millam\My Documents\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : PirritUpdater

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\addon@defaulttab.com.xpi
File Found : C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\firefox@lemurleap.info.xpi
File Found : C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\invalidprefs.js
File Found : C:\WINDOWS\system32\roboot.exe
Folder Found C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Pirrit Suggestor
Folder Found C:\Documents and Settings\millam\Application Data\DefaultTab
Folder Found C:\Documents and Settings\millam\Application Data\goforfiles
Folder Found C:\Documents and Settings\millam\Application Data\Pirrit
Folder Found C:\Documents and Settings\millam\Application Data\registry mechanic
Folder Found C:\Documents and Settings\millam\Application Data\Systweak
Folder Found C:\Documents and Settings\millam\Local Settings\Application Data\Pirrit Suggestor
Folder Found C:\Documents and Settings\millam\Local Settings\Application Data\webplayer
Folder Found C:\Program Files\Pirrit

***** [ Shortcuts ] *****

Shortcut Found : C:\Documents and Settings\millam\Start Menu\Programs\AppsHat\Uninstall.lnk ( _?=C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer\AppsHat )

***** [ Registry ] *****

Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\GoforFiles
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AppsHat Mobile Apps
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKCU\Software\Pirrit
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\Webplayer
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522032201}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\GoforFiles
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKLM\Software\Pirrit
Key Found : HKLM\Software\systweak
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\GoforFiles\GoforFiles.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\GoforFiles\goforfilesdl.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\prefs.js ]

Line Found : user_pref("extensions.aa055e456a2004197b11ab82eb9b5ea1ce3a45ca070b044d3aeb30176a65ffa43com50301.50301.internaldb.Resources_meta.value", "%7B%2219x19.png%22%3A%7B%22id%22%3A516700%2C%22ver%22%3A1%2C%22[...]
Line Found : user_pref("extensions.crossrider.bic", "14512bd4e28d3b02bf579736f9315e30");
Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.dfltLng", "en");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.id", "9ce94285000000000000000bcd136953");
Line Found : user_pref("extensions.delta.instlDay", "15988");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.24.614:14:45");
Line Found : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Found : user_pref("extensions.delta_i.babExt", "");
Line Found : user_pref("extensions.delta_i.babTrack", "affID=119294&tsp=5031");
Line Found : user_pref("extensions.delta_i.srcExt", "ss");
Line Found : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1396203223005");

*************************

AdwCleaner[R0].txt - [5986 octets] - [02/04/2014 09:34:35]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6046 octets] ##########






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by millam on 02/04/2014 at 9:50:57.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1343024091-1214440339-725345543-1003\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220522032201}



~~~ Files

Successfully deleted: [File] C:\WINDOWS\Tasks\rmschedule.job
Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\millam\Application Data\defaulttab"
Successfully deleted: [Folder] "C:\Documents and Settings\millam\Application Data\goforfiles"
Successfully deleted: [Folder] "C:\Documents and Settings\millam\Application Data\registry mechanic"
Successfully deleted: [Folder] "C:\Documents and Settings\millam\Application Data\systweak"
Successfully deleted: [Folder] "C:\Documents and Settings\millam\Local Settings\Application Data\appshat mobile apps"
Successfully deleted: [Folder] "C:\Documents and Settings\millam\Local Settings\Application Data\webplayer"
Successfully deleted: [Folder] "C:\Program Files\appshat mobile apps"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\millam\Application Data\mozilla\firefox\profiles\nlv5wxzw.default\invalidprefs.js
Successfully deleted: [File] C:\Documents and Settings\millam\Application Data\mozilla\firefox\profiles\nlv5wxzw.default\extensions\addon@defaulttab.com.xpi
Successfully deleted the following from C:\Documents and Settings\millam\Application Data\mozilla\firefox\profiles\nlv5wxzw.default\prefs.js

user_pref("extensions.aa055e456a2004197b11ab82eb9b5ea1ce3a45ca070b044d3aeb30176a65ffa43com50301.50301.internaldb.Resources_meta.value", "%7B%2219x19.png%22%3A%7B%22id%22%3A516
user_pref("extensions.aa055e456a2004197b11ab82eb9b5ea1ce3a45ca070b044d3aeb30176a65ffa43com50301.50301.internaldb.Resources_resource_516700.value", "%22data%3Aimage/png%3Bbase6
user_pref("extensions.crossrider.bic", "14512bd4e28d3b02bf579736f9315e30");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "9ce94285000000000000000bcd136953");
user_pref("extensions.delta.instlDay", "15988");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.24.6");
user_pref("extensions.delta.vrsnTs", "1.8.24.614:14:45");
user_pref("extensions.delta.vrsni", "1.8.24.6");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=119294&tsp=5031");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1396203223005");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/04/2014 at 9:57:42.35
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet
2014-04-02, 12:49
Good deal, that took out a chunk of ugly things.

Next**

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete this time click on Clean
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner.txt as well.


*********************

Please Run TFC by OldTimer to clear temporary files:

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.

Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.


Please post the AdwCleaner.txt and tell me how the computer is now.

bobbym
2014-04-02, 14:23
hi Juliet

here is the adwcleaner file.

I down loaded http://oldtimer.geekstogo.com/TFC.exe but it hangs up. tried it twice. then deleted it and down loaded it again with the same results. it stops after stopping all running programs. I left if run for over 10 minutes with absolutely no sign of life. when I selected exit it also hangs.
I also noticed that although I started it on the desk top, double clicking the Icon, when the computer ran back up after being switched off the Icon was always missing.

the computer seems to be behaving its self. thank you so very much.





# AdwCleaner v3.023 - Report created 02/04/2014 at 12:14:34
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : millam - BOB-276AB2C0593
# Running from : C:\Documents and Settings\millam\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : PirritUpdater

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\firefox@lemurleap.info.xpi
Folder Found C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Pirrit Suggestor
Folder Found C:\Documents and Settings\millam\Application Data\Pirrit
Folder Found C:\Documents and Settings\millam\Local Settings\Application Data\Pirrit Suggestor
Folder Found C:\Program Files\Pirrit

***** [ Shortcuts ] *****

Shortcut Found : C:\Documents and Settings\millam\Start Menu\Programs\AppsHat\Uninstall.lnk ( _?=C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer\AppsHat )

***** [ Registry ] *****

Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\GoforFiles
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AppsHat Mobile Apps
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKCU\Software\Pirrit
Key Found : HKCU\Software\Webplayer
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKLM\Software\GoforFiles
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKLM\Software\Pirrit
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\GoforFiles\GoforFiles.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\GoforFiles\goforfilesdl.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\prefs.js ]

Line Found : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1396425670811");

*************************

AdwCleaner[R0].txt - [6126 octets] - [02/04/2014 09:34:35]
AdwCleaner[R1].txt - [3190 octets] - [02/04/2014 12:14:34]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3250 octets] ##########

Juliet
2014-04-02, 14:36
The log you posted doesn't show it cleaned or deleted anything? I think maybe you posted the first log?, a second run would had produced another.
You can open the tool, look for the logs button, then look for todays date I think. At the moment I don't have it on my desktop to guide me but it should work something close to that.

The issues with TFC could possibly be from your onboard security. Not a big deal, could try again and use it in safe mode if you like.

bobbym
2014-04-02, 14:42
hi Juliet

the log I posted has today's date and time # AdwCleaner v3.023 - "Report created 02/04/2014 at 12:14:34"

the adwcleaner only showed the Pirrit to be cleaned. so I assume it has deleted that.

will try the old timer in safe mode.

bobbym
2014-04-02, 15:00
Ok the oldtimers ran ok in safe mode. removed some 180 temp files.

the Icon still disappears when the computer is run up in normal mode.

Juliet
2014-04-02, 16:27
Good to hear OTC ran in safe mode.

I need to make sure what AdwCleaner has found is being deleted.

Open AdwCleaner
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes AntiMalware recently had a program update.
You can download the newest version over the top of the one you have or download and install again.

http://www.malwarebytes.org/update/

Please get the new version and let's run another scan.

Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/update/)to your desktop
(If uninstalling and doing a reinstall the link is below)
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits


https://dl.dropboxusercontent.com/u/73555776/MBAMsettings.JPG

Go back to the Dashboard and select Scan Now


https://dl.dropboxusercontent.com/u/73555776/MBAMScan.JPG


If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

https://dl.dropboxusercontent.com/u/73555776/MBAMReboot.JPG


https://dl.dropboxusercontent.com/u/73555776/MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

bobbym
2014-04-02, 17:09
Hi Juliet

as asked for the program did not highlight and problems. running new malwarebytes now



# AdwCleaner v3.023 - Report created 02/04/2014 at 15:54:49
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : millam - BOB-276AB2C0593
# Running from : C:\Documents and Settings\millam\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\prefs.js ]

Line Deleted : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1396434202099");

*************************

AdwCleaner[R0].txt - [6126 octets] - [02/04/2014 09:34:35]
AdwCleaner[R1].txt - [3330 octets] - [02/04/2014 12:14:34]
AdwCleaner[R2].txt - [1088 octets] - [02/04/2014 15:53:34]
AdwCleaner[S0].txt - [3368 octets] - [02/04/2014 12:15:41]
AdwCleaner[S1].txt - [1012 octets] - [02/04/2014 15:54:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1072 octets] ##########

bobbym
2014-04-02, 17:55
Hi Juliet

have run malwarebytes it found four PUPS and removed them. for some reason I could not get the log to save to the desk top. if you know where to look I will find it for you.

I have to go out for a couple of hours, when I get back I will check your reply and rerun the malwarebytes anyway.

thanks for all the work so far. seems spybot, malwrebytes, and avera cant keep machines as clean as people think.

Juliet
2014-04-02, 18:31
Open malwarebytes, click on the History tab
scroll to the latest log, should have a date by it.

They've changed the format of the interface and I've got to get used to it too.

Also, update me on how the computer is at the moment.

bobbym
2014-04-02, 19:39
hi Juliet

yes its there. copied it to clipboard then pasted it here.

the computer has been working fine all day, no more unwanted windows opening.

I am running malwarebytes again will post results log after this one.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/04/2014
Scan Time: 16:34:09
Logfile:
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.02.05
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: millam

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385731
Time Elapsed: 30 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Delete-on-Reboot, [33cd8977ba4636ca6ca23cd1936f1ee2],
PUP.Optional.AppsHat.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Apps Hat Mini, Delete-on-Reboot, [27d93dc3718f7f81ae2a87dd07fbc43c],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Delete-on-Reboot, [e7197987649c24dc0b03cda1659dbc44],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.RegCleanPro, C:\Documents and Settings\millam\My Documents\Downloads\rcp_dcomnew_sec_300.exe, Quarantined, [bc44dc248d7345bb8ffba1932cd4b34d],

Physical Sectors: 0
(No malicious items detected)


(end)

-----------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/04/2014
Scan Time: 18:38:41
Logfile:
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.02.05
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: millam

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385702
Time Elapsed: 30 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


clean.

Juliet
2014-04-02, 19:48
Looking good now.

I want you to read over this article about Windows XP.

http://forums.whatthetech.com/index.php?showtopic=127901

**************

Now let's check for remnants.

The scanner below can take quite a while to run depending on full your hard drive is, and it is expected that it will find things. What I do think we will see are files already held in quarantine folders so don't be alarmed.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.



http://www.eset.com/us/online-scanner/run
Online Virus Scanner


Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

bobbym
2014-04-02, 21:22
hi Juliet

results

C:\AdwCleaner\Quarantine\C\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\firefox@lemurleap.info.xpi.vir Win32/BrowseFox.B potentially unwanted application
C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\extensions\firefox@lemurleap.info\chrome\content\overlay.js Win32/BrowseFox.B potentially unwanted application
C:\Documents and Settings\millam\My Documents\Downloads\ccsetup412(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\millam\My Documents\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\millam\My Documents\Downloads\code_calculator_by_cybergsm_v5_4_rapidshare_downloader.exe Win32/DownWare.O potentially unwanted application
C:\FRST\Quarantine\C\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

Juliet
2014-04-02, 22:44
Good deal

C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
You have Avira, which bundles the Ask toolbar, so that can be left alone.


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\extensions\firefox@lemurleap.info\chrome\content\overlay.js
C:\Documents and Settings\millam\My Documents\Downloads\ccsetup412(1).exe
C:\Documents and Settings\millam\My Documents\Downloads\ccsetup412.exe
C:\Documents and Settings\millam\My Documents\Downloads\code_calculator_by_cybergsm_v5_4_rapidshare_downloader.exe
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


How's the computer now?

bobbym
2014-04-02, 23:24
hi Juliet
still going fine. The only thing that gets me now is an "image" named in Task Manager "mbamservice.exe" uses my hard drive and most of the memory just as I was about to run FRST
I think its mlwarebytes updating but I wish they would give us an indication as to what they are doing, I noticed avira does the same think sometime you aventually get a popup telling you its updated a bit late then.

anyway thank you for your thoroughness if you are employed your employer is lucky to have you.

I wish XP was around a lot longer. I have just found out my only DVD reader/writer does not like my windows 7 DVD. It must be one of those picky ones that don't like + or - disks, I will have to find out which and get my son to send me one it likes. I have a hard drive with windows 7 on it but for a very different machine, might just try fitting it and seeing what happens.

anyway here is the logfile.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by millam at 2014-04-02 21:55:44 Run:2
Running from C:\Documents and Settings\millam\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\extensions\firefox@lemurleap.info\chrome\content\overlay.js
C:\Documents and Settings\millam\My Documents\Downloads\ccsetup412(1).exe
C:\Documents and Settings\millam\My Documents\Downloads\ccsetup412.exe
C:\Documents and Settings\millam\My Documents\Downloads\code_calculator_by_cybergsm_v5_4_rapidshare_downloader.exe
Reboot:
end
*****************

C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\extensions\firefox@lemurleap.info\chrome\content\overlay.js => Moved successfully.
C:\Documents and Settings\millam\My Documents\Downloads\ccsetup412(1).exe => Moved successfully.
C:\Documents and Settings\millam\My Documents\Downloads\ccsetup412.exe => Moved successfully.
C:\Documents and Settings\millam\My Documents\Downloads\code_calculator_by_cybergsm_v5_4_rapidshare_downloader.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

bobbym
2014-04-03, 00:10
Hi Juliet

Sorry past my bet time us OAP's need our shut eye. will check again in the morning.

Juliet
2014-04-03, 01:11
Hi Juliet

Sorry past my bet time us OAP's need our shut eye. will check again in the morning.

LOL
Mine is coming soon.

About the only way to be rid of the tools updating is to remove the tools....But you can't do without an antivirus and actually having layered security is what you want.
MBAM seemingly does run quick, as least mine appears to. As for Antivirus. Microsoft Security Essentials mostly runs quietly in the back ground but when it updates it will hog resources for a short time like the others.
It's never a win - win situation. :)

OK, let's remove tools and quarantine folders and send you on your way.

****************

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.




start
DeleteQuarantine:
end


***********

Download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
http://www.hdrcgb.org.uk/g2g/delfix.jpg

Click Run



Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.

***********************

Your good to go, good job!

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)

CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.


Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop



~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)


WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null)))


Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)

*********************************************
Please read the following safe computing articles..

Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)


Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)
Keep a backup of your important files (http://www.geekstogo.com/2008/06/19/options-for-home-computer-data-backup-part-1/) - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

bobbym
2014-04-03, 11:45
hi Juliet

have done what you asked. Thanks for the tips as well, I will share that information with my son and daughter.

thanks again for all your help much appreciated.

Juliet
2014-04-03, 12:23
Happy to Help :)

Juliet
2014-04-05, 14:39
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.