unwanted games windows

[bobbym]

sorry the attach file is not zipped my computer does not give me the option to SENT IT TO.

my problem.
when opening another window e.g. selecting an article in a newspaper, an additional window opens advertising computer games. I do not know how this adware has got onto my machine. I ran Avira antivirus, spybot and malewarebyts and removing all adware before entering my banks web site. I have not ever had this adware before.

I have run Avira antivirus, spybot and malewarebyts, again and cleared any adware found, but the windows still open. any help would be appreciated.
when running aswMBR it asked me if I wanted to load "Avast" as I have avera installed I declined the request and then ran aswMBR.


FF - user.js: extensions.delta.newTab - false
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-9-15 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-9-15 440400]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-9-15 440400]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-9-15 90400]
R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-29 418376]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-29 701512]
R2 PirritUpdater;PirritUpdater;c:\program files\pirrit\AutoUpdater.exe [2013-11-21 55296]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-9-26 1033688]
R2 WinRST;WinRST;c:\program files\winrst\WinRST.exe [2014-3-30 59904]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2014-3-30 17149]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-9-29 22856]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2014-3-30 362944]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-9-26 1817560]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-9-26 171928]
S3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;c:\windows\system32\drivers\n100325.sys [2013-9-15 128000]
S3 S3U10Scanner;600 CU Still Image Device Service;c:\windows\system32\drivers\UsbScan.sys [2013-10-9 14976]
S3 Sheetfed Scanner;Sheetfed Scanner;c:\windows\system32\drivers\sheetfed scanner.sys --> c:\windows\system32\drivers\Sheetfed Scanner.sys [?]
S4 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-9-15 1017424]
.
=============== Created Last 30 ================
.
2014-03-31 17:08:40 -------- d-----w- c:\program files\CCleaner
2014-03-30 15:42:00 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2014-03-30 15:41:46 651264 ----a-w- c:\windows\system32\libeay32.dll
2014-03-30 15:41:45 94208 ----a-w- c:\windows\system32\DNIN50.dll
2014-03-30 15:41:45 17149 ----a-w- c:\windows\system32\DNINDIS5.sys
2014-03-30 15:41:45 147456 ----a-w- c:\windows\system32\ssleay32.dll
2014-03-30 15:41:42 362944 ----a-w- c:\windows\system32\drivers\WPN111.sys
2014-03-30 15:41:42 149392 ----a-w- c:\windows\system32\drivers\ar5523.bin
2014-03-30 15:41:42 -------- d-----w- c:\program files\NETGEAR
2014-03-30 11:14:35 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-30 11:14:35 13312 ------w- c:\windows\system32\xp_eos.exe
2014-03-30 11:08:41 -------- d-----w- c:\program files\AppsHat Mobile Apps
2014-03-30 11:07:06 -------- d-----w- c:\documents and settings\millam\local settings\application data\WinRST
2014-03-30 11:06:34 -------- d-----w- c:\program files\WinRST
.
==================== Find3M ====================
.
2014-03-30 13:23:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-30 13:23:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-30 11:27:41 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-02-24 11:46:36 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45:57 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45:42 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54:21 385024 ----a-w- c:\windows\system32\html.iec
2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 13:44:30.34 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 15/09/2013 12:57:13
System Uptime: 01/04/2014 10:08:29 (3 hours ago)
.
Motherboard: Compaq | | 07E4h
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | XU1 PROCESSOR | 2392/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 33 GiB total, 21.356 GiB free.
D: is FIXED (NTFS) - 41 GiB total, 40.705 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP87: 30/03/2014 13:32:37 - Software Distribution Service 3.0
RP88: 30/03/2014 17:41:41 - Installed NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
RP89: 31/03/2014 10:29:15 - Made by Registry Mechanic O
RP90: 31/03/2014 10:33:12 - Made by Registry Mechanic O
RP91: 31/03/2014 19:03:31 - Made by Registry Mechanic O
RP92: 31/03/2014 19:05:48 - Made by Registry Mechanic O
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Avira Free Antivirus
CCleaner
ERUNT 1.1j
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Intel(R) Network Connections 16.2.49.0
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 97, Professional Edition
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
Mustek 600 CU v2.0a
NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
Registry Mechanic 10.0.0.132
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SoundMAX
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
31/03/2014 15:05:56, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
31/03/2014 15:04:16, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
31/03/2014 15:04:16, error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
31/03/2014 15:02:57, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
30/03/2014 14:39:35, error: Service Control Manager [7022] - The WinRST service hung on starting.
30/03/2014 14:39:35, error: Service Control Manager [7022] - The PirritUpdater service hung on starting.
30/03/2014 14:38:21, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
30/03/2014 14:38:21, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
30/03/2014 14:01:06, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
30/03/2014 14:01:05, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
01/04/2014 09:22:11, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr Fips intelppm ssmdrv
01/04/2014 09:21:27, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-04-01 13:49:11
-----------------------------
13:49:11.218 OS Version: Windows 5.1.2600 Service Pack 3
13:49:11.218 Number of processors: 1 586 0x207
13:49:11.218 ComputerName: BOB-276AB2C0593 UserName: millam
13:49:11.500 Initialize success
13:49:40.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
13:49:40.609 Disk 0 Vendor: ST380021A 3.75 Size: 76319MB BusType: 3
13:49:40.750 Disk 0 MBR read successfully
13:49:40.750 Disk 0 MBR scan
13:49:40.750 Disk 0 Windows XP default MBR code
13:49:40.750 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 33997 MB offset 63
13:49:40.765 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 42318 MB offset 69627600
13:49:40.765 Disk 0 scanning sectors +156295440
13:49:40.890 Disk 0 scanning C:\WINDOWS\system32\drivers
13:49:48.000 Service scanning
13:50:00.828 Modules scanning
13:50:10.187 Disk 0 trace - called modules:
13:50:10.203 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
13:50:10.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823d0ab8]
13:50:10.703 3 CLASSPNP.SYS[f8575fd7] -> nt!IofCallDriver -> \Device\00000059[0x822934e8]
13:50:10.703 5 ACPI.sys[f84ec620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x823e3438]
13:50:10.703 Scan finished successfully
13:50:57.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\millam\Desktop\MBR.dat"
13:50:57.375 The log file has been saved successfully to "C:\Documents and Settings\millam\Desktop\aswMBR.txt"

[Juliet]

Hi and welcome


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

1. rkill.exe
2. rkill.com
3. rkill.scr
4. rkill.pif
5. WiNlOgOn.exe
6. uSeRiNiT.exe

~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Farbar Recovery Scan Tool

(use correct version for your system.....Which system am I using?)
and Tutorial http://www.geekstogo.com/forum/topic...ery-scan-tool/



Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Please copy and paste these 3 logs in your next reply.

[bobbym]

as requested.



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by millam at 2014-04-01 20:06:01
Running from C:\Documents and Settings\millam\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
Intel(R) Network Connections 16.2.49.0 (HKLM\...\{EBDDD05E-EBCF-40FF-9BBD-C3E099A2B684}) (Version: 16.2.49.0 - Intel)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mustek 600 CU v2.0a (HKLM\...\Mustek 600 CU v2.0a) (Version: - )
NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111 (HKLM\...\{582E9125-32B6-4CBA-AB48-3E33CE3DB389}) (Version: 1.0.0 - NETGEAR)
Registry Mechanic 10.0.0.132 (HKLM\...\Registry Mechanic_is1) (Version: 10.0.0.132 - PC Tools)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.3620 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points =========================

30-03-2014 11:32:37 Software Distribution Service 3.0
30-03-2014 15:41:41 Installed NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
31-03-2014 08:29:15 Made by Registry Mechanic O
31-03-2014 08:33:12 Made by Registry Mechanic O
31-03-2014 17:03:31 Made by Registry Mechanic O
31-03-2014 17:05:48 Made by Registry Mechanic O
01-04-2014 17:11:25 Made by Registry Mechanic O

==================== Hosts content: ==========================

2004-08-04 14:00 - 2004-08-04 14:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoforFilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\RMSchedule.job => D:\Program Files\Registry Mechanic\RegMech.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2013-09-26 20:51 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-26 20:51 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-15 08:52 - 2013-09-15 21:45 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2013-11-21 14:44 - 2013-12-02 15:28 - 00055296 _____ () C:\Program Files\Pirrit\AutoUpdater.exe
2014-03-30 17:41 - 2004-04-18 16:43 - 00147456 _____ () C:\WINDOWS\system32\ssleay32.dll
2014-03-30 17:41 - 2004-04-18 16:43 - 00651264 _____ () C:\WINDOWS\system32\LIBEAY32.dll
2014-03-30 13:06 - 2014-02-26 17:42 - 00059904 _____ () C:\Program Files\WinRST\WinRST.exe
2013-09-26 20:51 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-30 15:39 - 2014-03-30 15:41 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-30 15:23 - 2014-03-30 15:23 - 16276872 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2014 07:33:23 PM) (Source: Application Error) (User: )
Description: Faulting application sdscan.exe, version 2.1.18.177, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [sdscan.exe!ws!]

Error: (04/01/2014 10:22:41 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005].

Error: (03/31/2014 11:08:19 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 8.0.0.4412, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/31/2014 10:34:57 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 8.0.0.4412, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/31/2014 10:33:38 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 8.0.0.4412, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/31/2014 10:32:40 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 8.0.0.4412, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/31/2014 08:04:36 PM) (Source: Application Error) (User: )
Description: Fault bucket 134906018.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (03/31/2014 08:04:05 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 28.0.0.5186, faulting module xul.dll, version 28.0.0.5186, fault address 0x008ae8da.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/30/2014 04:56:13 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x03330fef.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/09/2013 01:00:44 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (04/01/2014 00:19:29 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:26 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:22 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:19 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:15 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:11 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:08 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:04 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:00 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 10:22:41 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {301F9B76-643D-4370-BD56-B92C16D80667} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (04/01/2014 07:33:23 PM) (Source: Application Error)(User: )
Description: sdscan.exe2.1.18.1770.0.0.000000000

Error: (04/01/2014 10:22:41 AM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80080005

Error: (03/31/2014 11:08:19 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE8.0.0.4412hungapp0.0.0.000000000

Error: (03/31/2014 10:34:57 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE8.0.0.4412hungapp0.0.0.000000000

Error: (03/31/2014 10:33:38 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE8.0.0.4412hungapp0.0.0.000000000

Error: (03/31/2014 10:32:40 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE8.0.0.4412hungapp0.0.0.000000000

Error: (03/31/2014 08:04:36 PM) (Source: Application Error)(User: )
Description: 134906018

Error: (03/31/2014 08:04:05 PM) (Source: Application Error)(User: )
Description: plugin-container.exe28.0.0.5186xul.dll28.0.0.5186008ae8da

Error: (03/30/2014 04:56:13 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.003330fef

Error: (12/09/2013 01:00:44 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


==================== Memory info ===========================

Percentage of memory in use: 90%
Total physical RAM: 511.48 MB
Available physical RAM: 47.73 MB
Total Pagefile: 2014.21 MB
Available Pagefile: 944.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:33.2 GB) (Free:21.04 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:41.33 GB) (Free:40.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: F022F022)

Partition: GPT Partition Type.

==================== End Of Log ============================Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/01/2014 07:59:51 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe (PID: 1300) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 04/01/2014 08:01:08 PM
Execution time: 0 hours(s), 1 minute(s), and 16 seconds(s)


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by millam at 2014-04-01 20:06:01
Running from C:\Documents and Settings\millam\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
Intel(R) Network Connections 16.2.49.0 (HKLM\...\{EBDDD05E-EBCF-40FF-9BBD-C3E099A2B684}) (Version: 16.2.49.0 - Intel)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mustek 600 CU v2.0a (HKLM\...\Mustek 600 CU v2.0a) (Version: - )
NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111 (HKLM\...\{582E9125-32B6-4CBA-AB48-3E33CE3DB389}) (Version: 1.0.0 - NETGEAR)
Registry Mechanic 10.0.0.132 (HKLM\...\Registry Mechanic_is1) (Version: 10.0.0.132 - PC Tools)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.3620 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points =========================

30-03-2014 11:32:37 Software Distribution Service 3.0
30-03-2014 15:41:41 Installed NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
31-03-2014 08:29:15 Made by Registry Mechanic O
31-03-2014 08:33:12 Made by Registry Mechanic O
31-03-2014 17:03:31 Made by Registry Mechanic O
31-03-2014 17:05:48 Made by Registry Mechanic O
01-04-2014 17:11:25 Made by Registry Mechanic O

==================== Hosts content: ==========================

2004-08-04 14:00 - 2004-08-04 14:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoforFilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1343024091-1214440339-725345543-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\RMSchedule.job => D:\Program Files\Registry Mechanic\RegMech.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2013-09-26 20:51 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-26 20:51 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-15 08:52 - 2013-09-15 21:45 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2013-11-21 14:44 - 2013-12-02 15:28 - 00055296 _____ () C:\Program Files\Pirrit\AutoUpdater.exe
2014-03-30 17:41 - 2004-04-18 16:43 - 00147456 _____ () C:\WINDOWS\system32\ssleay32.dll
2014-03-30 17:41 - 2004-04-18 16:43 - 00651264 _____ () C:\WINDOWS\system32\LIBEAY32.dll
2014-03-30 13:06 - 2014-02-26 17:42 - 00059904 _____ () C:\Program Files\WinRST\WinRST.exe
2013-09-26 20:51 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-30 15:39 - 2014-03-30 15:41 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-30 15:23 - 2014-03-30 15:23 - 16276872 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2014 07:33:23 PM) (Source: Application Error) (User: )
Description: Faulting application sdscan.exe, version 2.1.18.177, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [sdscan.exe!ws!]

Error: (04/01/2014 10:22:41 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005].

Error: (03/31/2014 11:08:19 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 8.0.0.4412, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/31/2014 10:34:57 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 8.0.0.4412, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/31/2014 10:33:38 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 8.0.0.4412, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/31/2014 10:32:40 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 8.0.0.4412, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/31/2014 08:04:36 PM) (Source: Application Error) (User: )
Description: Fault bucket 134906018.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (03/31/2014 08:04:05 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 28.0.0.5186, faulting module xul.dll, version 28.0.0.5186, fault address 0x008ae8da.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/30/2014 04:56:13 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x03330fef.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/09/2013 01:00:44 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (04/01/2014 00:19:29 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:26 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:22 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:19 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:15 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:11 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:08 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:04 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 00:19:00 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/01/2014 10:22:41 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {301F9B76-643D-4370-BD56-B92C16D80667} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (04/01/2014 07:33:23 PM) (Source: Application Error)(User: )
Description: sdscan.exe2.1.18.1770.0.0.000000000

Error: (04/01/2014 10:22:41 AM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80080005

Error: (03/31/2014 11:08:19 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE8.0.0.4412hungapp0.0.0.000000000

Error: (03/31/2014 10:34:57 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE8.0.0.4412hungapp0.0.0.000000000

Error: (03/31/2014 10:33:38 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE8.0.0.4412hungapp0.0.0.000000000

Error: (03/31/2014 10:32:40 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE8.0.0.4412hungapp0.0.0.000000000

Error: (03/31/2014 08:04:36 PM) (Source: Application Error)(User: )
Description: 134906018

Error: (03/31/2014 08:04:05 PM) (Source: Application Error)(User: )
Description: plugin-container.exe28.0.0.5186xul.dll28.0.0.5186008ae8da

Error: (03/30/2014 04:56:13 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.003330fef

Error: (12/09/2013 01:00:44 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


==================== Memory info ===========================

Percentage of memory in use: 90%
Total physical RAM: 511.48 MB
Available physical RAM: 47.73 MB
Total Pagefile: 2014.21 MB
Available Pagefile: 944.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:33.2 GB) (Free:21.04 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:41.33 GB) (Free:40.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: F022F022)

Partition: GPT Partition Type.

==================== End Of Log ============================

[bobbym]

might have given you the same one twice sorry

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by millam (administrator) on BOB-276AB2C0593 on 01-04-2014 20:04:14
Running from C:\Documents and Settings\millam\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
(adi) C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(NETGEAR) C:\Program Files\NETGEAR\WPN111\wpn111.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\Pirrit\AutoUpdater.exe
(Malwarebytes Corporation) d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
() C:\Program Files\WinRST\WinRST.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-30] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Smapp] - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [143360 2003-05-05] (Analog Devices, Inc.)
HKLM\...\Run: [DrvLsnr] - C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe [69632 2003-05-08] (adi)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1343024091-1214440339-725345543-1003\...\Run: [AppsHat] - C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
HKU\S-1-5-21-1343024091-1214440339-725345543-1003\...\Run: [Apps Hat] - C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
ShortcutTarget: NETGEAR WPN111 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)
Startup: C:\Documents and Settings\millam\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> D:\ERUNT\AUTOBACK.EXE ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
SearchScopes: HKCU - {41CA4D65-DC9E-406E-9236-5A807A96FE4A} URL = http://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms}
SearchScopes: HKCU - {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = http://eseeky.com/ws/?source=728386ab?tbp=rbox&toolbarid=base&u=91cc6323d75b58860c0002c552bd45d26d3b0122&q={searchTerms}
BHO: IEExtension.Extension - {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 217.168.160.41 217.168.160.42

FireFox:
========
FF ProfilePath: C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default
FF user.js: detected! => C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\user.js
FF NewTab: hxxp://www.google.com
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\searchplugins\eseeky-search.xml
FF SearchPlugin: C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\searchplugins\mixidj.xml
FF Extension: Apps Hat Mini - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com [2014-03-30]
FF Extension: Flash Video Downloader - Full HD Download - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\artur.dubovoy@gmail.com [2014-03-30]
FF Extension: LemurLeap - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\firefox@lemurleap.info [2013-10-01]
FF Extension: AppsHat - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF} [2013-10-10]
FF Extension: Default Tab - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\addon@defaulttab.com.xpi [2013-10-01]
FF Extension: LemurLeap - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\firefox@lemurleap.info.xpi [2013-09-26]
FF Extension: Pirrit Suggestor - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\suggestor@pirrit.com.xpi [2013-11-21]
FF Extension: Pirrit Suggestor - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\suggestor@suggestor.pirrit.com.xpi [2013-12-02]
FF Extension: Modify Headers - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2013-09-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-30] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-30] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PirritUpdater; C:\Program Files\Pirrit\AutoUpdater.exe [55296 2013-12-02] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)
R2 WinRST; C:\Program Files\WinRST\WinRST.exe [59904 2014-02-26] ()

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17801 2014-03-30] (Meetinghouse Data Communications)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [90400 2014-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [135648 2014-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 DNINDIS5; C:\WINDOWS\system32\DNINDIS5.SYS [17149 2003-07-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000nt5.sys [50719 2001-08-17] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 N100; C:\WINDOWS\System32\DRIVERS\n100325.sys [128000 2001-08-17] (Compaq Computer Corporation)
S3 S3U10Scanner; C:\WINDOWS\System32\drivers\usbscan.sys [14976 2013-07-03] (Microsoft Corporation)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-09-15] (Avira GmbH)
R3 WPN111; C:\WINDOWS\System32\DRIVERS\WPN111.sys [362944 2005-09-26] (NETGEAR, Inc.)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 Sheetfed Scanner; System32\drivers\Sheetfed Scanner.sys [X]
U1 WS2IFSL;
U3 aswMBR; \??\C:\DOCUME~1\millam\LOCALS~1\Temp\aswMBR.sys [X]
U3 mbr; \??\C:\DOCUME~1\millam\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-01 20:03 - 2014-04-01 20:04 - 00000000 ____D () C:\FRST
2014-04-01 19:59 - 2014-04-01 20:01 - 00002666 _____ () C:\Documents and Settings\millam\Desktop\Rkill.txt
2014-04-01 14:18 - 2014-04-01 14:18 - 00000000 ___HD () C:\WINDOWS\PIF
2014-04-01 13:50 - 2014-04-01 13:50 - 00001686 _____ () C:\Documents and Settings\millam\Desktop\aswMBR.txt
2014-04-01 13:50 - 2014-04-01 13:50 - 00000512 _____ () C:\Documents and Settings\millam\Desktop\MBR.dat
2014-04-01 13:44 - 2014-04-01 13:44 - 00011465 _____ () C:\Documents and Settings\millam\Desktop\attach.txt
2014-04-01 13:44 - 2014-04-01 13:44 - 00010497 _____ () C:\Documents and Settings\millam\Desktop\dds.txt
2014-04-01 13:36 - 2014-04-01 13:36 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-04-01 13:33 - 2014-04-01 13:33 - 00000420 _____ () C:\Documents and Settings\millam\Desktop\ERUNT.lnk
2014-04-01 13:33 - 2014-04-01 13:33 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ERUNT
2014-04-01 09:23 - 2014-04-01 09:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Avira
2014-04-01 09:21 - 2014-04-01 09:21 - 00000884 __RSH () C:\Documents and Settings\Administrator\ntuser.pol
2014-04-01 09:21 - 2014-04-01 09:21 - 00000020 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-04-01 09:21 - 2014-04-01 09:21 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-04-01 09:21 - 2014-04-01 09:21 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-04-01 09:21 - 2013-09-15 12:53 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-04-01 09:21 - 2013-09-15 12:53 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-04-01 09:21 - 2013-09-15 12:53 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-03-31 19:11 - 2014-03-31 19:11 - 00027778 _____ () C:\Documents and Settings\millam\My Documents\cc_20140331_191114.reg
2014-03-31 19:08 - 2014-03-31 19:08 - 00000682 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
2014-03-31 19:08 - 2014-03-31 19:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-31 19:08 - 2014-03-31 19:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
2014-03-31 13:36 - 2004-08-04 14:00 - 00000734 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140331-133640.backup
2014-03-30 17:42 - 2014-03-30 17:42 - 00017801 _____ (Meetinghouse Data Communications) C:\WINDOWS\system32\Drivers\AegisP.sys
2014-03-30 17:41 - 2014-03-30 17:41 - 00001385 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\NETGEAR WPN111 Smart Wizard.lnk
2014-03-30 17:41 - 2014-03-30 17:41 - 00000000 ____D () C:\Program Files\NETGEAR
2014-03-30 17:41 - 2014-03-30 17:41 - 00000000 ____D () C:\Documents and Settings\millam\Start Menu\Programs\NETGEAR WPN111 Adapter
2014-03-30 17:41 - 2014-03-30 17:41 - 00000000 ____D () C:\Documents and Settings\millam\Application Data\InstallShield
2014-03-30 17:41 - 2014-03-30 17:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\NETGEAR WPN111 Adapter
2014-03-30 17:41 - 2005-09-26 16:02 - 00362944 _____ (NETGEAR, Inc.) C:\WINDOWS\system32\Drivers\WPN111.sys
2014-03-30 17:41 - 2005-07-27 21:15 - 00149392 _____ () C:\WINDOWS\system32\Drivers\ar5523.bin
2014-03-30 17:41 - 2004-04-18 16:43 - 00651264 _____ () C:\WINDOWS\system32\libeay32.dll
2014-03-30 17:41 - 2004-04-18 16:43 - 00147456 _____ () C:\WINDOWS\system32\ssleay32.dll
2014-03-30 17:41 - 2003-07-24 12:10 - 00094208 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\WINDOWS\system32\DNIN50.dll
2014-03-30 17:41 - 2003-07-24 12:10 - 00017149 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\WINDOWS\system32\DNINDIS5.sys
2014-03-30 15:39 - 2014-03-31 10:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-30 13:55 - 2014-04-01 10:09 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-30 13:55 - 2014-03-30 14:40 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-30 13:52 - 2014-03-30 13:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-30 13:52 - 2014-03-30 13:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-30 13:52 - 2014-03-30 13:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-03-30 13:51 - 2014-03-30 13:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-30 13:33 - 2014-03-30 13:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-03-30 13:14 - 2014-02-26 03:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-30 13:14 - 2014-02-26 03:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-30 13:07 - 2014-03-30 13:07 - 00000000 ____D () C:\Documents and Settings\millam\Local Settings\Application Data\WinRST
2014-03-30 13:06 - 2014-03-30 13:06 - 00000000 ____D () C:\Program Files\WinRST

==================== One Month Modified Files and Folders =======

2014-04-01 20:04 - 2014-04-01 20:03 - 00000000 ____D () C:\FRST
2014-04-01 20:01 - 2014-04-01 19:59 - 00002666 _____ () C:\Documents and Settings\millam\Desktop\Rkill.txt
2014-04-01 19:33 - 2013-09-16 15:41 - 00000256 _____ () C:\WINDOWS\Tasks\RMSchedule.job
2014-04-01 19:22 - 2013-09-16 16:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-01 18:42 - 2011-12-31 17:28 - 00000245 ___SH () C:\boot.ini
2014-04-01 18:18 - 2013-09-26 20:51 - 00458752 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-04-01 17:00 - 2013-09-15 12:51 - 01406627 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-01 14:18 - 2014-04-01 14:18 - 00000000 ___HD () C:\WINDOWS\PIF
2014-04-01 13:50 - 2014-04-01 13:50 - 00001686 _____ () C:\Documents and Settings\millam\Desktop\aswMBR.txt
2014-04-01 13:50 - 2014-04-01 13:50 - 00000512 _____ () C:\Documents and Settings\millam\Desktop\MBR.dat
2014-04-01 13:44 - 2014-04-01 13:44 - 00011465 _____ () C:\Documents and Settings\millam\Desktop\attach.txt
2014-04-01 13:44 - 2014-04-01 13:44 - 00010497 _____ () C:\Documents and Settings\millam\Desktop\dds.txt
2014-04-01 13:36 - 2014-04-01 13:36 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-04-01 13:33 - 2014-04-01 13:33 - 00000420 _____ () C:\Documents and Settings\millam\Desktop\ERUNT.lnk
2014-04-01 13:33 - 2014-04-01 13:33 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ERUNT
2014-04-01 12:21 - 2013-11-06 20:09 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-04-01 10:33 - 2011-12-31 17:42 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-01 10:13 - 2013-09-26 20:52 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-01 10:12 - 2004-08-04 14:00 - 00013694 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-01 10:10 - 2013-09-15 13:44 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-01 10:10 - 2013-09-15 13:44 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-04-01 10:09 - 2014-03-30 13:55 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-01 10:09 - 2013-10-16 14:58 - 00000302 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1343024091-1214440339-725345543-1003.job
2014-04-01 10:09 - 2013-10-16 14:41 - 00000280 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1343024091-1214440339-725345543-1003.job
2014-04-01 10:09 - 2013-10-10 14:12 - 00000282 _____ () C:\WINDOWS\Tasks\GoforFilesUpdate.job
2014-04-01 10:09 - 2013-09-15 12:58 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-01 09:23 - 2014-04-01 09:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Avira
2014-04-01 09:21 - 2014-04-01 09:21 - 00000884 __RSH () C:\Documents and Settings\Administrator\ntuser.pol
2014-04-01 09:21 - 2014-04-01 09:21 - 00000020 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-04-01 09:21 - 2014-04-01 09:21 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-04-01 09:21 - 2014-04-01 09:21 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-04-01 09:20 - 2013-09-15 08:23 - 00000000 __SHD () C:\WINDOWS\CSC
2014-03-31 23:20 - 2013-09-15 12:58 - 00032578 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-31 23:19 - 2013-09-15 12:59 - 00000178 ___SH () C:\Documents and Settings\millam\ntuser.ini
2014-03-31 23:19 - 2013-09-15 12:59 - 00000000 ____D () C:\Documents and Settings\millam
2014-03-31 19:11 - 2014-03-31 19:11 - 00027778 _____ () C:\Documents and Settings\millam\My Documents\cc_20140331_191114.reg
2014-03-31 19:08 - 2014-03-31 19:08 - 00000682 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
2014-03-31 19:08 - 2014-03-31 19:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-31 19:08 - 2014-03-31 19:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
2014-03-31 15:02 - 2011-12-31 19:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982665$
2014-03-31 10:33 - 2014-03-30 15:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-31 10:33 - 2011-12-31 17:21 - 00000000 ____D () C:\WINDOWS\security
2014-03-31 10:15 - 2013-02-13 12:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-30 17:44 - 2013-09-15 13:40 - 00509828 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-30 17:42 - 2014-03-30 17:42 - 00017801 _____ (Meetinghouse Data Communications) C:\WINDOWS\system32\Drivers\AegisP.sys
2014-03-30 17:41 - 2014-03-30 17:41 - 00001385 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\NETGEAR WPN111 Smart Wizard.lnk
2014-03-30 17:41 - 2014-03-30 17:41 - 00000000 ____D () C:\Program Files\NETGEAR
2014-03-30 17:41 - 2014-03-30 17:41 - 00000000 ____D () C:\Documents and Settings\millam\Start Menu\Programs\NETGEAR WPN111 Adapter
2014-03-30 17:41 - 2014-03-30 17:41 - 00000000 ____D () C:\Documents and Settings\millam\Application Data\InstallShield
2014-03-30 17:41 - 2014-03-30 17:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\NETGEAR WPN111 Adapter
2014-03-30 17:41 - 2013-09-16 15:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-30 15:32 - 2013-10-17 10:02 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-03-30 15:23 - 2013-09-16 16:05 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-30 15:23 - 2013-09-16 16:05 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-30 14:40 - 2014-03-30 13:55 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-30 13:55 - 2013-09-15 13:39 - 00107008 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-30 13:52 - 2014-03-30 13:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-30 13:52 - 2014-03-30 13:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-30 13:52 - 2014-03-30 13:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-03-30 13:52 - 2011-12-31 18:22 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-30 13:51 - 2014-03-30 13:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-30 13:45 - 2013-09-17 10:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-30 13:33 - 2014-03-30 13:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-03-30 13:27 - 2013-09-15 21:46 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-03-30 13:27 - 2013-09-15 21:46 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-03-30 13:17 - 2013-10-26 11:11 - 00002347 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader XI.lnk
2014-03-30 13:08 - 2013-10-10 14:30 - 00002170 _____ () C:\Documents and Settings\millam\Desktop\AppsHat.lnk
2014-03-30 13:08 - 2013-10-10 14:30 - 00000000 ____D () C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer
2014-03-30 13:07 - 2014-03-30 13:07 - 00000000 ____D () C:\Documents and Settings\millam\Local Settings\Application Data\WinRST
2014-03-30 13:06 - 2014-03-30 13:06 - 00000000 ____D () C:\Program Files\WinRST
2014-03-02 14:03 - 2013-09-17 10:45 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Documents and Settings\millam\Local Settings\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

[Juliet]

Registry Mechanic
We do not recommend the use of registry cleaners. No registry cleaner is completely safe since most do not even create a backup the potential is ever present to cause more problems than they claim to fix.
If you do not have knowledge of the registry, then you would probably be better off leaving it alone, and definitely not placing blind trust in a program to do the job for you.
Our colleague miekiemoes has an excellent writeup here
http://miekiemoes.blogspot.com/2008/...eaking_13.html

We suggest uninstalling them via Add or Remove Programs in your Control Panel.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Running from C:\Documents and Settings\millam\My Documents\Downloads

Locate Farbar Recovery Scan Tool, we need to move this to desktop.
Locate it, right click select copy, then go to your desktop and right click, select paste.
Or
Click the Start. Then click Computer.
Double click the C:\ drive to open it.(Or whatever drive letter it's listed as)
Right click the FRST.txt file and click Delete.
Repeat for the Addition.txt file.
Right click the Farbar Recovery Scan Tool icon and click Copy
Close the C:\ drive. You should now be back to the desktop.
Right click on an empty space on the desktop and click Paste. This should put the FRST file on the desktop.


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
Task: C:\WINDOWS\Tasks\GoforFilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
HKU\S-1-5-21-1343024091-1214440339-725345543-1003\...\Run: [AppsHat] - C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
HKU\S-1-5-21-1343024091-1214440339-725345543-1003\...\Run: [Apps Hat] - C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
SearchScopes: HKCU - {41CA4D65-DC9E-406E-9236-5A807A96FE4A} URL = http://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms}
SearchScopes: HKCU - {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = http://eseeky.com/ws/?source=728386ab?tbp=rbox&toolbarid=base&u=91cc6323d75b58860c0002c552bd45d26d3b0122&q={searchTerms}
FF user.js: detected! => C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\user.js
FF SearchPlugin: C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\searchplugins\eseeky-search.xml
FF SearchPlugin: C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\searchplugins\mixidj.xml
FF Extension: Apps Hat Mini - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com [2014-03-30]
FF Extension: AppsHat - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF} [2013-10-10]
FF Extension: Pirrit Suggestor - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\suggestor@pirrit.com.xpi [2013-11-21]
FF Extension: Pirrit Suggestor - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\suggestor@suggestor.pirrit.com.xpi [2013-12-02]
C:\Documents and Settings\millam\Local Settings\Temp\avgnt.exe
C:\Program Files\Pirrit\AutoUpdater.exe
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


~~~~~~~~~~~~~~~~~~~`

AdwCleaner by Xplode

Close all open windows and browsers.

• Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  
  *****
  
  
  
• Click the Scan button and wait for the scan to finish.

• After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please don't delete anything at this time.
• Click the Report button to get the log
• Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
• Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
• NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

~~~~~~~~~~~~~~~~~~~~~~~~~~`


Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Please post these logs in your next reply. Also, please give me an update on how the computer is now.
Fixlog.txt
AdwCleaner.txt
JRT.txt

[bobbym]

I have got as far as "AdwCleaner by Xplode" but it is not on my desk top and you did not give a link to where I can down load it. I tried a quick web search but got a registry cleaner not what you wanted, please can you give me the link.

I normally use registry repair pro (an early trial version) that has never given me any problems on any of my computers, I have already uninstalled this one.
it is now getting late hear and I am about to go to bed. will look out for your reply in the morning. thanks for your help, as a matter of interest while awaiting your last reply I have not had any more unwanted web pages, but I expect I will tomorrow. unless your last fix fixed it.

[Juliet]

try this

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

[bobbym]

ok back up and running. first thing I notice is that the password keeper is working again. but I have only just turned it on will try other things while I wait.



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by millam at 2014-04-01 22:09:32 Run:1
Running from C:\Documents and Settings\millam\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
Task: C:\WINDOWS\Tasks\GoforFilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
HKU\S-1-5-21-1343024091-1214440339-725345543-1003\...\Run: [AppsHat] - C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
HKU\S-1-5-21-1343024091-1214440339-725345543-1003\...\Run: [Apps Hat] - C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
SearchScopes: HKCU - {41CA4D65-DC9E-406E-9236-5A807A96FE4A} URL = http://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms}
SearchScopes: HKCU - {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = http://eseeky.com/ws/?source=728386ab?tbp=rbox&toolbarid=base&u=91cc6323d75b58860c0002c552bd45d26d3b0122&q={searchTerms}
FF user.js: detected! => C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\user.js
FF SearchPlugin: C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\searchplugins\eseeky-search.xml
FF SearchPlugin: C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\searchplugins\mixidj.xml
FF Extension: Apps Hat Mini - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com [2014-03-30]
FF Extension: AppsHat - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF} [2013-10-10]
FF Extension: Pirrit Suggestor - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\suggestor@pirrit.com.xpi [2013-11-21]
FF Extension: Pirrit Suggestor - C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\suggestor@suggestor.pirrit.com.xpi [2013-12-02]
C:\Documents and Settings\millam\Local Settings\Temp\avgnt.exe
C:\Program Files\Pirrit\AutoUpdater.exe
Reboot:
end
*****************

C:\WINDOWS\Tasks\GoforFilesUpdate.job => Moved successfully.
HKU\S-1-5-21-1343024091-1214440339-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AppsHat => Value deleted successfully.
HKU\S-1-5-21-1343024091-1214440339-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Apps Hat => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{41CA4D65-DC9E-406E-9236-5A807A96FE4A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{41CA4D65-DC9E-406E-9236-5A807A96FE4A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8105727-97B2-4B68-8BA5-57150A17B1B3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A8105727-97B2-4B68-8BA5-57150A17B1B3} => Key not found.
C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\user.js => Moved successfully.
C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\searchplugins\eseeky-search.xml => Moved successfully.
C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\searchplugins\mixidj.xml => Moved successfully.
C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com => Moved successfully.
C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF} => Moved successfully.
C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\suggestor@pirrit.com.xpi => Moved successfully.
C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\suggestor@suggestor.pirrit.com.xpi => Moved successfully.
C:\Documents and Settings\millam\Local Settings\Temp\avgnt.exe => Moved successfully.
C:\Program Files\Pirrit\AutoUpdater.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====



# AdwCleaner v3.023 - Report created 02/04/2014 at 09:34:35
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : millam - BOB-276AB2C0593
# Running from : C:\Documents and Settings\millam\My Documents\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : PirritUpdater

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\addon@defaulttab.com.xpi
File Found : C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\firefox@lemurleap.info.xpi
File Found : C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\invalidprefs.js
File Found : C:\WINDOWS\system32\roboot.exe
Folder Found C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Pirrit Suggestor
Folder Found C:\Documents and Settings\millam\Application Data\DefaultTab
Folder Found C:\Documents and Settings\millam\Application Data\goforfiles
Folder Found C:\Documents and Settings\millam\Application Data\Pirrit
Folder Found C:\Documents and Settings\millam\Application Data\registry mechanic
Folder Found C:\Documents and Settings\millam\Application Data\Systweak
Folder Found C:\Documents and Settings\millam\Local Settings\Application Data\Pirrit Suggestor
Folder Found C:\Documents and Settings\millam\Local Settings\Application Data\webplayer
Folder Found C:\Program Files\Pirrit

***** [ Shortcuts ] *****

Shortcut Found : C:\Documents and Settings\millam\Start Menu\Programs\AppsHat\Uninstall.lnk ( _?=C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer\AppsHat )

***** [ Registry ] *****

Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\GoforFiles
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AppsHat Mobile Apps
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKCU\Software\Pirrit
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\Webplayer
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522032201}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\GoforFiles
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKLM\Software\Pirrit
Key Found : HKLM\Software\systweak
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\GoforFiles\GoforFiles.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\GoforFiles\goforfilesdl.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\prefs.js ]

Line Found : user_pref("extensions.aa055e456a2004197b11ab82eb9b5ea1ce3a45ca070b044d3aeb30176a65ffa43com50301.50301.internaldb.Resources_meta.value", "%7B%2219x19.png%22%3A%7B%22id%22%3A516700%2C%22ver%22%3A1%2C%22[...]
Line Found : user_pref("extensions.crossrider.bic", "14512bd4e28d3b02bf579736f9315e30");
Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.dfltLng", "en");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.id", "9ce94285000000000000000bcd136953");
Line Found : user_pref("extensions.delta.instlDay", "15988");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.24.614:14:45");
Line Found : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Found : user_pref("extensions.delta_i.babExt", "");
Line Found : user_pref("extensions.delta_i.babTrack", "affID=119294&tsp=5031");
Line Found : user_pref("extensions.delta_i.srcExt", "ss");
Line Found : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1396203223005");

*************************

AdwCleaner[R0].txt - [5986 octets] - [02/04/2014 09:34:35]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6046 octets] ##########






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by millam on 02/04/2014 at 9:50:57.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1343024091-1214440339-725345543-1003\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220522032201}



~~~ Files

Successfully deleted: [File] C:\WINDOWS\Tasks\rmschedule.job
Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\millam\Application Data\defaulttab"
Successfully deleted: [Folder] "C:\Documents and Settings\millam\Application Data\goforfiles"
Successfully deleted: [Folder] "C:\Documents and Settings\millam\Application Data\registry mechanic"
Successfully deleted: [Folder] "C:\Documents and Settings\millam\Application Data\systweak"
Successfully deleted: [Folder] "C:\Documents and Settings\millam\Local Settings\Application Data\appshat mobile apps"
Successfully deleted: [Folder] "C:\Documents and Settings\millam\Local Settings\Application Data\webplayer"
Successfully deleted: [Folder] "C:\Program Files\appshat mobile apps"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\millam\Application Data\mozilla\firefox\profiles\nlv5wxzw.default\invalidprefs.js
Successfully deleted: [File] C:\Documents and Settings\millam\Application Data\mozilla\firefox\profiles\nlv5wxzw.default\extensions\addon@defaulttab.com.xpi
Successfully deleted the following from C:\Documents and Settings\millam\Application Data\mozilla\firefox\profiles\nlv5wxzw.default\prefs.js

user_pref("extensions.aa055e456a2004197b11ab82eb9b5ea1ce3a45ca070b044d3aeb30176a65ffa43com50301.50301.internaldb.Resources_meta.value", "%7B%2219x19.png%22%3A%7B%22id%22%3A516
user_pref("extensions.aa055e456a2004197b11ab82eb9b5ea1ce3a45ca070b044d3aeb30176a65ffa43com50301.50301.internaldb.Resources_resource_516700.value", "%22data%3Aimage/png%3Bbase6
user_pref("extensions.crossrider.bic", "14512bd4e28d3b02bf579736f9315e30");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "9ce94285000000000000000bcd136953");
user_pref("extensions.delta.instlDay", "15988");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.24.6");
user_pref("extensions.delta.vrsnTs", "1.8.24.614:14:45");
user_pref("extensions.delta.vrsni", "1.8.24.6");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=119294&tsp=5031");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1396203223005");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/04/2014 at 9:57:42.35
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Juliet]

Good deal, that took out a chunk of ugly things.

Next**

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete this time click on Clean
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner.txt as well.

*********************

Please Run TFC by OldTimer to clear temporary files:

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.

Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.


Please post the AdwCleaner.txt and tell me how the computer is now.

[bobbym]

hi Juliet

here is the adwcleaner file.

I down loaded http://oldtimer.geekstogo.com/TFC.exe but it hangs up. tried it twice. then deleted it and down loaded it again with the same results. it stops after stopping all running programs. I left if run for over 10 minutes with absolutely no sign of life. when I selected exit it also hangs.
I also noticed that although I started it on the desk top, double clicking the Icon, when the computer ran back up after being switched off the Icon was always missing.

the computer seems to be behaving its self. thank you so very much.





# AdwCleaner v3.023 - Report created 02/04/2014 at 12:14:34
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : millam - BOB-276AB2C0593
# Running from : C:\Documents and Settings\millam\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : PirritUpdater

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\firefox@lemurleap.info.xpi
Folder Found C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Pirrit Suggestor
Folder Found C:\Documents and Settings\millam\Application Data\Pirrit
Folder Found C:\Documents and Settings\millam\Local Settings\Application Data\Pirrit Suggestor
Folder Found C:\Program Files\Pirrit

***** [ Shortcuts ] *****

Shortcut Found : C:\Documents and Settings\millam\Start Menu\Programs\AppsHat\Uninstall.lnk ( _?=C:\Documents and Settings\millam\Local Settings\Application Data\WebPlayer\AppsHat )

***** [ Registry ] *****

Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\GoforFiles
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AppsHat Mobile Apps
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKCU\Software\Pirrit
Key Found : HKCU\Software\Webplayer
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKLM\Software\GoforFiles
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKLM\Software\Pirrit
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\GoforFiles\GoforFiles.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\GoforFiles\goforfilesdl.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\prefs.js ]

Line Found : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1396425670811");

*************************

AdwCleaner[R0].txt - [6126 octets] - [02/04/2014 09:34:35]
AdwCleaner[R1].txt - [3190 octets] - [02/04/2014 12:14:34]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3250 octets] ##########