Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ib.adnxs.com pop up windows in aol browsers


  • This topic is locked This topic is locked
21 replies to this topic

#1 slippybippy

slippybippy

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 19 December 2014 - 02:20 PM

Hello everyone in this forum. I'm introducing myself as suggested.

 

I have a problem with the ib.adnxs.com continuous pop up windows malware in my aol browsers. I have several and it's active in all of them.

 

I have Windows XP pro updated to sp3. I know there aren't any security updates anymore for XP.

 

I have been to another tech forum, and although they tried to help me get rid of this virus, it's still active.

I have run Malwarebytes, Combofix, AdwCleaner, Tdss, JRT, and more. I've reset the Internet Explorer, deleted personal settings. You can look at the post here should you want.

http://www.tech-forums.net/forums/f51/ib-adnxs-com-hijacker-my-aol-9-6-only-273560/

 

Here is my DS log as requested:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.67.2
Run by Allan at 13:56:10 on 2014-12-19
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2038.987 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\AOL\uninstaller.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Common Files\aolshare\aolunins_us.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
mSearch Page = about:blank
mDefault_Search_URL = about:blank
uInternet Connection Wizard,ShellNext = hxxp://support.dell.com/
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Avira Systray] c:\program files\avira\my avira\Avira.OE.Systray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://goldenrule.webex.com/client/WBXclient-T27L10NSP32EP5-14362/event/ieatgpc.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{FF55C92A-2521-474E-B530-6BDBAB4FA25B} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\allan\application data\mozilla\firefox\profiles\7bwbxg1r.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\allan\local settings\application data\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\documents and settings\allan\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
FF - ExtSQL: !HIDDEN! 2010-05-05 18:56; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-10-10 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-10-10 431920]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-10-10 431920]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-10-10 98160]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\avira\my avira\Avira.OE.ServiceHost.exe [2014-11-20 166192]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-4 114904]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-4 1871160]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-9-9 171928]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-9-9 1738168]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-9-9 2088408]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-5-3 11520]
.
=============== Created Last 30 ================
.
2014-12-19 18:47:45 1113600 ----a-w- c:\program files\Farbar recovery Tool FRST.exe
2014-12-18 20:57:00 -------- d-----w- c:\program files\PandaAntiRootkit
2014-12-18 18:59:04 8576 ----a-w- c:\windows\system32\drivers\aygkdtggshmc.sys
2014-12-15 22:15:11 114904 ----a-w- c:\windows\system32\drivers\156A2F97.sys
2014-12-15 21:40:34 5601641 ------r- c:\program files\ComboFix.exe
2014-12-15 21:35:39 -------- d-----w- c:\program files\backups
2014-12-15 19:37:03 388608 ----a-w- c:\program files\HijackThis.exe
2014-12-11 03:17:45 -------- d-----w- c:\windows\ERUNT
2014-12-11 02:07:23 -------- d-----w- C:\AdwCleaner
2014-12-11 02:02:38 2166272 ----a-w- c:\program files\adwcleaner_4.105.exe
2014-12-10 22:11:09 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-10 22:11:05 -------- d-----w- C:\Documents
2014-12-10 22:11:01 -------- d-----w- c:\documents and settings\all users\application data\RogueKiller
2014-12-10 22:10:34 15201368 ----a-w- c:\program files\RogueKiller.exe
2014-11-28 15:24:22 -------- d-sh--w- C:\found.001
.
==================== Find3M  ====================
.
2014-12-19 18:29:08 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-10 19:07:47 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-10 19:07:46 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-21 11:14:14 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 11:14:06 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-14 18:32:58 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-09-09 22:07:16 46525608 ----a-w- c:\program files\spybot-2.4.exe
2014-05-10 01:18:08 32549592 ----a-w- c:\program files\free_itransfer_setup.exe
2014-03-11 22:28:15 143436858 ----a-w- c:\program files\Apache_OpenOffice_4.0.0_Win_x86_install_en-US.exe
2014-03-11 22:09:28 143485940 ----a-w- c:\program files\Apache_OpenOffice_4.0.1_Win_x86_install_en-US.exe
2013-11-13 17:06:44 208400 ----a-w- c:\program files\AOLDNLD.exe
2013-09-20 18:11:16 22131568 ----a-w- c:\program files\Thunderbird Setup 24.0.exe
2013-01-07 16:36:54 16069264 ----a-w- c:\program files\setup-gp4-iboom-host.exe
2012-10-10 14:50:38 102457752 ----a-w- c:\program files\avira_free_antivirus_en.exe
2012-09-19 19:23:08 17790056 ----a-w- c:\program files\Firefox Setup 15.0.1.exe
2012-07-11 02:57:15 706912 ----a-w- c:\program files\MediaManager.exe
2012-04-13 19:22:26 337137 ----a-w- c:\program files\FanbarFSS.exe
2012-04-13 01:42:33 593920 ----a-w- c:\program files\OTL.exe
2012-04-11 21:16:13 238608 ----a-w- c:\program files\avira_registry_cleaner_en.exe
2012-04-10 19:55:02 5114528 ----a-w- c:\program files\disk-defrag-setup.exe
2012-04-09 14:04:33 5941033 ----a-w- c:\program files\startdelay_v3.0b322.exe
2012-04-08 19:59:47 990720 ----a-w- c:\program files\bootvis.msi
2012-04-08 19:32:23 4139168 ----a-w- c:\program files\install_flash_player_32bit.exe
2012-04-08 19:27:38 264271 ----a-w- c:\program files\FHSetup.exe
2012-04-06 18:56:34 397728 ----a-w- c:\program files\unhide.exe
2012-03-01 02:27:58 493520 ----a-w- c:\program files\FacebookVideoCallSetup_v1.2.203.0.exe
2012-02-17 20:59:52 692480 ----a-w- c:\program files\RealPlayer.exe
2012-01-24 16:12:05 36927832 ----a-w- c:\program files\68ar04ww.exe
2012-01-24 16:10:14 1070488 ----a-w- c:\program files\68md01ww.exe
2012-01-24 16:10:11 2438952 ----a-w- c:\program files\68cr04ww.exe
2012-01-24 16:08:17 8556672 ----a-w- c:\program files\Lenovo_Download_Manager_Installer.exe
2012-01-24 15:51:57 2443048 ----a-w- c:\program files\68cs06ww.exe
2011-04-13 19:01:32 48536984 ----a-w- c:\program files\AdbeRdr1001_en_US.exe
2011-04-13 15:45:14 21058523 ----a-w- c:\program files\FullTiltSetup.exe
2011-04-01 13:26:36 231224 ----a-w- c:\program files\RapportSetup.exe
2011-02-27 18:02:40 509440 ----a-w- c:\program files\STOPzilla_Setup.exe
2011-02-27 18:00:31 7734208 ----a-w- c:\program files\mbam-setup-1.50.1.1100.exe
2011-02-27 17:51:01 6623888 ----a-w- c:\program files\Malwarebytes.exe
2010-08-26 21:32:51 1704744 ----a-w- c:\program files\SkypeSetup.exe
2010-05-14 14:22:10 156607328 ----a-w- c:\program files\OOo_3.2.0_Win_x86_install-wJRE_en-US.exe
2010-05-03 20:53:14 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe
2010-04-30 03:57:33 2959376 ----a-w- c:\program files\dotnetfx35setup.exe
2010-04-30 03:38:31 44089904 ----a-w- c:\program files\avira_antivir_personal_en.exe
.
============= FINISH: 13:56:56.17 ===============
 

Thank you for your help.

 

Allan



BC AdBot (Login to Remove)

 


#2 slippybippy

slippybippy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 19 December 2014 - 02:23 PM

Sorry, forgot to attach the attach log.

 

Attached Files


Edited by slippybippy, 19 December 2014 - 02:27 PM.


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 PM

Posted 24 December 2014 - 02:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/560403 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 PM

Posted 29 December 2014 - 02:30 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 slippybippy

slippybippy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 29 December 2014 - 04:35 PM

I still need help.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.67.2
Run by Allan at 14:42:11 on 2014-12-29
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2038.1053 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\uninstaller.exe
C:\Program Files\Common Files\aolshare\aolunins_us.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\aol\1272640394\ee\aolsoftware.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
C:\Program Files\Common Files\aol\1272640394\ee\aolupdates.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
mSearch Page = about:blank
mDefault_Search_URL = about:blank
uInternet Connection Wizard,ShellNext = hxxp://support.dell.com/
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_15_0_0_246_ActiveX.exe -update activex
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Avira Systray] c:\program files\avira\my avira\Avira.OE.Systray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://goldenrule.webex.com/client/WBXclient-T27L10NSP32EP5-14362/event/ieatgpc.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{FF55C92A-2521-474E-B530-6BDBAB4FA25B} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\allan\application data\mozilla\firefox\profiles\7bwbxg1r.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\allan\local settings\application data\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\documents and settings\allan\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
FF - ExtSQL: !HIDDEN! 2010-05-05 18:56; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-10-10 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-10-10 431920]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-10-10 431920]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-10-10 98160]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\avira\my avira\Avira.OE.ServiceHost.exe [2014-11-20 166192]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-4 1871160]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-9-9 171928]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-9-9 1738168]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-9-9 2088408]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-5-3 11520]
.
=============== Created Last 30 ================
.
2014-12-19 19:48:24 -------- d-----w- C:\FRST
2014-12-19 18:47:45 1113600 ----a-w- c:\program files\Farbar recovery Tool FRST.exe
2014-12-18 20:57:00 -------- d-----w- c:\program files\PandaAntiRootkit
2014-12-18 18:59:04 8576 ----a-w- c:\windows\system32\drivers\aygkdtggshmc.sys
2014-12-15 22:15:11 114904 ----a-w- c:\windows\system32\drivers\156A2F97.sys
2014-12-15 21:40:34 5601641 ------r- c:\program files\ComboFix.exe
2014-12-15 21:35:39 -------- d-----w- c:\program files\backups
2014-12-15 19:37:03 388608 ----a-w- c:\program files\HijackThis.exe
2014-12-11 03:17:45 -------- d-----w- c:\windows\ERUNT
2014-12-11 02:07:23 -------- d-----w- C:\AdwCleaner
2014-12-11 02:02:38 2166272 ----a-w- c:\program files\adwcleaner_4.105.exe
2014-12-10 22:11:09 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-10 22:11:05 -------- d-----w- C:\Documents
2014-12-10 22:11:01 -------- d-----w- c:\documents and settings\all users\application data\RogueKiller
2014-12-10 22:10:34 15201368 ----a-w- c:\program files\RogueKiller.exe
.
==================== Find3M  ====================
.
2014-12-19 18:29:08 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-10 19:07:47 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-10 19:07:46 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-21 11:14:14 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 11:14:06 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-14 18:32:58 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-09-09 22:07:16 46525608 ----a-w- c:\program files\spybot-2.4.exe
2014-05-10 01:18:08 32549592 ----a-w- c:\program files\free_itransfer_setup.exe
2014-03-11 22:28:15 143436858 ----a-w- c:\program files\Apache_OpenOffice_4.0.0_Win_x86_install_en-US.exe
2014-03-11 22:09:28 143485940 ----a-w- c:\program files\Apache_OpenOffice_4.0.1_Win_x86_install_en-US.exe
2013-11-13 17:06:44 208400 ----a-w- c:\program files\AOLDNLD.exe
2013-09-20 18:11:16 22131568 ----a-w- c:\program files\Thunderbird Setup 24.0.exe
2013-01-07 16:36:54 16069264 ----a-w- c:\program files\setup-gp4-iboom-host.exe
2012-10-10 14:50:38 102457752 ----a-w- c:\program files\avira_free_antivirus_en.exe
2012-09-19 19:23:08 17790056 ----a-w- c:\program files\Firefox Setup 15.0.1.exe
2012-07-11 02:57:15 706912 ----a-w- c:\program files\MediaManager.exe
2012-04-13 19:22:26 337137 ----a-w- c:\program files\FanbarFSS.exe
2012-04-13 01:42:33 593920 ----a-w- c:\program files\OTL.exe
2012-04-11 21:16:13 238608 ----a-w- c:\program files\avira_registry_cleaner_en.exe
2012-04-10 19:55:02 5114528 ----a-w- c:\program files\disk-defrag-setup.exe
2012-04-09 14:04:33 5941033 ----a-w- c:\program files\startdelay_v3.0b322.exe
2012-04-08 19:59:47 990720 ----a-w- c:\program files\bootvis.msi
2012-04-08 19:32:23 4139168 ----a-w- c:\program files\install_flash_player_32bit.exe
2012-04-08 19:27:38 264271 ----a-w- c:\program files\FHSetup.exe
2012-04-06 18:56:34 397728 ----a-w- c:\program files\unhide.exe
2012-03-01 02:27:58 493520 ----a-w- c:\program files\FacebookVideoCallSetup_v1.2.203.0.exe
2012-02-17 20:59:52 692480 ----a-w- c:\program files\RealPlayer.exe
2012-01-24 16:12:05 36927832 ----a-w- c:\program files\68ar04ww.exe
2012-01-24 16:10:14 1070488 ----a-w- c:\program files\68md01ww.exe
2012-01-24 16:10:11 2438952 ----a-w- c:\program files\68cr04ww.exe
2012-01-24 16:08:17 8556672 ----a-w- c:\program files\Lenovo_Download_Manager_Installer.exe
2012-01-24 15:51:57 2443048 ----a-w- c:\program files\68cs06ww.exe
2011-04-13 19:01:32 48536984 ----a-w- c:\program files\AdbeRdr1001_en_US.exe
2011-04-13 15:45:14 21058523 ----a-w- c:\program files\FullTiltSetup.exe
2011-04-01 13:26:36 231224 ----a-w- c:\program files\RapportSetup.exe
2011-02-27 18:02:40 509440 ----a-w- c:\program files\STOPzilla_Setup.exe
2011-02-27 18:00:31 7734208 ----a-w- c:\program files\mbam-setup-1.50.1.1100.exe
2011-02-27 17:51:01 6623888 ----a-w- c:\program files\Malwarebytes.exe
2010-08-26 21:32:51 1704744 ----a-w- c:\program files\SkypeSetup.exe
2010-05-14 14:22:10 156607328 ----a-w- c:\program files\OOo_3.2.0_Win_x86_install-wJRE_en-US.exe
2010-05-03 20:53:14 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe
2010-04-30 03:57:33 2959376 ----a-w- c:\program files\dotnetfx35setup.exe
2010-04-30 03:38:31 44089904 ----a-w- c:\program files\avira_antivir_personal_en.exe
.
============= FINISH: 14:48:31.40 ===============
 

I do have Windows CD, but would not like to reformat.



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:06 PM

Posted 29 December 2014 - 06:31 PM

Hi,

 

could you please post the logs from ComboFix from your last run. You should be able to find it under C:\combofix.txt

 

regards

myrti


is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 slippybippy

slippybippy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 31 December 2014 - 03:01 PM

I seem to have a problem. I have the red Combofix icon, and when I click it, the window opens and it does it's scan, and then the whole box disappears, with no logs to be found. Any ideas? I don't show a comboFix folder even.



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:06 PM

Posted 31 December 2014 - 03:30 PM

Hi,

 

do you also not have an old log? It should be in the root folder of C:\ and called combofix.txt

 

regards

myrti


is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 slippybippy

slippybippy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 31 December 2014 - 05:24 PM

no Combofix folder in C or Program Files, and no txt files for them. I have for AdwCleaner, FRST, and JRT. I searched comp for combofix.txt, and nothing came up.


Edited by slippybippy, 31 December 2014 - 05:26 PM.


#10 slippybippy

slippybippy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 31 December 2014 - 05:26 PM

I also have TDSS.



#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:06 PM

Posted 31 December 2014 - 06:58 PM

Hi,

 

do you remember what happened the first time you ran ComboFix? Was that the same thing?

 

Did you disable Antivir (and all other security software) before running ComboFix? If so, could you please try to run it from safe mode.

 

regards myrti


is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:06 PM

Posted 07 January 2015 - 06:38 AM

Hi,

are you still around?

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 slippybippy

slippybippy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 07 January 2015 - 08:39 AM

I am still here. I've just been sick with a cold
and not bothering with the computer. I went into
safe mode, shut AV, ran ComboFix and still no log
generated. It backs up the registry and shows
the progress, but then it all just disappears with
no logs saved anywhere.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:06 PM

Posted 07 January 2015 - 09:24 AM

Hi,

ok, this seems to be a dead end then. Let's try something else:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

If you have any logs from Malwarebytes/Adwcleaner and TDSSKiller I'd be interested in seeing them.

I wish you a speedy recovery! :) If you don't want to take this back up now, just let me know. I was just checking in to see if I should close this topic or not.. Since I know you're still around, I'll keep it open.

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 slippybippy

slippybippy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 07 January 2015 - 07:28 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Allan (administrator) on ALLAN-LAPPY on 07-01-2015 19:02:18
Running from C:\Documents and Settings\Allan\Desktop
Loaded Profile: Allan (Available profiles: Allan & Mildred & Rachel & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Aol)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(AOL Inc.) C:\Program Files\Common Files\aol\1272640394\ee\aolsoftware.exe
() C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.6\waol.exe
(AOL LLC) C:\Program Files\Common Files\aol\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.6\shellmon.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
(AOL Inc.) C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [851968 2007-04-27] (Synaptics, Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [405504 2007-05-06] (SigmaTel, Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\quickset.exe [1191936 2007-05-14] (Dell Inc)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2007-03-16] (Dell Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1214440339-1035525444-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1214440339-1035525444-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
Toolbar: HKU\S-1-5-21-1214440339-1035525444-839522115-1004 -> AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://goldenrule.webex.com/client/WBXclient-T27L10NSP32EP5-14362/event/ieatgpc.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\7bwbxg1r.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.2.72 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.2.72 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.2.72 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.2.72 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1214440339-1035525444-839522115-1004: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Allan\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-1214440339-1035525444-839522115-1004: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Allan\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\7bwbxg1r.default\searchplugins\yahoo_ff.xml
FF Extension: Seo Toolbar - C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\7bwbxg1r.default\Extensions\seotoolbar@seobook.com.xpi [2012-09-20]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\7bwbxg1r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-08-23]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-11-02]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2013-02-06]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-04-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-05-04]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-02-17]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-02-17]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.) [File not signed]
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-15] (Oracle Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [237008 2011-06-17] (McAfee, Inc.)
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
S3 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
S3 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2010-01-21] (WDC) [File not signed]
S2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
U3 aygkdtggshmc; No ImagePath
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2007-03-16] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209152 2006-11-02] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989696 2006-11-02] (Conexant Systems, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 OEM02Afx; C:\WINDOWS\system32\Drivers\OEM02Afx.sys [141376 2007-01-10] (Creative Technology Ltd.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-06] (SigmaTel, Inc.)
S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [12416 2007-07-23] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [19840 2007-07-23] (LG Electronics Inc.)
S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [21632 2007-07-23] (LG Electronics Inc.)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S4 IntelIde; No ImagePath
S4 s24trans; system32\DRIVERS\s24trans.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 19:02 - 2015-01-07 19:02 - 01115648 _____ (Farbar) C:\Documents and Settings\Allan\Desktop\FRST.exe
2015-01-07 19:02 - 2015-01-07 19:02 - 00000000 ____D () C:\Documents and Settings\Allan\Desktop\FRST-OlderVersion
2015-01-03 13:09 - 2015-01-03 13:09 - 00035024 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-12-19 14:53 - 2014-12-19 14:55 - 00036241 _____ () C:\Documents and Settings\Allan\Desktop\Addition.txt
2014-12-19 14:51 - 2015-01-07 19:03 - 00017162 _____ () C:\Documents and Settings\Allan\Desktop\FRST.txt
2014-12-19 14:48 - 2015-01-07 19:02 - 00000000 ____D () C:\FRST
2014-12-19 14:47 - 2014-12-19 14:47 - 01113600 _____ (Farbar) C:\Documents and Settings\Allan\Desktop\Farbar Scan Recovery Tool FRST.exe
2014-12-19 13:59 - 2014-12-19 13:59 - 00023575 _____ () C:\Program Files\DDSattach 12-19-14.txt
2014-12-19 13:58 - 2014-12-19 13:58 - 00014197 _____ () C:\Program Files\dds 12-19-14.txt
2014-12-19 13:57 - 2014-12-29 14:48 - 00020115 _____ () C:\Documents and Settings\Allan\Desktop\attach.txt
2014-12-19 13:57 - 2014-12-29 14:48 - 00014269 _____ () C:\Documents and Settings\Allan\Desktop\dds.txt
2014-12-19 13:55 - 2014-12-19 13:55 - 00688992 ____R (Swearware) C:\Documents and Settings\Allan\Desktop\dds.com
2014-12-19 13:47 - 2014-12-19 13:47 - 01113600 _____ (Farbar) C:\Program Files\Farbar recovery Tool FRST.exe
2014-12-18 15:57 - 2014-12-18 15:57 - 00000000 ____D () C:\Program Files\PandaAntiRootkit
2014-12-18 14:05 - 2014-12-18 14:05 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-12-18 13:59 - 2014-12-18 13:52 - 00008576 _____ (Panda Software International) C:\WINDOWS\system32\Drivers\aygkdtggshmc.sys
2014-12-18 13:44 - 2014-12-18 13:44 - 00311591 _____ () C:\Program Files\PandaAntiRootkit.zip
2014-12-18 13:30 - 2014-12-18 13:30 - 04166770 _____ () C:\Program Files\TDSSkiller.zip
2014-12-17 18:13 - 2014-12-17 18:13 - 00006935 _____ () C:\Program Files\hijackthis 12-17-14
2014-12-17 16:09 - 2014-12-17 16:10 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-12-17 16:09 - 2014-12-17 16:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2014-12-16 12:10 - 2014-12-16 12:10 - 00008965 _____ () C:\Program Files\hijackthis.log 12-16-14
2014-12-16 12:09 - 2014-12-16 12:09 - 00000583 _____ () C:\Documents and Settings\Allan\Desktop\Shortcut to HijackThis.exe.lnk
2014-12-15 17:15 - 2014-12-15 17:15 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\156A2F97.sys
2014-12-15 16:40 - 2014-12-31 14:55 - 05604036 ____R (Swearware) C:\Program Files\ComboFix.exe
2014-12-15 16:35 - 2014-12-15 16:35 - 00000000 ____D () C:\Program Files\backups
2014-12-15 14:38 - 2014-12-15 14:38 - 00009282 _____ () C:\Program Files\hijackthis.log
2014-12-15 14:37 - 2014-12-15 14:37 - 00388608 _____ (Trend Micro Inc.) C:\Program Files\HijackThis.exe
2014-12-10 22:27 - 2014-12-10 22:27 - 00002065 _____ () C:\Program Files\JRT.txt
2014-12-10 22:26 - 2014-12-10 22:26 - 00002065 _____ () C:\Documents and Settings\Allan\Desktop\JRT.txt
2014-12-10 22:17 - 2014-12-10 22:17 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-10 21:07 - 2014-12-17 16:04 - 00000000 ____D () C:\AdwCleaner
2014-12-10 21:02 - 2014-12-10 21:02 - 02166272 _____ () C:\Program Files\adwcleaner_4.105.exe
2014-12-10 17:11 - 2014-12-17 15:08 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-10 17:11 - 2014-12-10 17:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-12-10 17:10 - 2014-12-10 17:38 - 15201368 _____ () C:\Program Files\RogueKiller.exe
2014-12-09 11:10 - 2015-01-03 13:04 - 00092360 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 19:03 - 2010-04-29 21:38 - 00000000 ____D () C:\Documents and Settings\Allan\Local Settings\Temp
2015-01-07 16:07 - 2012-07-14 18:52 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-07 15:39 - 2012-02-29 21:29 - 00000998 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1214440339-1035525444-839522115-1004UA.job
2015-01-07 13:17 - 2010-04-29 21:31 - 01497440 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-06 11:31 - 2013-12-13 09:16 - 00000000 ____D () C:\Documents and Settings\Allan\My Documents\Health Republic
2015-01-06 11:23 - 2010-04-29 21:42 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-01-04 22:48 - 2004-08-04 05:00 - 00000707 _____ () C:\WINDOWS\win.ini
2015-01-04 21:22 - 2011-04-13 10:46 - 00000000 ____D () C:\Documents and Settings\Allan\Local Settings\Application Data\FullTiltPoker
2015-01-03 14:12 - 2014-11-04 14:20 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-03 13:21 - 2012-06-15 10:00 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-1035525444-839522115-1004.job
2015-01-03 13:21 - 2010-04-29 17:22 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-03 13:21 - 2010-04-29 17:22 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-01-03 13:20 - 2014-03-26 14:07 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-03 13:20 - 2010-04-29 21:37 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-03 13:18 - 2012-04-06 09:11 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-01-03 13:17 - 2012-04-07 09:35 - 00000000 ___SD () C:\32788R22FWJFW
2015-01-03 13:16 - 2012-04-06 09:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-01-03 13:04 - 2010-04-29 21:38 - 00000178 ___SH () C:\Documents and Settings\Allan\ntuser.ini
2015-01-03 13:04 - 2010-04-29 21:38 - 00000000 ____D () C:\Documents and Settings\Allan
2015-01-03 13:04 - 2010-04-29 21:37 - 00032602 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-03 13:02 - 2011-04-13 10:45 - 00000000 ____D () C:\Program Files\Full Tilt Poker
2015-01-02 15:34 - 2012-06-15 10:00 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-1035525444-839522115-1004.job
2015-01-02 12:16 - 2011-09-04 17:54 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-01-01 18:39 - 2012-02-29 21:29 - 00000976 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1214440339-1035525444-839522115-1004Core.job
2014-12-26 16:05 - 2014-05-02 15:21 - 00021789 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-12-26 16:04 - 2014-04-09 09:57 - 00027484 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-12-19 13:26 - 2010-04-30 10:13 - 00000000 ____D () C:\Program Files\Common Files\aol
2014-12-19 13:26 - 2010-04-30 10:13 - 00000000 ____D () C:\Program Files\AOL
2014-12-19 12:40 - 2012-08-14 11:27 - 00000000 ____D () C:\Documents and Settings\Allan\Local Settings\Application Data\Citrix
2014-12-18 15:35 - 2014-08-15 10:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-12-18 14:05 - 2012-10-10 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-12-18 14:04 - 2010-04-29 22:40 - 00000000 ____D () C:\Program Files\Avira
2014-12-17 18:46 - 2010-04-29 21:29 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-12-17 18:15 - 2010-04-29 17:17 - 00000211 ___SH () C:\boot.ini
2014-12-17 18:15 - 2004-08-04 05:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-12-16 11:28 - 2010-04-29 22:49 - 00000000 ___DC () C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2014-12-15 16:41 - 2012-04-08 14:46 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-12-12 15:36 - 2014-10-21 10:15 - 00000000 ____D () C:\Documents and Settings\Allan\My Documents\Oxford
2014-12-12 14:40 - 2011-12-15 18:39 - 00000000 ____D () C:\Documents and Settings\Allan\My Documents\Nu Era
2014-12-12 14:28 - 2010-12-03 10:23 - 00000000 ____D () C:\Documents and Settings\Allan\My Documents\AFI BGCT
2014-12-11 17:29 - 2012-02-16 22:38 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-12-11 11:21 - 2013-12-18 13:46 - 00000000 ____D () C:\Documents and Settings\Allan\My Documents\Solstice Dental
2014-12-11 10:12 - 2010-04-29 21:28 - 00000000 ____D () C:\WINDOWS\Registration
2014-12-10 18:27 - 2013-08-15 12:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 17:56 - 2010-04-30 09:39 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-10 14:07 - 2012-03-30 08:09 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-10 14:07 - 2011-05-16 14:13 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-09 11:12 - 2014-11-04 14:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-08 16:41 - 2014-11-04 14:19 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-08 16:41 - 2014-11-04 14:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-08 15:00 - 2014-03-26 14:07 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-12-08 10:07 - 2014-09-09 17:10 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Allan\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Allan\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\Allan\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Allan\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Allan\Local Settings\Temp\uninst.dll
C:\Documents and Settings\Allan\Local Settings\Temp\_is11C.exe
C:\Documents and Settings\Mildred\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\Mildred\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Rachel\Local Settings\Temp\EAD12A.exe
C:\Documents and Settings\Rachel\Local Settings\Temp\EAD13B.exe
C:\Documents and Settings\Rachel\Local Settings\Temp\EAD2E1.exe
C:\Documents and Settings\Rachel\Local Settings\Temp\EAD3.exe
C:\Documents and Settings\Rachel\Local Settings\Temp\EAD4.exe
C:\Documents and Settings\Rachel\Local Settings\Temp\EAD5.exe
C:\Documents and Settings\Rachel\Local Settings\Temp\EAD6.exe
C:\Documents and Settings\Rachel\Local Settings\Temp\EAD6E5.exe
C:\Documents and Settings\Rachel\Local Settings\Temp\EAD7.exe
C:\Documents and Settings\Rachel\Local Settings\Temp\FP_PL_PFS_INSTALLER.exe
C:\Documents and Settings\Rachel\Local Settings\Temp\_is3.exe
C:\Documents and Settings\Rachel\Local Settings\Temp\_is4.exe
C:\Documents and Settings\Rachel\Local Settings\Temp\_is405.exe
C:\Documents and Settings\Rachel\Local Settings\Temp\_is8.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Old Addition.txt file:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2014
Ran by Allan at 2014-12-19 14:53:24
Running from C:\Documents and Settings\Allan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apprevels version 1.3.1.145 (HKLM\...\{04DF7063-9BDE-40A2-AD65-C86766A0B34B}_is1) (Version: 1.3.1.145 - Leawo Software)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AIM 7 (HKLM\...\AIM_7) (Version: - )
Akamai NetSession Interface (HKU\S-1-5-21-1214440339-1035525444-839522115-1004\...\Akamai) (Version: - )
Akamai NetSession Interface (HKU\S-1-5-21-1214440339-1035525444-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version: - )
AOL Registration (HKLM\...\AOL Regclient) (Version: - )
AOL Toolbar (HKLM\...\AOL Toolbar) (Version: - )
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL LLC)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.4 - Auslogics Software Pty Ltd)
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.02 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-495CW (HKLM\...\{0A02D347-5E53-48A5-BC49-1469393103FA}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.4.0.1 - Canon Inc.)
Canon Camera Support Core Library (HKLM\...\CSCLIB) (Version: 7.3.1.6 - Canon Inc.)
Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 2.6.0.4 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 0.9.3.9 - Canon Inc.)
Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.1.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5) (Version: 5.4.5.17 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.1.0.8 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM\...\MyCameraDC) (Version: 7.0.1.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.1.0.20 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CodeStuff Starter (HKLM\...\CodeStuff Starter) (Version: 5.6.2.9 - CodeStuff)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: - )
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)
EA Download Manager (HKLM\...\EADM) (Version: 5.0.0.255 - Electronic Arts, Inc.)
Facebook Plug-In (HKU\S-1-5-21-1214440339-1035525444-839522115-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Facebook Plug-In) (Version: - Facebook, Inc.)
Facebook Plug-In (HKU\S-1-5-21-1214440339-1035525444-839522115-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Facebook Plug-In) (Version: - Facebook, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version: - )
Full Tilt Poker (HKLM\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.39.5.WIN.FullTilt.COM - )
GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-1214440339-1035525444-839522115-1004\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-1214440339-1035525444-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
iLinc 12 Client (HKLM\...\iLincClient.12) (Version: - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java™ 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018F0}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Laptop Integrated Webcam Driver (1.00.10.0320) (HKLM\...\Creative OEM002) (Version: - )
LG USB Modem Drivers (HKLM\...\{FA02ACAC-9E14-4878-A257-92A22A647C2C}) (Version: 4.8.1 - LG Electronics)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.0.207.4 - McAfee, Inc.)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.7 - Dell)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Bootvis (HKLM\...\{0F9196C6-58B4-445B-B56E-B1200FECC151}) (Version: 1.3.37 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 16.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 16.0.2 (x86 en-US)) (Version: 16.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
Mozilla Thunderbird 24.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenOffice 4.0.0 (HKLM\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 8.1.12 - Dell Computer Corporation)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Redist (HKLM\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.117 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
ScanSoft PaperPort 11 (HKLM\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Search Protection (HKU\S-1-5-21-1214440339-1035525444-839522115-1004\...\Search Protection) (Version: 10.5.0.2 - Spigot, Inc.) <==== ATTENTION
Search Protection (HKU\S-1-5-21-1214440339-1035525444-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Search Protection) (Version: 10.5.0.2 - Spigot, Inc.) <==== ATTENTION
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Startup Delayer v3.0 (build 322) (HKLM\...\Startup Delayer) (Version: 3.0 (build 322) - r2 Studios)
System Checkup 3.4 (HKLM\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.4.0.47 - iolo technologies, LLC)
Uninstall AOL Emergency Connect Utility 1.0 (HKLM\...\AOL Emergency Connect Utility 1.0) (Version: - )
WD SmartWare (HKLM\...\{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}) (Version: 1.2.0.20 - Western Digital)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1207\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Documents and Settings\Allan\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCa (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\Allan\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideo (the data entry has 19 more characters).
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1214440339-1035525444-839522115-1004_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)

==================== Restore Points =========================

17-12-2014 18:47:45 System Checkpoint
17-12-2014 18:50:11 after mbam, combofix, Adwcleaner
19-12-2014 12:40:33 Removed Citrix Online Launcher

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1214440339-1035525444-839522115-1004Core.job => C:\Documents and Settings\Allan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1214440339-1035525444-839522115-1004UA.job => C:\Documents and Settings\Allan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-1035525444-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-1035525444-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2010-04-29 21:59 - 2007-03-16 17:10 - 00020480 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2010-04-29 21:59 - 2007-03-16 17:10 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2011-06-03 11:37 - 2009-01-09 16:10 - 00139264 ____N () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2011-06-03 11:37 - 2002-11-26 12:43 - 00106496 ____N () C:\WINDOWS\system32\BrMuSNMP.dll
2014-11-20 14:09 - 2014-11-20 14:09 - 00245760 _____ () C:\Program Files\Avira\My Avira\System.ComponentModel.Composition.dll
2012-04-13 16:12 - 2006-10-26 15:21 - 00056056 _____ () C:\WINDOWS\system32\DLAAPI_W.DLL
2010-04-29 22:10 - 2007-05-14 13:24 - 00098304 _____ () C:\Program Files\Dell\QuickSet\dadkeyb.dll
2010-04-29 22:10 - 2005-10-13 12:53 - 00090223 _____ () C:\Program Files\Dell\QuickSet\preflibcl.dll
2010-04-29 21:59 - 2007-03-16 17:10 - 00086016 _____ () C:\WINDOWS\system32\preflib.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-04-30 10:13 - 2011-02-24 01:07 - 00223959 _____ () C:\Program Files\Common Files\aolshare\aolunins_us.exe
2014-12-19 13:35 - 2014-12-19 13:35 - 00153600 _____ () C:\Documents and Settings\Allan\Local Settings\Temp\GLC3B9.tmp
2014-12-19 13:35 - 1999-01-21 13:40 - 00009728 _____ () C:\Documents and Settings\Allan\Local Settings\Temp\GLF3BB.tmp
2014-12-19 13:16 - 2011-01-13 05:50 - 00140800 _____ () C:\Documents and Settings\Allan\Local Settings\Temp\uninst.dll
2004-08-04 05:00 - 2014-02-05 03:55 - 00562688 _____ () C:\WINDOWS\system32\qedit.dll
2004-08-04 05:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-04 05:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 05:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2012-09-23 19:43 - 2012-09-23 19:43 - 00313992 _____ () C:\Program Files\Adobe\Reader 11.0\Reader\sqlite.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\Allan\My Documents\Aflac Dancing Duck TV Commercial New.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Allan\My Documents\AflacDancingDuckTVCommercialNewVoiceRevealed.wav:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Allan\My Documents\Allan & Bernadette Peters.bmp:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Allan\My Documents\Allan & Robert Klein.bmp:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Allan\My Documents\AllanOnWheel.wmv:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Allan\My Documents\BRITISH1.wmv:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Allan\My Documents\BrooklynZ002011-1834.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Allan\My Documents\DSC_0019.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Allan\My Documents\Halftimeshow.wmv:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Allan\My Documents\image00145.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Allan\My Documents\IMG-20110312-00018.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Allan\My Documents\NewTexasHoldemflier1025.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Allan\My Documents\photo.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Allan\My Documents\Sacramento-Texas-Hold-Em02.png:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Allan\My Documents\Shave_without_cutting_lip.wmv:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-1214440339-1035525444-839522115-1004\Software\Classes\.exe: exefile => <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1214440339-1035525444-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Allan (S-1-5-21-1214440339-1035525444-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Allan
Guest (S-1-5-21-1214440339-1035525444-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1214440339-1035525444-839522115-1000 - Limited - Disabled)
Mildred (S-1-5-21-1214440339-1035525444-839522115-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Mildred
Rachel (S-1-5-21-1214440339-1035525444-839522115-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Rachel
SUPPORT_388945a0 (S-1-5-21-1214440339-1035525444-839522115-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/19/2014 02:55:23 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/19 14:55:23.296]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (12/19/2014 02:54:14 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/19 14:54:14.296]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (12/19/2014 02:53:05 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/19 14:53:05.265]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (12/19/2014 02:51:56 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/19 14:51:56.250]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (12/19/2014 02:50:47 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/19 14:50:47.218]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (12/19/2014 02:49:38 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/19 14:49:38.203]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (12/19/2014 02:48:07 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/19 14:48:07.421]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (12/19/2014 02:46:58 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/19 14:46:58.421]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (12/19/2014 02:45:49 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/19 14:45:49.406]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (12/19/2014 02:44:40 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/19 14:44:40.390]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]


System errors:
=============
Error: (12/19/2014 01:22:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/19/2014 01:21:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/19/2014 01:20:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/19/2014 01:19:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/19/2014 00:41:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (12/19/2014 00:41:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (12/19/2014 00:41:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (12/19/2014 00:41:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (12/19/2014 00:41:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (12/19/2014 00:41:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (12/19/2014 02:55:23 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/19 14:55:23.296]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (12/19/2014 02:54:14 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/19 14:54:14.296]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (12/19/2014 02:53:05 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/19 14:53:05.265]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (12/19/2014 02:51:56 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/19 14:51:56.250]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (12/19/2014 02:50:47 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/19 14:50:47.218]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (12/19/2014 02:49:38 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/19 14:49:38.203]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (12/19/2014 02:48:07 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/19 14:48:07.421]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (12/19/2014 02:46:58 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/19 14:46:58.421]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (12/19/2014 02:45:49 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/19 14:45:49.406]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (12/19/2014 02:44:40 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/19 14:44:40.390]: [00000308]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5470 @ 1.60GHz
Percentage of memory in use: 56%
Total physical RAM: 2037.97 MB
Available physical RAM: 883.13 MB
Total Pagefile: 4930.85 MB
Available Pagefile: 3254.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.47 GB) (Free:72.67 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)

==================== End Of Log =========================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.67.2
Run by Allan at 19:08:00 on 2015-01-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1119 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\alg.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\aol\1272640394\ee\aolsoftware.exe
C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
C:\Program Files\AOL Desktop 9.6\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AOL Desktop 9.6\shellmon.exe
C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\updrgui.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
mSearch Page = about:blank
mDefault_Search_URL = about:blank
uInternet Connection Wizard,ShellNext = hxxp://support.dell.com/
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Avira Systray] c:\program files\avira\my avira\Avira.OE.Systray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://goldenrule.webex.com/client/WBXclient-T27L10NSP32EP5-14362/event/ieatgpc.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{FF55C92A-2521-474E-B530-6BDBAB4FA25B} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\allan\application data\mozilla\firefox\profiles\7bwbxg1r.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\allan\local settings\application data\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\documents and settings\allan\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
FF - ExtSQL: !HIDDEN! 2010-05-05 18:56; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-10-10 37352]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-10-10 98160]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
.
=============== Created Last 30 ================
.
2014-12-19 19:48:24 -------- d-----w- C:\FRST
2014-12-19 18:47:45 1113600 ----a-w- c:\program files\Farbar recovery Tool FRST.exe
2014-12-18 20:57:00 -------- d-----w- c:\program files\PandaAntiRootkit
2014-12-18 18:59:04 8576 ----a-w- c:\windows\system32\drivers\aygkdtggshmc.sys
2014-12-15 22:15:11 114904 ----a-w- c:\windows\system32\drivers\156A2F97.sys
2014-12-15 21:40:34 5604036 ------r- c:\program files\ComboFix.exe
2014-12-15 21:35:39 -------- d-----w- c:\program files\backups
2014-12-15 19:37:03 388608 ----a-w- c:\program files\HijackThis.exe
2014-12-11 03:17:45 -------- d-----w- c:\windows\ERUNT
2014-12-11 02:07:23 -------- d-----w- C:\AdwCleaner
2014-12-11 02:02:38 2166272 ----a-w- c:\program files\adwcleaner_4.105.exe
2014-12-10 22:11:09 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-10 22:11:05 -------- d-----w- C:\Documents
2014-12-10 22:11:01 -------- d-----w- c:\documents and settings\all users\application data\RogueKiller
2014-12-10 22:10:34 15201368 ----a-w- c:\program files\RogueKiller.exe
.
==================== Find3M ====================
.
2015-01-03 19:12:24 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-10 19:07:47 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-10 19:07:46 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-21 11:14:14 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 11:14:06 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-14 18:32:58 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-09-09 22:07:16 46525608 ----a-w- c:\program files\spybot-2.4.exe
2014-05-10 01:18:08 32549592 ----a-w- c:\program files\free_itransfer_setup.exe
2014-03-11 22:28:15 143436858 ----a-w- c:\program files\Apache_OpenOffice_4.0.0_Win_x86_install_en-US.exe
2014-03-11 22:09:28 143485940 ----a-w- c:\program files\Apache_OpenOffice_4.0.1_Win_x86_install_en-US.exe
2013-11-13 17:06:44 208400 ----a-w- c:\program files\AOLDNLD.exe
2013-09-20 18:11:16 22131568 ----a-w- c:\program files\Thunderbird Setup 24.0.exe
2013-01-07 16:36:54 16069264 ----a-w- c:\program files\setup-gp4-iboom-host.exe
2012-10-10 14:50:38 102457752 ----a-w- c:\program files\avira_free_antivirus_en.exe
2012-09-19 19:23:08 17790056 ----a-w- c:\program files\Firefox Setup 15.0.1.exe
2012-07-11 02:57:15 706912 ----a-w- c:\program files\MediaManager.exe
2012-04-13 19:22:26 337137 ----a-w- c:\program files\FanbarFSS.exe
2012-04-13 01:42:33 593920 ----a-w- c:\program files\OTL.exe
2012-04-11 21:16:13 238608 ----a-w- c:\program files\avira_registry_cleaner_en.exe
2012-04-10 19:55:02 5114528 ----a-w- c:\program files\disk-defrag-setup.exe
2012-04-09 14:04:33 5941033 ----a-w- c:\program files\startdelay_v3.0b322.exe
2012-04-08 19:59:47 990720 ----a-w- c:\program files\bootvis.msi
2012-04-08 19:32:23 4139168 ----a-w- c:\program files\install_flash_player_32bit.exe
2012-04-08 19:27:38 264271 ----a-w- c:\program files\FHSetup.exe
2012-04-06 18:56:34 397728 ----a-w- c:\program files\unhide.exe
2012-03-01 02:27:58 493520 ----a-w- c:\program files\FacebookVideoCallSetup_v1.2.203.0.exe
2012-02-17 20:59:52 692480 ----a-w- c:\program files\RealPlayer.exe
2012-01-24 16:12:05 36927832 ----a-w- c:\program files\68ar04ww.exe
2012-01-24 16:10:14 1070488 ----a-w- c:\program files\68md01ww.exe
2012-01-24 16:10:11 2438952 ----a-w- c:\program files\68cr04ww.exe
2012-01-24 16:08:17 8556672 ----a-w- c:\program files\Lenovo_Download_Manager_Installer.exe
2012-01-24 15:51:57 2443048 ----a-w- c:\program files\68cs06ww.exe
2011-04-13 19:01:32 48536984 ----a-w- c:\program files\AdbeRdr1001_en_US.exe
2011-04-13 15:45:14 21058523 ----a-w- c:\program files\FullTiltSetup.exe
2011-04-01 13:26:36 231224 ----a-w- c:\program files\RapportSetup.exe
2011-02-27 18:02:40 509440 ----a-w- c:\program files\STOPzilla_Setup.exe
2011-02-27 18:00:31 7734208 ----a-w- c:\program files\mbam-setup-1.50.1.1100.exe
2011-02-27 17:51:01 6623888 ----a-w- c:\program files\Malwarebytes.exe
2010-08-26 21:32:51 1704744 ----a-w- c:\program files\SkypeSetup.exe
2010-05-14 14:22:10 156607328 ----a-w- c:\program files\OOo_3.2.0_Win_x86_install-wJRE_en-US.exe
2010-05-03 20:53:14 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe
2010-04-30 03:57:33 2959376 ----a-w- c:\program files\dotnetfx35setup.exe
2010-04-30 03:38:31 44089904 ----a-w- c:\program files\avira_antivir_personal_en.exe
.
============= FINISH: 19:20:14.12 ===============

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/15/2014
Scan Time: 5:15:59 PM
Logfile: Malwarebytes Log 12-15-14.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.11.02
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Allan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 451622
Time Elapsed: 2 hr, 34 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.Spigot.A, HKU\S-1-5-21-1214440339-1035525444-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3A787631-66A2-4634-B928-A37E73B58FB6}, , [e3ab174af686290dcccee768d3306997],
PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-1214440339-1035525444-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, , [f49af76a5e1ecb6b5172ccbd976c34cc],
PUP.Optional.BrowserExtensions.A, HKU\S-1-5-21-1214440339-1035525444-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BROWSER EXTENSIONS, , [1876075a4e2eb97d664db19c3bc825db],

Registry Values: 1
PUP.Optional.BrowserExtensions.A, HKU\S-1-5-21-1214440339-1035525444-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BROWSER EXTENSIONS|SS_Ver, 2.5, , [1876075a4e2eb97d664db19c3bc825db]

Registry Data: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-1214440339-1035525444-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://search.yahoo.com/?type=523482&fr=spigot-yhp-ie, Good: (www.google.com), Bad: (https://search.yahoo.com/?type=523482&fr=spigot-yhp-ie),,[246a4e139ce09b9b4524f867679ea45c]

Folders: 1
PUP.Optional.Spigot.A, C:\Documents and Settings\Allan\Application Data\BrowserExtensions, , [e3ab174af686290dcccee768d3306997],

Files: 11
PUP.Optional.Spigot.A, C:\Documents and Settings\Allan\Application Data\BrowserExtensions\startpage.xpi, , [e3ab174af686290dcccee768d3306997],
PUP.Optional.Spigot.A, C:\Documents and Settings\Allan\Application Data\BrowserExtensions\Button.exe, , [e3ab174af686290dcccee768d3306997],
PUP.Optional.Spigot.A, C:\Documents and Settings\Allan\Application Data\BrowserExtensions\Button64.exe, , [e3ab174af686290dcccee768d3306997],
PUP.Optional.Spigot.A, C:\Documents and Settings\Allan\Application Data\BrowserExtensions\ButtonWrap.dll, , [e3ab174af686290dcccee768d3306997],
PUP.Optional.Spigot.A, C:\Documents and Settings\Allan\Application Data\BrowserExtensions\ButtonWrap64.dll, , [e3ab174af686290dcccee768d3306997],
PUP.Optional.Spigot.A, C:\Documents and Settings\Allan\Application Data\BrowserExtensions\Coupons.dll, , [e3ab174af686290dcccee768d3306997],
PUP.Optional.Spigot.A, C:\Documents and Settings\Allan\Application Data\BrowserExtensions\coupons.xpi, , [e3ab174af686290dcccee768d3306997],
PUP.Optional.Spigot.A, C:\Documents and Settings\Allan\Application Data\BrowserExtensions\Coupons64.dll, , [e3ab174af686290dcccee768d3306997],
PUP.Optional.Spigot.A, C:\Documents and Settings\Allan\Application Data\BrowserExtensions\saebay.xpi, , [e3ab174af686290dcccee768d3306997],
PUP.Optional.Spigot.A, C:\Documents and Settings\Allan\Application Data\BrowserExtensions\Uninstall.exe, , [e3ab174af686290dcccee768d3306997],
PUP.Optional.Spigot.A, C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\7bwbxg1r.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "https://search.yahoo.com/?type=523482&fr=spigot-yhp-ff");), ,[0c828ad74834db5b218b2b766a9b0bf5]

Physical Sectors: 0
(No malicious items detected)


(end)

Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Microsoft Windows XP x86
Ran by Allan on Wed 12/10/2014 at 22:18:23.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\search protection



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{13913002-EAD1-478A-957D-FA0A81787BA8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EF64538-8B54-4573-B48F-4D34B0238AB2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\strongvault online backup"
Failed to delete: [Folder] "C:\Documents and Settings\Allan\Application Data\search protection"
Successfully deleted: [Folder] "C:\Program Files\bucksbee loyalty plugin - softonic"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/10/2014 at 22:26:54.62
End of JRT log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users