TheSkaFish

I was unable to download DelFix, it did not work. I wound up deleting all the disinfection tools one by one. So far, everything seems to be running without any problems. I created a new Restore Point and deleted all of the old ones, and I'd disabled Java earlier. So far, so good. Thanks again for helping and being patient with me, though I was away for gaps of time. I do appreciate having an all-clear on this computer. I do have one last question though - I currently have both Malwarebytes' Anti-Malware Free Version, as well as Spybot Search and Destroy v2.4 Free Version. Is there any good reason to have more than one anti-malware service on my computer, or is it redundant?

So far, everything has been running normally. I tried to update Internet Explorer, but Microsoft's site would not let me, saying that Internet Explorer 8 would not run on my computer, as I have the 32-bit version of Windows XP. That struck me as strange because I thought I was able to run IE8 before, but none of the versions that came out after that. Is there any risk if I never use Internet Explorer at all? I haven't been using it for anything. I've been using only Firefox for the last year and a half or so. And I hope I didn't throw anything off by not re-setting Firefox. I just didn't want to lose all my add-ons that I have found to be very useful. I just ran SecurityCheck.exe, here are the log results: Results of screen317's Security Check version 0.99.88 Windows XP Service Pack 3 x86 Internet Explorer 6 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` WinPatrol MVPS Hosts File Spybot - Search & Destroy CCleaner Adobe Flash Player 15.0.0.152 Adobe Reader XI Mozilla Firefox (32.0.3) ````````Process Check: objlist.exe by Laurent```````` WinPatrol winpatrol.exe Spybot Teatimer.exe is disabled! Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 AvastUI.exe Ruiware WinPatrol winpatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````

Hi. Well, it seemed that the twitch in opening windows has gone away now. When I click to open a New Tab, it only opens one tab again, like it should. Anyway, here are my logs: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-10-2014 01 Ran by Dan Popp (administrator) on DANPOPP on 04-10-2014 13:42:05 Running from C:\Documents and Settings\Dan Popp\Desktop Loaded Profile: Dan Popp (Available profiles: Dan Popp & Guest) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 6 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (Creative Technology Ltd) C:\WINDOWS\system32\CTsvcCDA.EXE () C:\Program Files\GNU\GnuPG\dirmngr.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe (GEMTEKS) C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WLService.exe (Linksys) C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WMP54GX.exe (Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [storageGuard] => C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [155648 2003-02-13] (Sonic Solutions) HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [534160 2013-02-10] (QFX Software Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-07-31] (AVAST Software) HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [] HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-21-2000478354-651377827-839522115-1003\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Toolbar: HKLM - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 68.94.156.1 68.94.157.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default FF Homepage: https://www.google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.5.1 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Documents and Settings\Dan Popp\My Documents\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Documents and Settings\Dan Popp\My Documents\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Citrix\Plugins\92\npappdetector.dll (Citrix Online) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Dan Popp\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Dan Popp\Application Data\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dan Popp\Application Data\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dan Popp\Application Data\mozilla\plugins\npo1d.dll (Google) FF Extension: Microsoft Default Manager - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\DefaultManager@Microsoft [2013-08-01] FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\donottrackplus@abine.com [2014-07-10] FF Extension: MaskMe - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\idme@abine.com [2014-03-05] FF Extension: Element Hiding Helper for Adblock Plus - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\elemhidehelper@adblockplus.org.xpi [2013-03-12] FF Extension: Webmail Ad Blocker - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\gmailnoads@mywebber.com.xpi [2013-03-12] FF Extension: Social Fixer - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\socialfixer@mattkruse.com.xpi [2014-01-31] FF Extension: NoScript - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-09] FF Extension: Adblock Plus - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-10] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-24] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-24] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-22] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-02-26] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-01] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2014-09-08] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-03-18] Chrome: ======= CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-07-06] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-06] (AVAST Software) R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed] R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed] R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [224256 2011-03-02] () [File not signed] S4 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75064 2010-03-04] () S4 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [215128 2010-09-18] () R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-07-05] (Skype Technologies S.A.) S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.) R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed] U4 aswUpdSv; "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" [X] R2 WMP54GX4SVC; "C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WLService.exe" "WMP54GX.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [20747 2009-02-26] (Meetinghouse Data Communications) [File not signed] R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-06] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-06] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-06] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-06] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-06] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-06] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-06] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-06] () R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation) R3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-09-23] (LogMeIn, Inc.) S3 hidgame; C:\WINDOWS\System32\DRIVERS\hidgame.sys [8576 2001-08-17] (Microsoft Corporation) R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [208920 2013-02-06] (QFX Software Corporation) R3 Linksys3P; C:\WINDOWS\System32\DRIVERS\TMIMO31P.sys [780800 2005-11-29] (Airgo Networks, Inc.) R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed] R3 P16X; C:\WINDOWS\System32\drivers\P16X.sys [1296384 2003-08-14] (Creative Technology Ltd.) R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.) [File not signed] S3 pohci13F; C:\Documents and Settings\Dan Popp\Local Settings\temp\pohci13F.sys [29696 2003-09-02] () [File not signed] R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17168 2003-07-30] (Sonic Solutions) [File not signed] S3 catchme; \??\C:\DOCUME~1\DANPOP~1\LOCALS~1\Temp\catchme.sys [X] S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-04 13:42 - 2014-10-04 13:42 - 00017369 _____ () C:\Documents and Settings\Dan Popp\Desktop\FRST.txt 2014-10-04 13:40 - 2014-10-04 13:40 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\FRST-OlderVersion 2014-10-04 13:39 - 2014-10-04 13:40 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\previous frst scans 2014-10-04 11:50 - 2014-10-04 11:50 - 00000021 _____ () C:\WINDOWS\S.dirmngr 2014-10-01 23:15 - 2014-10-02 21:51 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Start Menu\Programs\LucasArts 2014-10-01 21:48 - 2014-10-01 21:50 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\non-antimalware desktop files 2014-10-01 19:02 - 2014-09-08 11:38 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141001-190251.backup 2014-10-01 18:22 - 2014-10-01 18:22 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2014-10-01 18:22 - 2014-10-01 18:22 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job 2014-10-01 18:21 - 2014-10-01 23:23 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt 2014-10-01 18:21 - 2014-10-01 18:31 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-10-01 18:21 - 2014-10-01 18:21 - 00001836 _____ () C:\Documents and Settings\Dan Popp\Desktop\Spybot-S&D Start Center.lnk 2014-10-01 18:21 - 2014-10-01 18:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2 2014-10-01 18:21 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe 2014-10-01 17:18 - 2014-10-01 17:18 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Dan Popp\Desktop\tdsskiller.exe 2014-10-01 16:56 - 2014-10-01 16:57 - 00004656 _____ () C:\Documents and Settings\Dan Popp\Desktop\JavaRa.log 2014-10-01 16:52 - 2014-10-01 16:53 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\RemoveJava 2014-10-01 16:51 - 2014-10-01 16:51 - 00165800 _____ () C:\Documents and Settings\Dan Popp\Desktop\JavaRa-1.16-20-1-14.zip 2014-10-01 16:48 - 2012-05-04 19:29 - 00772504 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll 2014-10-01 16:45 - 2012-05-04 19:29 - 00687504 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll 2014-09-24 22:17 - 2014-09-24 22:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-09 09:10 - 2014-10-04 11:51 - 00000374 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics 2014-09-08 11:52 - 2012-06-02 15:18 - 00275696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mucltui.dll 2014-09-08 11:52 - 2012-06-02 15:18 - 00214256 _____ (Microsoft Corporation) C:\WINDOWS\system32\muweb.dll 2014-09-08 11:52 - 2012-06-02 15:18 - 00017136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mucltui.dll.mui 2014-09-08 11:45 - 2014-09-09 09:10 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp 2014-09-08 11:45 - 2014-09-08 11:45 - 00014678 _____ () C:\ComboFix.txt 2014-09-08 11:45 - 2014-09-08 11:45 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp 2014-09-08 11:45 - 2014-09-08 11:45 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\temp 2014-09-08 11:18 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe 2014-09-08 11:18 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe 2014-09-08 11:18 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2014-09-08 11:18 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2014-09-08 11:18 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2014-09-08 11:18 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2014-09-08 11:18 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe 2014-09-08 11:18 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe 2014-09-08 11:18 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe 2014-09-08 11:17 - 2014-09-08 11:45 - 00000000 ____D () C:\Qoobox 2014-09-08 11:16 - 2014-09-08 11:16 - 05576440 ____R (Swearware) C:\Documents and Settings\Dan Popp\Desktop\ComboFix.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-04 13:42 - 2014-09-03 21:13 - 00000000 ____D () C:\FRST 2014-10-04 13:42 - 2014-07-28 12:55 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Local Settings\temp 2014-10-04 13:40 - 2014-09-03 21:09 - 01100800 _____ (Farbar) C:\Documents and Settings\Dan Popp\Desktop\FRST.exe 2014-10-04 13:12 - 2012-07-08 22:24 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-10-04 12:49 - 2012-07-10 15:43 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-10-04 11:57 - 2009-02-28 14:51 - 01087509 _____ () C:\WINDOWS\WindowsUpdate.log 2014-10-04 11:54 - 2013-10-01 14:30 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2000478354-651377827-839522115-1003.job 2014-10-04 11:53 - 2013-10-01 14:30 - 00000292 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2000478354-651377827-839522115-1003.job 2014-10-04 11:51 - 2003-07-16 11:46 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-10-04 11:50 - 2009-02-26 01:02 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-10-04 11:50 - 2009-02-25 18:55 - 00000159 ____C () C:\WINDOWS\wiadebug.log 2014-10-04 11:50 - 2009-02-25 18:55 - 00000049 ____C () C:\WINDOWS\wiaservc.log 2014-10-03 23:58 - 2009-02-26 01:09 - 00000178 ___SH () C:\Documents and Settings\Dan Popp\ntuser.ini 2014-10-03 23:58 - 2009-02-26 01:08 - 00032622 _____ () C:\WINDOWS\SchedLgU.Txt 2014-10-03 21:21 - 2014-01-02 03:53 - 00072192 _____ () C:\Documents and Settings\Dan Popp\My Documents\Lists - To-Get, CDs, Songs to Download, Unsure, Equalize - Borrowed Things.xls 2014-10-03 18:19 - 2009-06-15 00:19 - 00098304 _____ (Sony DADC Austria AG.) C:\WINDOWS\system32\CmdLineExt.dll 2014-10-03 17:21 - 2014-08-10 21:15 - 00021491 _____ () C:\WINDOWS\wmsetup.log 2014-10-03 15:48 - 2013-05-23 17:36 - 00000000 ____D () C:\Program Files\Steam 2014-10-03 15:22 - 2009-03-01 22:09 - 00048250 _____ () C:\Documents and Settings\Dan Popp\Application Data\wklnhst.dat 2014-10-02 22:22 - 2014-07-29 20:04 - 00006916 _____ () C:\WINDOWS\setupapi.log 2014-10-02 21:36 - 2009-03-02 23:52 - 00000000 ____D () C:\Program Files\LucasArts 2014-10-02 21:36 - 2009-02-26 01:16 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-10-01 22:48 - 2009-02-28 16:19 - 00000000 ____D () C:\Program Files\EA GAMES 2014-10-01 22:08 - 2009-02-28 16:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EA GAMES 2014-10-01 19:01 - 2009-03-02 22:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2014-09-30 16:06 - 2014-07-12 18:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2014-09-30 16:06 - 2014-07-12 17:59 - 00000000 ____D () C:\Program Files\mbar 2014-09-30 15:36 - 2014-07-07 15:07 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-30 15:35 - 2014-07-07 13:27 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-09-30 00:00 - 2009-02-26 01:09 - 00000000 ____D () C:\Documents and Settings\Dan Popp 2014-09-29 15:48 - 2011-09-23 22:34 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-09-29 10:11 - 2009-02-27 19:36 - 00002489 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2014-09-26 09:43 - 2013-02-14 09:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-25 19:08 - 2009-02-27 21:50 - 00000000 ____D () C:\Documents and Settings\Dan Popp\My Documents\Resumes 2014-09-23 19:49 - 2012-07-10 15:43 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-09-23 19:49 - 2011-06-01 18:34 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-09-14 00:13 - 2013-02-04 02:22 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Application Data\Spotify 2014-09-13 23:45 - 2013-02-04 02:25 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Spotify 2014-09-11 21:44 - 2013-07-11 13:41 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-09-11 21:36 - 2009-03-02 21:52 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-09-09 11:03 - 2009-02-25 18:53 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-09-08 19:21 - 2009-02-26 01:08 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-09-08 11:53 - 2009-02-26 01:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2014-09-08 11:39 - 2003-07-16 11:41 - 00000227 _____ () C:\WINDOWS\system.ini 2014-09-08 11:17 - 2012-05-19 16:44 - 00000000 ____D () C:\WINDOWS\ERDNT Some content of TEMP: ==================== C:\Documents and Settings\Dan Popp\Local Settings\temp\CmdLineExt03.dll C:\Documents and Settings\Dan Popp\Local Settings\temp\SecuExp.exe C:\Documents and Settings\Dan Popp\Local Settings\temp\SIntf16.dll C:\Documents and Settings\Dan Popp\Local Settings\temp\SIntf32.dll C:\Documents and Settings\Dan Popp\Local Settings\temp\SIntfNT.dll C:\Documents and Settings\Dan Popp\Local Settings\temp\Uninst.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-10-2014 01 Ran by Dan Popp at 2014-10-04 13:43:19 Running from C:\Documents and Settings\Dan Popp\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated) Adobe AIR (Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Help Manager (Version: 4.0.244 - Adobe Systems Incorporated) Hidden Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software) Battlefield 1942 (HKLM\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version: - ) Battlefield 1942: Secret Weapons of WWII (HKLM\...\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}) (Version: - ) Battlefield 1942: The Road To Rome (HKLM\...\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}) (Version: - ) BF1942 Transformers Mod Version 2.0 Full Client (HKLM\...\BF1942 Transformers Mod Version 2.0 Full Client) (Version: - ) BFE-WaW Map Pack #1 (HKLM\...\BFE-WaW Map Pack #1) (Version: - ) Brother HL-2140 (HKLM\...\{6BFE96F1-BE26-4FC5-965D-5CED037DE3E9}) (Version: 1.00 - Brother) Canon Camera Access Library (HKLM\...\CAL) (Version: 8.1.1.17 - ) Canon Camera Support Core Library (HKLM\...\CSCLIB) (Version: 7.3.1.6 - ) Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5) (Version: 5.4.5.17 - ) Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.2.0.8 - ) Canon Camera Window MC 6 for ZoomBrowser EX (HKLM\...\CameraWindowMC) (Version: 6.1.0.7 - ) Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.0.1.3 - ) Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 2.2.0.13 - ) Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 2.3.0.11 - ) Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.5.0.5 - ) Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.0.3.17 - ) Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.17.41 - ) Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 5.6.0.27 - ) CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform) Celtx (2.9) (HKLM\...\Celtx (2.9)) (Version: 2.9 (en-US) - Greyfirst) Command & Conquer Red Alert 2 (HKLM\...\Red Alert 2) (Version: - ) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation) Dell Media Experience (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: - ) Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - ) Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.) ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer) FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version: - ) Forgotten Hope FAN MAPPACK V6.0 (HKLM\...\Forgotten Hope FAN MAPPACK) (Version: V6.0 - Forgotten Hope Mod Team) Forgotten Hope Fanmappack 4.0 (HKLM\...\Forgotten Hope Fanmappack) (Version: 4.0 - Forgotten Hope Mod Team) Free YouTube to MP3 Converter version 3.12.29.304 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.29.304 - DVDVideoSoft Ltd.) Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden Gpg4win (2.1.0) (HKLM\...\GPG4Win) (Version: 2.1.0 - The Gpg4win Project) KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.0.2.1 - QFX Software Corporation) LucasArts' Rogue Squadron (HKLM\...\LucasArts' Rogue Squadron) (Version: - ) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Default Manager (Version: 2.1.54.0 - Microsoft Corporation) Hidden Microsoft Internationalized Domain Names Mitigation APIs (HKLM\...\IDNMitigationAPIs) (Version: - Microsoft Corporation) Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden Microsoft National Language Support Downlevel APIs (HKLM\...\NLSDownlevelMapping) (Version: - Microsoft Corporation) Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Search Enhancement Pack (Version: 3.0.126.0 - Microsoft Corporation) Hidden Microsoft UI Engine (Version: 4.0.0318.1 - Microsoft Corporation) Hidden Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Works (HKLM\...\{B9966F27-9678-4620-9579-925E3084647E}) (Version: 07.03.0719 - Microsoft Corporation) Microsoft Works 2004 Setup Launcher (HKLM\...\Works2004Setup) (Version: - ) Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{33BEE6F3-9987-4F98-A069-97A64EC8321A}) (Version: 7.0.0.0000 - Microsoft Corporation) Mount & Blade: Warband (HKLM\...\Steam App 48700) (Version: - Taleworlds Entertainment) Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSN Toolbar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 4.0.0401.0 - Microsoft Corporation) MSN Toolbar Platform (Version: 4.0.0401.0 - Microsoft Corporation) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Notepad++ (HKLM\...\Notepad++) (Version: 6.3.2 - Notepad++ Team) NVIDIA Control Panel 260.99 (Version: 260.99 - NVIDIA Corporation) Hidden NVIDIA Install Application (Version: 2.0.14.0 - NVIDIA Corporation) Hidden NVIDIA nView 135.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.36 - NVIDIA Corporation) NVIDIA nView Desktop Manager (Version: 6.14.10.13065 - NVIDIA Corporation) Hidden OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org) QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - RealNetworks) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.) Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 6.5.3 - Sonic Solutions) Sonic Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.80 - Sonic Solutions) Sound Blaster Live! (HKLM\...\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}) (Version: - ) Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Star Wars - Jedi Knight II: Jedi Outcast (HKLM\...\Steam App 6030) (Version: - Raven Software) Star Wars Galactic Battlegrounds: Saga (HKLM\...\{10133CDD-50B9-4783-B336-8B48F3653715}) (Version: - ) Star Wars Jedi Knight Jedi Academy (HKLM\...\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}) (Version: - ) Star Wars® Knights of the Old Republic® II: The Sith Lords (HKLM\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian) Star Wars®: Knights of the Old Republic (HKLM\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version: - ) Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Symantec Technical Support Web Controls (HKLM\...\{20C53FA2-4307-4671-A93F-9463B29DFCF1}) (Version: 3.5.3 - Symantec Corporation) System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - ) TGW 0.15 (HKLM\...\TGW 0.15) (Version: - ) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player 11 (Version: - Microsoft Corporation) Hidden Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) Wireless-G PCI Adapter with SRX400 (HKLM\...\{201C78EE-ED2D-4A50-8187-02812063DFA9}) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll (the data entry has 8 more characters). CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google) CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.d (the data entry has 10 more characters). CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.d (the data entry has 10 more characters). CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.d (the data entry has 10 more characters). CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll (the data entry has 8 more characters). CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.d (the data entry has 10 more characters). CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google) CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll (the data entry has 8 more characters). CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll (the data entry has 8 more characters). ==================== Restore Points ========================= 05-09-2014 01:51:28 System Checkpoint 06-09-2014 23:33:53 System Checkpoint 07-09-2014 23:48:52 System Checkpoint 08-09-2014 04:45:43 Software Distribution Service 3.0 08-09-2014 17:40:29 Software Distribution Service 3.0 09-09-2014 15:56:04 Software Distribution Service 3.0 10-09-2014 19:00:54 System Checkpoint 11-09-2014 19:25:35 System Checkpoint 12-09-2014 02:36:10 Software Distribution Service 3.0 13-09-2014 04:07:19 System Checkpoint 14-09-2014 16:54:04 System Checkpoint 15-09-2014 16:54:40 System Checkpoint 16-09-2014 18:03:42 System Checkpoint 17-09-2014 18:25:04 System Checkpoint 18-09-2014 20:06:41 System Checkpoint 19-09-2014 23:54:21 System Checkpoint 21-09-2014 23:00:15 System Checkpoint 22-09-2014 23:30:46 System Checkpoint 24-09-2014 00:09:51 System Checkpoint 25-09-2014 00:49:19 System Checkpoint 26-09-2014 01:49:41 System Checkpoint 27-09-2014 03:06:35 System Checkpoint 28-09-2014 19:18:24 System Checkpoint 29-09-2014 21:25:11 System Checkpoint 30-09-2014 22:55:31 System Checkpoint 01-10-2014 14:50:53 Configured Wings of War 01-10-2014 14:53:32 Removed Alcohol 120% (Trial Version) 01-10-2014 17:49:39 Removed Microsoft Silverlight 01-10-2014 21:44:30 Removed Java 7 Update 45 01-10-2014 21:45:44 Removed Java 6 Update 22 01-10-2014 21:46:58 Removed Java 6 Update 19 01-10-2014 21:48:47 Removed JavaFX 2.1.1 02-10-2014 04:18:08 Installed Star Wars®: Knights of the Old Republic 02-10-2014 04:20:30 Removed Star Wars®: Knights of the Old Republic 02-10-2014 14:42:45 Revo Uninstaller's restore point - Star Wars®: Knights of the Old Republic 03-10-2014 02:21:10 Installed Star Wars®: Knights of the Old Republic 03-10-2014 02:27:11 Revo Uninstaller's restore point - Star Wars®: Knights of the Old Republic 03-10-2014 02:27:40 Removed Star Wars®: Knights of the Old Republic 03-10-2014 02:36:40 Installed Star Wars®: Knights of the Old Republic ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2003-07-16 11:23 - 2014-10-01 19:02 - 00449906 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2000478354-651377827-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2000478354-651377827-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe ==================== Loaded Modules (whitelisted) ============= 2010-03-08 01:30 - 2010-08-26 01:12 - 00555624 _____ () C:\Program Files\NVIDIA Corporation\nView\nvshell.dll 2009-06-13 18:16 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll 2010-02-01 15:01 - 2014-07-06 13:11 - 00301152 _____ () C:\Program Files\Alwil Software\Avast5\aswProperty.dll 2014-10-04 11:56 - 2014-10-04 11:56 - 02859008 _____ () C:\Program Files\Alwil Software\Avast5\defs\14100400\algo.dll 2011-03-02 10:20 - 2011-03-02 10:20 - 00224256 _____ () C:\Program Files\GNU\GnuPG\dirmngr.exe 2011-03-02 10:16 - 2011-03-02 10:16 - 00208384 _____ () C:\Program Files\GNU\GnuPG\libksba-8.dll 2011-03-02 10:13 - 2011-03-02 10:13 - 00048640 _____ () C:\Program Files\GNU\GnuPG\libgpg-error-0.dll 2011-03-02 10:11 - 2011-03-02 10:11 - 00038400 _____ () C:\Program Files\GNU\GnuPG\libw32pth-0.dll 2011-03-02 10:16 - 2011-03-02 10:16 - 00073216 _____ () C:\Program Files\GNU\GnuPG\libassuan-0.dll 2011-03-02 10:17 - 2011-03-02 10:17 - 00603136 _____ () C:\Program Files\GNU\GnuPG\libgcrypt-11.dll 2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-10-01 18:21 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-10-01 18:21 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2014-10-01 18:21 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-10-01 18:21 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll 2014-10-01 18:21 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2009-02-26 01:16 - 2005-09-02 09:25 - 00045056 _____ () C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\Security.dll 2009-02-26 01:16 - 2005-04-26 13:43 - 00110592 _____ () C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\GEMWEP.DLL 2009-02-26 01:16 - 2005-12-02 17:11 - 00438272 _____ () C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\Airgo.DLL 2009-02-26 01:16 - 2003-10-13 16:30 - 00094208 _____ () C:\WINDOWS\system32\GTW32N50.DLL 2013-12-06 20:16 - 2014-07-06 13:11 - 19329904 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\78378790.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\78378790.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2000478354-651377827-839522115-500 - Administrator - Enabled) Dan Popp (S-1-5-21-2000478354-651377827-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dan Popp Guest (S-1-5-21-2000478354-651377827-839522115-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest HelpAssistant (S-1-5-21-2000478354-651377827-839522115-1000 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-2000478354-651377827-839522115-1002 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= Name: PCI Simple Communications Controller Description: PCI Simple Communications Controller Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Ethernet Controller Description: Ethernet Controller Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Multimedia Audio Controller Description: Multimedia Audio Controller Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/04/2014 01:32:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Error: (10/04/2014 01:32:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Error: (10/04/2014 01:31:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Error: (10/04/2014 01:31:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Error: (10/04/2014 11:50:21 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Error: (10/04/2014 11:50:21 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Error: (10/04/2014 11:50:21 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Error: (10/04/2014 11:50:21 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Error: (10/03/2014 11:24:13 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Error: (10/03/2014 11:24:13 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. System errors: ============= Error: (10/04/2014 11:50:28 AM) (Source: 0) (EventID: 5002) (User: ) Description: Wireless-G PCI Adapter with SRX400 Error: (10/04/2014 11:50:28 AM) (Source: 0) (EventID: 5002) (User: ) Description: Wireless-G PCI Adapter with SRX400 Error: (10/04/2014 11:50:28 AM) (Source: 0) (EventID: 5002) (User: ) Description: Wireless-G PCI Adapter with SRX400 Error: (10/04/2014 11:50:28 AM) (Source: 0) (EventID: 5002) (User: ) Description: Wireless-G PCI Adapter with SRX400 Error: (10/04/2014 11:50:28 AM) (Source: 0) (EventID: 5002) (User: ) Description: Wireless-G PCI Adapter with SRX400 Error: (10/04/2014 11:50:28 AM) (Source: 0) (EventID: 5002) (User: ) Description: Wireless-G PCI Adapter with SRX400 Error: (10/04/2014 11:50:28 AM) (Source: 0) (EventID: 5002) (User: ) Description: Wireless-G PCI Adapter with SRX400 Error: (10/04/2014 11:50:28 AM) (Source: 0) (EventID: 5002) (User: ) Description: Wireless-G PCI Adapter with SRX400 Error: (10/04/2014 11:50:28 AM) (Source: 0) (EventID: 5002) (User: ) Description: Wireless-G PCI Adapter with SRX400 Error: (10/03/2014 10:34:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service. Microsoft Office Sessions: ========================= Error: (10/04/2014 01:32:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} Error: (10/04/2014 01:32:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE} Error: (10/04/2014 01:31:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} Error: (10/04/2014 01:31:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE} Error: (10/04/2014 11:50:21 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} Error: (10/04/2014 11:50:21 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE} Error: (10/04/2014 11:50:21 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} Error: (10/04/2014 11:50:21 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE} Error: (10/03/2014 11:24:13 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} Error: (10/03/2014 11:24:13 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE} ==================== Memory info =========================== Processor: Intel® Pentium® 4 CPU 3.00GHz Percentage of memory in use: 44% Total physical RAM: 1407 MB Available physical RAM: 778.61 MB Total Pagefile: 2413.11 MB Available Pagefile: 1934.23 MB Total Virtual: 2047.88 MB Available Virtual: 1949.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.46 GB) (Free:10.27 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive h: () (Removable) (Total:14.9 GB) (Free:2.68 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 9DC96E9E) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/4/2014 Scan Time: 6:22:14 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.10.04.12 Rootkit Database: v2014.09.19.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: Dan Popp Scan Type: Threat Scan Result: Completed Objects Scanned: 327793 Time Elapsed: 29 min, 29 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

Hello again, First off, I apologize that I haven't gotten around to this now. I have been away and unable to do anything about this until today. To begin with, I have uninstalled all versions of Java (as far as I'm aware). I then ran JavaRa and it produced the following log: JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Oct 01 16:56:41 2014 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_13 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_14 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_15 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_17 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_18 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_20 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_21 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_23 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_24 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_26 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_29 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_04 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_05 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_07 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_09 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_11 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_13 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_15 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_17 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_21 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_25 Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_51 Found and removed: Software\Classes\JavaPlugin.160_29 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B02 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B03 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B04 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B06 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B02 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B03 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B04 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B06 Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Microsoft\Internet Explorer\Low Rights Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SYSTEM\ControlSet001\Services\Eventlog\Application\JavaQuickStarterService Found and removed: SYSTEM\ControlSet001\Services\JavaQuickStarterService Found and removed: SOFTWARE\Classes\JavaPlugin.10512 JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Oct 01 16:57:01 2014 ------------------------------------ Finished reporting. I also ran TDSSKiller, but it turned up no results. Should I post the log anyway, and what should I do next? On a side note, the "twitch" in my pc has returned. When I try to open a new tab in my browser, (Firefox), it sometimes open two tabs at a time again. The last time it started doing this, I had some sort of malware problem. I don't know if it's a coincidence or what.

Thanks. I'll try to get around to this soon. I do have a question though - should I re-install Java when this step is all done? And if so, how would I do that? Pardon the question, if it's an obvious one. I'm not very tech-savvy.

Hello again, Just ran ComboFix. I'll attach the log file here then.ComboFix.txt

Here's the results of the Fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-09-2014 Ran by Dan Popp at 2014-09-04 11:36:10 Run:1 Running from C:\Documents and Settings\Dan Popp\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Documents and Settings\Dan Popp\Desktop\Essentials\FreeYouTubeToMP3Converter.exe HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home SearchScopes: HKCU - {D9840BA4-2A50-471F-8150-135CE1D0C4F4} URL = http://www.google.co...1I7GZAZ_enUS317 BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File BHO: No Name -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> No File BHO: No Name -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> No File Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} - No File DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co...sreqlab_nvd.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation) S3 catchme; \??\C:\DOCUME~1\DANPOP~1\LOCALS~1\Temp\catchme.sys [X] Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-651377827-839522115-1003Core.job => C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-651377827-839522115-1003UA.job => C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe EmptyTemp: Reboot: ***************** C:\Documents and Settings\Dan Popp\Desktop\Essentials\FreeYouTubeToMP3Converter.exe => Moved successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D9840BA4-2A50-471F-8150-135CE1D0C4F4}" => Key deleted successfully. "HKCR\CLSID\{D9840BA4-2A50-471F-8150-135CE1D0C4F4}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully. "HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" => Key deleted successfully. "HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}" => Key deleted successfully. "HKCR\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}" => Key deleted successfully. "HKCR\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}" => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} => value deleted successfully. "HKCR\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}" => Key not found. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1E54D648-B804-468d-BC78-4AFFED8E262E}" => Key deleted successfully. "HKCR\CLSID\{1E54D648-B804-468d-BC78-4AFFED8E262E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1E54D648-B804-468d-BC78-4AFFED8E262F}" => Key deleted successfully. "HKCR\CLSID\{1E54D648-B804-468d-BC78-4AFFED8E262F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => Key deleted successfully. "HKCR\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => Key not found. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully. "HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}" => Key deleted successfully. "HKCR\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}" => Key deleted successfully. "HKCR\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully. "HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => Key deleted successfully. "HKCR\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => Key Deleted successfully. JavaQuickStarterService => Service stopped successfully. JavaQuickStarterService => Service deleted successfully. catchme => Service deleted successfully. C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-651377827-839522115-1003Core.job => Moved successfully. C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-651377827-839522115-1003UA.job => Moved successfully. C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => Moved successfully. EmptyTemp: => Removed 240.2 MB temporary data. The system needed a reboot. ==== End of Fixlog ====

Just made it through steps 4-8. Step 04 - Junkware Removal Tool log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Microsoft Windows XP x86 Ran by Dan Popp on Wed 09/03/2014 at 14:42:44.17 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Documents and Settings\Dan Popp\Application Data\mozilla\firefox\profiles\plobqh6y.default\prefs.js user_pref("socialfixer.196603871/typeahead_new", "for (; ;{\"__ar\":1,\"payload\":{\"entries\":[{\"uid\":196603871,\"photo\":\"hxxps:\\/\\/fbcdn-profile-a.akamaihd.net\\/hpro Emptied folder: C:\Documents and Settings\Dan Popp\Application Data\mozilla\firefox\profiles\plobqh6y.default\minidumps [4 files] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 09/03/2014 at 14:53:03.67 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Step 05 - AdwCleaner Log: # AdwCleaner v3.309 - Report created 03/09/2014 at 15:35:26 # Updated 02/09/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Dan Popp - DANPOPP # Running from : C:\Documents and Settings\Dan Popp\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v6.0.2900.5512 -\\ Mozilla Firefox v32.0 (x86 en-US) [ File : C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\prefs.js ] Line Deleted : user_pref("extensions.gmailnoads@mywebber.com.install-event-fired", true); [ File : C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qzdtvs36.default\prefs.js ] ************************* AdwCleaner[R0].txt - [1153 octets] - [03/09/2014 15:25:58] AdwCleaner[s0].txt - [1078 octets] - [03/09/2014 15:35:26] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1138 octets] ########## Step 06 - Malwarebytes Threat Scan: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/3/2014 Scan Time: 3:48:37 PM Logfile: MalwareBytes Scan 9-3-14.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.09.03.08 Rootkit Database: v2014.08.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: Dan Popp Scan Type: Threat Scan Result: Completed Objects Scanned: 322891 Time Elapsed: 44 min, 52 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Deep Rootkit Scan: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Step 07 - ESET Online Scan Log: C:\Documents and Settings\Dan Popp\Desktop\Essentials\FreeYouTubeToMP3Converter.exe Win32/OpenCandy potentially unsafe application Step 08 - FRST Log: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2014 Ran by Dan Popp (administrator) on DANPOPP on 03-09-2014 21:13:47 Running from C:\Documents and Settings\Dan Popp\Desktop Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (Creative Technology Ltd) C:\WINDOWS\system32\CTsvcCDA.EXE () C:\Program Files\GNU\GnuPG\dirmngr.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe (GEMTEKS) C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WLService.exe (Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Linksys) C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WMP54GX.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [storageGuard] => C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [155648 2003-02-13] (Sonic Solutions) HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [534160 2013-02-10] (QFX Software Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-07-31] (AVAST Software) HKLM\...\Policies\Explorer: [] HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-21-2000478354-651377827-839522115-1003\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home SearchScopes: HKCU - {D9840BA4-2A50-471F-8150-135CE1D0C4F4} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GZAZ_enUS317 BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File BHO: No Name -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> No File BHO: MSN Toolbar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation) BHO: No Name -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> No File Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} - No File Toolbar: HKLM - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 68.94.156.1 68.94.157.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default FF Homepage: https://www.google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Documents and Settings\Dan Popp\My Documents\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Documents and Settings\Dan Popp\My Documents\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Citrix\Plugins\92\npappdetector.dll (Citrix Online) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Dan Popp\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Dan Popp\Application Data\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dan Popp\Application Data\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dan Popp\Application Data\mozilla\plugins\npo1d.dll (Google) FF Extension: Microsoft Default Manager - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\DefaultManager@Microsoft [2013-08-01] FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\donottrackplus@abine.com [2014-07-10] FF Extension: MaskMe - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\idme@abine.com [2014-03-05] FF Extension: Element Hiding Helper for Adblock Plus - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\elemhidehelper@adblockplus.org.xpi [2013-03-12] FF Extension: Webmail Ad Blocker - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\gmailnoads@mywebber.com.xpi [2013-03-12] FF Extension: Social Fixer - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\socialfixer@mattkruse.com.xpi [2014-01-31] FF Extension: NoScript - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-09] FF Extension: Adblock Plus - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-10] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-03] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-03] FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-09-18] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-22] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-02-26] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-01] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-03-18] Chrome: ======= CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-07-06] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-06] (AVAST Software) R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed] R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed] R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [224256 2011-03-02] () [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed] S4 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75064 2010-03-04] () S4 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [215128 2010-09-18] () R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-07-05] (Skype Technologies S.A.) S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.) R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed] U4 aswUpdSv; "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" [X] R2 WMP54GX4SVC; "C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WLService.exe" "WMP54GX.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 a347bus; C:\WINDOWS\System32\DRIVERS\a347bus.sys [160640 2004-04-30] ( ) [File not signed] R0 a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [5248 2004-04-30] ( ) [File not signed] R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [20747 2009-02-26] (Meetinghouse Data Communications) [File not signed] R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-06] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-06] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-06] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-06] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-06] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-06] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-06] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-06] () R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] () [File not signed] R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation) R3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-09-23] (LogMeIn, Inc.) S3 hidgame; C:\WINDOWS\System32\DRIVERS\hidgame.sys [8576 2001-08-17] (Microsoft Corporation) R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [208920 2013-02-06] (QFX Software Corporation) R3 Linksys3P; C:\WINDOWS\System32\DRIVERS\TMIMO31P.sys [780800 2005-11-29] (Airgo Networks, Inc.) R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed] R3 P16X; C:\WINDOWS\System32\drivers\P16X.sys [1296384 2003-08-14] (Creative Technology Ltd.) R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.) [File not signed] R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17168 2003-07-30] (Sonic Solutions) [File not signed] S3 catchme; \??\C:\DOCUME~1\DANPOP~1\LOCALS~1\Temp\catchme.sys [X] S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-03 21:13 - 2014-09-03 21:14 - 00020292 _____ () C:\Documents and Settings\Dan Popp\Desktop\FRST.txt 2014-09-03 21:13 - 2014-09-03 21:13 - 00000000 ____D () C:\FRST 2014-09-03 21:09 - 2014-09-03 21:09 - 01096704 _____ (Farbar) C:\Documents and Settings\Dan Popp\Desktop\FRST.exe 2014-09-03 21:05 - 2014-09-03 21:05 - 00000132 _____ () C:\Documents and Settings\Dan Popp\Desktop\ESET Scan List of found threats.txt 2014-09-03 18:13 - 2014-09-03 18:13 - 00000000 ____D () C:\Program Files\ESET 2014-09-03 16:35 - 2014-09-03 16:35 - 00001107 _____ () C:\Documents and Settings\Dan Popp\Desktop\MalwareBytes Scan 9-3-14.txt 2014-09-03 15:38 - 2014-09-03 15:38 - 00001218 _____ () C:\Documents and Settings\Dan Popp\Desktop\AdwCleaner[s0].txt 2014-09-03 15:37 - 2014-09-03 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2014-09-03 15:25 - 2014-09-03 15:35 - 00000000 ____D () C:\AdwCleaner 2014-09-03 15:23 - 2014-09-03 15:23 - 01370467 _____ () C:\Documents and Settings\Dan Popp\Desktop\AdwCleaner.exe 2014-09-03 14:53 - 2014-09-03 14:53 - 00001067 _____ () C:\Documents and Settings\Dan Popp\Desktop\JRT.txt 2014-09-03 14:40 - 2014-09-03 14:40 - 01016261 _____ (Thisisu) C:\Documents and Settings\Dan Popp\Desktop\JRT.exe 2014-09-03 09:57 - 2014-09-03 15:37 - 00000021 _____ () C:\WINDOWS\S.dirmngr 2014-09-03 00:13 - 2014-09-03 00:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-01 16:39 - 2014-09-01 16:41 - 04857944 _____ () C:\Documents and Settings\Dan Popp\Desktop\RogueKiller.exe 2014-09-01 16:33 - 2014-09-01 16:42 - 00033512 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys 2014-09-01 16:33 - 2014-09-01 16:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller 2014-09-01 16:30 - 2014-09-01 16:30 - 00001114 _____ () C:\Documents and Settings\Dan Popp\Desktop\MalwareBytes Scan 9-1-14.txt 2014-08-31 23:18 - 2014-08-31 23:19 - 00000000 ____D () C:\Program Files\ERUNT 2014-08-31 23:18 - 2014-08-31 23:18 - 00000611 _____ () C:\Documents and Settings\Dan Popp\Desktop\NTREGOPT.lnk 2014-08-31 23:18 - 2014-08-31 23:18 - 00000592 _____ () C:\Documents and Settings\Dan Popp\Desktop\ERUNT.lnk 2014-08-31 23:18 - 2014-08-31 23:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT 2014-08-31 23:17 - 2014-08-31 23:17 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\Dan Popp\Desktop\erunt-setup.exe 2014-08-31 21:42 - 2014-08-31 21:42 - 01944824 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Dan Popp\Desktop\rkill.exe 2014-08-31 13:11 - 2014-09-01 11:41 - 00001892 _____ () C:\Documents and Settings\Dan Popp\Desktop\Rkill.txt 2014-08-26 11:57 - 2014-08-26 12:41 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\youtube songs 2014-08-23 13:27 - 2014-08-23 13:27 - 01204224 _____ () C:\Documents and Settings\Dan Popp\Desktop\bookmarksaug22.html 2014-08-15 10:12 - 2014-08-15 10:14 - 16631829 _____ () C:\Documents and Settings\Dan Popp\Desktop\facebook-danpopp92 as of August 14, 2014.zip 2014-08-10 21:15 - 2014-08-29 15:03 - 00010610 _____ () C:\WINDOWS\wmsetup.log 2014-08-08 19:36 - 2014-07-28 12:48 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140808-193658.backup 2014-08-08 10:44 - 2014-08-08 10:44 - 00015352 _____ () C:\Documents and Settings\Dan Popp\Desktop\IMG_18289871517457.jpeg 2014-08-08 10:28 - 2014-08-28 10:34 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Application Data\WinPatrol 2014-08-07 18:06 - 2014-08-07 18:06 - 00000000 ____D () C:\Program Files\Ruiware 2014-08-07 18:06 - 2014-08-07 18:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol 2014-08-07 18:05 - 2014-08-07 18:05 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-08-04 17:55 - 2014-08-04 17:59 - 00000637 _____ () C:\Documents and Settings\Dan Popp\Desktop\OpenCandy Removal.txt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-03 21:14 - 2014-09-03 21:13 - 00020292 _____ () C:\Documents and Settings\Dan Popp\Desktop\FRST.txt 2014-09-03 21:14 - 2014-07-28 12:55 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Local Settings\temp 2014-09-03 21:14 - 2010-01-31 18:09 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-03 21:13 - 2014-09-03 21:13 - 00000000 ____D () C:\FRST 2014-09-03 21:09 - 2014-09-03 21:09 - 01096704 _____ (Farbar) C:\Documents and Settings\Dan Popp\Desktop\FRST.exe 2014-09-03 21:05 - 2014-09-03 21:05 - 00000132 _____ () C:\Documents and Settings\Dan Popp\Desktop\ESET Scan List of found threats.txt 2014-09-03 20:49 - 2012-07-10 15:43 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-09-03 20:18 - 2013-06-16 23:24 - 00000990 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-651377827-839522115-1003UA.job 2014-09-03 20:18 - 2013-06-16 23:24 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-651377827-839522115-1003Core.job 2014-09-03 18:49 - 2009-02-26 01:08 - 00032584 _____ () C:\WINDOWS\SchedLgU.Txt 2014-09-03 18:13 - 2014-09-03 18:13 - 00000000 ____D () C:\Program Files\ESET 2014-09-03 16:35 - 2014-09-03 16:35 - 00001107 _____ () C:\Documents and Settings\Dan Popp\Desktop\MalwareBytes Scan 9-3-14.txt 2014-09-03 15:47 - 2014-07-07 15:07 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-03 15:44 - 2012-07-08 22:24 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-09-03 15:41 - 2014-07-29 20:04 - 00004090 _____ () C:\WINDOWS\setupapi.log 2014-09-03 15:41 - 2009-02-28 14:51 - 02094206 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-03 15:39 - 2013-10-01 14:30 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2000478354-651377827-839522115-1003.job 2014-09-03 15:38 - 2014-09-03 15:38 - 00001218 _____ () C:\Documents and Settings\Dan Popp\Desktop\AdwCleaner[s0].txt 2014-09-03 15:37 - 2014-09-03 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2014-09-03 15:37 - 2014-09-03 09:57 - 00000021 _____ () C:\WINDOWS\S.dirmngr 2014-09-03 15:37 - 2014-07-29 10:42 - 00000374 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics 2014-09-03 15:37 - 2013-02-14 09:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-03 15:37 - 2010-01-31 18:09 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-03 15:37 - 2009-02-26 01:02 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-03 15:37 - 2009-02-25 18:55 - 00000159 ____C () C:\WINDOWS\wiadebug.log 2014-09-03 15:37 - 2009-02-25 18:55 - 00000048 ____C () C:\WINDOWS\wiaservc.log 2014-09-03 15:37 - 2003-07-16 11:46 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-09-03 15:36 - 2009-02-26 01:09 - 00000178 ___SH () C:\Documents and Settings\Dan Popp\ntuser.ini 2014-09-03 15:35 - 2014-09-03 15:25 - 00000000 ____D () C:\AdwCleaner 2014-09-03 15:23 - 2014-09-03 15:23 - 01370467 _____ () C:\Documents and Settings\Dan Popp\Desktop\AdwCleaner.exe 2014-09-03 14:53 - 2014-09-03 14:53 - 00001067 _____ () C:\Documents and Settings\Dan Popp\Desktop\JRT.txt 2014-09-03 14:40 - 2014-09-03 14:40 - 01016261 _____ (Thisisu) C:\Documents and Settings\Dan Popp\Desktop\JRT.exe 2014-09-03 11:59 - 2009-02-27 21:50 - 00000000 ____D () C:\Documents and Settings\Dan Popp\My Documents\Resumes 2014-09-03 11:15 - 2009-03-01 22:09 - 00048602 _____ () C:\Documents and Settings\Dan Popp\Application Data\wklnhst.dat 2014-09-03 00:14 - 2014-09-03 00:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-02 18:40 - 2014-04-27 23:54 - 00000000 ____D () C:\Documents and Settings\Dan Popp\My Documents\Quotes 2014-09-02 15:54 - 2014-01-02 03:53 - 00068608 _____ () C:\Documents and Settings\Dan Popp\My Documents\Lists - To-Get, CDs, Songs to Download, Unsure, Equalize - Borrowed Things.xls 2014-09-01 16:42 - 2014-09-01 16:33 - 00033512 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys 2014-09-01 16:41 - 2014-09-01 16:39 - 04857944 _____ () C:\Documents and Settings\Dan Popp\Desktop\RogueKiller.exe 2014-09-01 16:33 - 2014-09-01 16:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller 2014-09-01 16:30 - 2014-09-01 16:30 - 00001114 _____ () C:\Documents and Settings\Dan Popp\Desktop\MalwareBytes Scan 9-1-14.txt 2014-09-01 15:48 - 2011-09-23 22:34 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-09-01 11:41 - 2014-08-31 13:11 - 00001892 _____ () C:\Documents and Settings\Dan Popp\Desktop\Rkill.txt 2014-08-31 23:19 - 2014-08-31 23:18 - 00000000 ____D () C:\Program Files\ERUNT 2014-08-31 23:19 - 2012-05-19 16:44 - 00000000 ____D () C:\WINDOWS\ERDNT 2014-08-31 23:18 - 2014-08-31 23:18 - 00000611 _____ () C:\Documents and Settings\Dan Popp\Desktop\NTREGOPT.lnk 2014-08-31 23:18 - 2014-08-31 23:18 - 00000592 _____ () C:\Documents and Settings\Dan Popp\Desktop\ERUNT.lnk 2014-08-31 23:18 - 2014-08-31 23:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT 2014-08-31 23:17 - 2014-08-31 23:17 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\Dan Popp\Desktop\erunt-setup.exe 2014-08-31 21:42 - 2014-08-31 21:42 - 01944824 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Dan Popp\Desktop\rkill.exe 2014-08-29 16:57 - 2013-02-04 02:22 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Application Data\Spotify 2014-08-29 15:24 - 2013-02-04 02:25 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Spotify 2014-08-29 15:03 - 2014-08-10 21:15 - 00010610 _____ () C:\WINDOWS\wmsetup.log 2014-08-29 10:36 - 2009-02-26 01:09 - 00000000 ____D () C:\Documents and Settings\Dan Popp 2014-08-28 10:34 - 2014-08-08 10:28 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Application Data\WinPatrol 2014-08-27 00:01 - 2009-02-27 19:36 - 00002489 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2014-08-26 12:41 - 2014-08-26 11:57 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\youtube songs 2014-08-25 19:43 - 2013-03-13 19:02 - 00045568 _____ () C:\Documents and Settings\Dan Popp\My Documents\Workout Calendar.xls 2014-08-24 15:41 - 2013-10-01 14:30 - 00000292 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2000478354-651377827-839522115-1003.job 2014-08-23 13:27 - 2014-08-23 13:27 - 01204224 _____ () C:\Documents and Settings\Dan Popp\Desktop\bookmarksaug22.html 2014-08-16 14:22 - 2013-07-11 13:41 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-08-16 14:18 - 2009-03-02 21:52 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-08-15 13:02 - 2013-10-07 01:35 - 00000977 _____ () C:\Documents and Settings\Dan Popp\Desktop\Notes.txt 2014-08-15 10:14 - 2014-08-15 10:12 - 16631829 _____ () C:\Documents and Settings\Dan Popp\Desktop\facebook-danpopp92 as of August 14, 2014.zip 2014-08-14 23:24 - 2014-05-11 23:54 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\MP3Gain Test Songs 2014-08-14 13:51 - 2014-07-12 18:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2014-08-14 13:51 - 2014-07-12 17:59 - 00000000 ____D () C:\Program Files\mbar 2014-08-14 13:18 - 2014-07-07 13:27 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-08-08 19:34 - 2009-03-02 22:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2014-08-08 15:00 - 2014-03-16 13:27 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-08-08 10:44 - 2014-08-08 10:44 - 00015352 _____ () C:\Documents and Settings\Dan Popp\Desktop\IMG_18289871517457.jpeg 2014-08-07 22:18 - 2009-03-03 00:13 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\Essentials 2014-08-07 18:06 - 2014-08-07 18:06 - 00000000 ____D () C:\Program Files\Ruiware 2014-08-07 18:06 - 2014-08-07 18:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol 2014-08-07 18:06 - 2013-02-07 04:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\InstallMate 2014-08-07 18:05 - 2014-08-07 18:05 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-08-04 23:30 - 2013-03-15 16:17 - 00000561 _____ () C:\Documents and Settings\Dan Popp\My Documents\Phone #s.txt 2014-08-04 17:59 - 2014-08-04 17:55 - 00000637 _____ () C:\Documents and Settings\Dan Popp\Desktop\OpenCandy Removal.txt Some content of TEMP: ==================== C:\Documents and Settings\Dan Popp\Local Settings\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Addition.txt

Hello again, sorry for the delay. Anyway, I got to running the tools you sent me here and completing the logs. First, here is the Malwarebytes log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/1/2014 Scan Time: 11:48:03 AM Logfile: MalwareBytes Scan 9-1-14.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.09.01.05 Rootkit Database: v2014.08.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: Dan Popp Scan Type: Custom Scan Result: Completed Objects Scanned: 415164 Time Elapsed: 3 hr, 32 min, 44 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Deep Rootkit Scan: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) and the Roguekiller log: RogueKiller V9.2.9.0 [Jul 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : https://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Dan Popp [Admin rights] Mode : Scan -- Date : 09/01/2014 16:47:30 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 15 ¤¤¤ [suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> FOUND [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pohci13F -> FOUND [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pohci13F -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 68.94.156.1 68.94.157.1 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 68.94.156.1 151.164.8.201 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8539FD6D-DDDF-4732-86DD-861691E8FEC7} | DhcpNameServer : 68.94.156.1 68.94.157.1 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8539FD6D-DDDF-4732-86DD-861691E8FEC7} | DhcpNameServer : 68.94.156.1 151.164.8.201 -> FOUND [PUM.Policies] HKEY_USERS\S-1-5-21-2000478354-651377827-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0 -> FOUND [PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND [PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND [PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] HKEY_USERS\S-1-5-21-2000478354-651377827-839522115-1003\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤ ¤¤¤ Antirootkit : 3 (Driver: LOADED) ¤¤¤ [sSDT:Addr(Hook.SSDT)] NtCreatePagingFile[45] : a347bus.sys @ 0xf75afb00 [sSDT:Addr(Hook.SSDT)] NtOpenFile[116] : a347bus.sys @ 0xf75afb40 [Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\redbook @ Unknown (\SystemRoot\System32\DRIVERS\redbook.sys) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Maxtor 6Y080L0 +++++ --- User --- [MBR] 214a0ea60655085b3446fb0b3bae47a1 [bSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 80325 | Size: 76245 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: SanDisk Cruzer USB Device +++++ --- User --- [MBR] a124dc1f32b91ceacb765c7a5ad6ec2e [bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 15266 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. )

Hey, I've been busy for the last couple of days. But I'll get started with these steps tomorrow. Please don't close! Sorry for the delayed response.

Well, I think I am okay now. But if you don't mind, I do have a request. I'd just like a second opinion here - is there any way we could double-check my logs just to make sure they are clean? It's a shared pc and I'm not sure if everyone who uses it has been browsing safely.

I tried copying and pasting the contents of Addition.txt, but the forum said that the reply was too long. So I've attached it as a .txt file.Addition.txt

Contents of FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-07-2014 Ran by Dan Popp (administrator) on DANPOPP on 09-07-2014 14:54:07 Running from C:\Documents and Settings\Dan Popp\Desktop Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (Creative Technology Ltd) C:\WINDOWS\system32\CTsvcCDA.EXE () C:\Program Files\GNU\GnuPG\dirmngr.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe (GEMTEKS) C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WLService.exe (Linksys) C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WMP54GX.exe (Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (CyberLink Corp.) C:\Program Files\Dell\Media Experience\PCMService.exe (Creative Technology Ltd) C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Microsoft Corp.) C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [PCMService] => C:\Program Files\Dell\Media Experience\PCMService.exe [204800 2003-08-26] (CyberLink Corp.) HKLM\...\Run: [diagent] => C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [135264 2002-04-03] (Creative Technology Ltd) HKLM\...\Run: [updReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM\...\Run: [storageGuard] => C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [155648 2003-02-13] (Sonic Solutions) HKLM\...\Run: [brStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [880640 2008-09-18] (brother) HKLM\...\Run: [MSN Toolbar] => C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe [240992 2010-02-12] (Microsoft Corp.) HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [userFaultCheck] => %systemroot%\system32\dumprep 0 -u HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [534160 2013-02-10] (QFX Software Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-10-01] (RealNetworks, Inc.) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4086432 2014-07-06] (AVAST Software) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Policies\Explorer: [] HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-21-2000478354-651377827-839522115-1003\...\Run: [spotify Web Helper] => C:\Documents and Settings\Dan Popp\Application Data\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-19] (Spotify Ltd) HKU\S-1-5-21-2000478354-651377827-839522115-1003\...\Run: [Google Update] => C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2013-06-16] (Google Inc.) HKU\S-1-5-21-2000478354-651377827-839522115-1003\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart HKU\S-1-5-21-2000478354-651377827-839522115-1003\...0c966feabec1\InprocServer32: [Default-shell32] %SystemRoot%\system32\shdocvw.dll ATTENTION! ====> ZeroAccess/Alureon? Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {B575BFA9-A94B-46C4-8540-FD4D451C965B} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=B8509BA9-9EDD-4F88-B282-BD9537C7863D&apn_sauid=BC7EFA07-1917-4062-8FC1-3AEB559CD04E SearchScopes: HKCU - {D9840BA4-2A50-471F-8150-135CE1D0C4F4} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GZAZ_enUS317 BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: No Name - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} - No File Toolbar: HKLM - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 68.94.156.1 68.94.157.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default FF SelectedSearchEngine: Google FF Homepage: https://www.google.com/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.69 - C:\Documents and Settings\Dan Popp\My Documents\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Documents and Settings\Dan Popp\My Documents\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Citrix\Plugins\92\npappdetector.dll (Citrix Online) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dan Popp\Application Data\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dan Popp\Application Data\mozilla\plugins\npo1d.dll (Google) FF Extension: Microsoft Default Manager - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\DefaultManager@Microsoft [2013-08-01] FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\donottrackplus@abine.com [2014-06-10] FF Extension: MaskMe - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\idme@abine.com [2014-03-05] FF Extension: Element Hiding Helper for Adblock Plus - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\elemhidehelper@adblockplus.org.xpi [2013-03-12] FF Extension: Webmail Ad Blocker - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\gmailnoads@mywebber.com.xpi [2013-03-12] FF Extension: Social Fixer - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\socialfixer@mattkruse.com.xpi [2014-01-31] FF Extension: Adblock Plus - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-10] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11] FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-09-18] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-22] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-02-26] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-01] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-03-18] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-06] (AVAST Software) R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed] R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed] R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [224256 2011-03-02] () [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed] S2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75064 2010-03-04] () S2 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [215128 2010-09-18] () R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-07-05] (Skype Technologies S.A.) S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.) R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed] U4 aswUpdSv; "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" [X] R2 WMP54GX4SVC; "C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WLService.exe" "WMP54GX.exe" [X] ==================== Drivers (Whitelisted) ==================== R0 a347bus; C:\WINDOWS\System32\DRIVERS\a347bus.sys [160640 2004-04-30] ( ) [File not signed] R0 a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [5248 2004-04-30] ( ) [File not signed] R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [20747 2009-02-26] (Meetinghouse Data Communications) [File not signed] R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-06] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-06] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-06] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-06] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-06] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-06] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-06] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-06] () R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] () [File not signed] R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation) R3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-09-23] (LogMeIn, Inc.) S3 hidgame; C:\WINDOWS\System32\DRIVERS\hidgame.sys [8576 2001-08-17] (Microsoft Corporation) R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [208920 2013-02-06] (QFX Software Corporation) R3 Linksys3P; C:\WINDOWS\System32\DRIVERS\TMIMO31P.sys [780800 2005-11-29] (Airgo Networks, Inc.) R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed] R3 P16X; C:\WINDOWS\System32\drivers\P16X.sys [1296384 2003-08-14] (Creative Technology Ltd.) R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.) [File not signed] S3 PnkBstrK; C:\WINDOWS\system32\drivers\PnkBstrK.sys [138384 2010-09-18] () R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17168 2003-07-30] (Sonic Solutions) [File not signed] S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-09 14:54 - 2014-07-09 14:54 - 00022381 _____ () C:\Documents and Settings\Dan Popp\Desktop\FRST.txt 2014-07-09 14:53 - 2014-07-09 14:54 - 00000000 ____D () C:\FRST 2014-07-09 14:53 - 2014-07-09 14:53 - 01074688 _____ (Farbar) C:\Documents and Settings\Dan Popp\Desktop\FRST.exe 2014-07-09 10:46 - 2014-07-09 10:46 - 00000021 _____ () C:\WINDOWS\S.dirmngr 2014-07-07 15:07 - 2014-07-09 13:54 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-07 15:07 - 2014-07-07 13:27 - 00000789 _____ () C:\Documents and Settings\Dan Popp\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-07 13:27 - 2014-07-07 19:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-07-07 13:27 - 2014-07-07 13:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-07 13:27 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-07-06 13:19 - 2014-07-06 13:19 - 00000000 ____D () C:\WINDOWS\jumpshot.com 2014-07-06 13:11 - 2014-07-06 13:11 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-06-30 13:51 - 2014-06-30 13:51 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\200 Situps 2014-06-30 13:48 - 2014-06-30 13:50 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\100 Pushups 2014-06-18 21:37 - 2014-06-18 21:37 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Adobe 2014-06-11 10:43 - 2014-06-11 10:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-07-09 14:55 - 2009-02-26 01:09 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Local Settings\Temp 2014-07-09 14:54 - 2014-07-09 14:54 - 00022381 _____ () C:\Documents and Settings\Dan Popp\Desktop\FRST.txt 2014-07-09 14:54 - 2014-07-09 14:53 - 00000000 ____D () C:\FRST 2014-07-09 14:53 - 2014-07-09 14:53 - 01074688 _____ (Farbar) C:\Documents and Settings\Dan Popp\Desktop\FRST.exe 2014-07-09 14:49 - 2012-07-10 15:43 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-07-09 14:43 - 2013-10-07 01:35 - 00000380 _____ () C:\Documents and Settings\Dan Popp\Desktop\Notes.txt 2014-07-09 14:43 - 2009-02-28 14:51 - 01077159 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-09 14:18 - 2013-06-16 23:24 - 00000990 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-651377827-839522115-1003UA.job 2014-07-09 14:14 - 2010-01-31 18:09 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-09 13:54 - 2014-07-07 15:07 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-09 13:12 - 2012-07-08 22:24 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-07-09 12:57 - 2013-07-11 13:41 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-07-09 12:49 - 2009-03-02 21:52 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-07-09 12:14 - 2010-01-31 18:09 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-09 10:48 - 2013-10-01 14:30 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2000478354-651377827-839522115-1003.job 2014-07-09 10:47 - 2012-05-20 22:32 - 00000434 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics 2014-07-09 10:47 - 2009-02-25 18:55 - 00000159 ____C () C:\WINDOWS\wiadebug.log 2014-07-09 10:47 - 2003-07-16 11:46 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-07-09 10:46 - 2014-07-09 10:46 - 00000021 _____ () C:\WINDOWS\S.dirmngr 2014-07-09 10:46 - 2009-02-26 01:02 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-09 10:46 - 2009-02-25 18:55 - 00000048 ____C () C:\WINDOWS\wiaservc.log 2014-07-09 00:03 - 2009-02-26 01:09 - 00000178 ___SH () C:\Documents and Settings\Dan Popp\ntuser.ini 2014-07-09 00:03 - 2009-02-26 01:08 - 00032616 _____ () C:\WINDOWS\SchedLgU.Txt 2014-07-08 20:18 - 2013-06-16 23:24 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-651377827-839522115-1003Core.job 2014-07-08 15:00 - 2014-03-16 13:27 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-07-08 14:50 - 2012-07-10 15:43 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-07-08 14:50 - 2011-06-01 18:34 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-07-08 11:32 - 2009-03-01 22:09 - 00047512 _____ () C:\Documents and Settings\Dan Popp\Application Data\wklnhst.dat 2014-07-07 22:26 - 2013-03-13 19:02 - 00044032 _____ () C:\Documents and Settings\Dan Popp\My Documents\Workout Calendar.xls 2014-07-07 19:19 - 2009-02-26 01:09 - 00000000 ____D () C:\Documents and Settings\Dan Popp 2014-07-07 19:18 - 2009-03-02 22:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB938464$ 2014-07-07 19:15 - 2014-07-07 13:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-07-07 19:14 - 2003-07-16 11:33 - 00000000 __SHD () C:\Documents and Settings\Dan Popp\Local Settings\Application Data\{6a328933-032b-cf97-a9e8-5174d95ea84f} 2014-07-07 16:50 - 2014-05-11 23:54 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\MP3Gain Test Songs 2014-07-07 15:48 - 2011-09-23 22:34 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-07-07 13:27 - 2014-07-07 15:07 - 00000789 _____ () C:\Documents and Settings\Dan Popp\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-07 13:27 - 2014-07-07 13:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-07 13:27 - 2012-05-18 16:42 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Application Data\Malwarebytes 2014-07-07 13:27 - 2012-05-18 16:40 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-07-07 13:27 - 2012-05-18 16:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-07-07 13:27 - 2012-05-18 16:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-07-06 13:19 - 2014-07-06 13:19 - 00000000 ____D () C:\WINDOWS\jumpshot.com 2014-07-06 13:12 - 2009-02-27 21:19 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2014-07-06 13:11 - 2014-07-06 13:11 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-07-06 13:11 - 2014-04-30 22:13 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-07-06 13:11 - 2013-03-13 15:49 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-07-06 13:11 - 2013-03-13 15:49 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2014-07-06 13:11 - 2013-03-13 15:49 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-07-06 13:11 - 2011-02-26 20:53 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2014-07-06 13:11 - 2009-02-27 21:19 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-07-06 13:11 - 2009-02-27 21:19 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-07-06 13:11 - 2009-02-27 21:19 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys 2014-07-06 12:17 - 2013-10-01 14:30 - 00000292 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2000478354-651377827-839522115-1003.job 2014-07-04 17:01 - 2009-02-27 21:50 - 00000000 ____D () C:\Documents and Settings\Dan Popp\My Documents\Resumes 2014-07-04 15:25 - 2009-02-27 22:37 - 00375141 _____ () C:\WINDOWS\wmsetup.log 2014-07-01 11:51 - 2014-04-10 16:08 - 00000263 _____ () C:\Documents and Settings\Dan Popp\Desktop\Jobs to Investigate.txt 2014-06-30 13:51 - 2014-06-30 13:51 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\200 Situps 2014-06-30 13:50 - 2014-06-30 13:48 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\100 Pushups 2014-06-26 10:36 - 2009-03-02 21:53 - 00690001 _____ () C:\WINDOWS\setupapi.log 2014-06-19 22:56 - 2009-02-27 19:36 - 00002489 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2014-06-18 21:37 - 2014-06-18 21:37 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Adobe 2014-06-12 10:29 - 2013-02-14 09:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-06-11 10:43 - 2014-06-11 10:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-06-09 10:14 - 2012-04-15 22:45 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Application Data\Mozilla ZeroAccess: C:\Documents and Settings\Dan Popp\Local Settings\Application Data\{6a328933-032b-cf97-a9e8-5174d95ea84f} Some content of TEMP: ==================== C:\Documents and Settings\Dan Popp\Local Settings\Temp\APNStub.exe C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u11-windows-i586-iftw.exe C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u13-windows-i586-iftw.exe C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u9-windows-i586-iftw.exe C:\Documents and Settings\Dan Popp\Local Settings\Temp\lowproc.exe C:\Documents and Settings\Dan Popp\Local Settings\Temp\npp.6.3.2.Installer.exe C:\Documents and Settings\Dan Popp\Local Settings\Temp\SCC.dll C:\Documents and Settings\Dan Popp\Local Settings\Temp\shutdown1379708003.exe C:\Documents and Settings\Dan Popp\Local Settings\Temp\SkypeSetup.exe C:\Documents and Settings\Dan Popp\Local Settings\Temp\stubhelper.dll C:\Documents and Settings\Dan Popp\Local Settings\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================

A couple of days ago, I started noticing my PC behaving strangely. It seemed slower than usual and had a sort of "studder" - for example, it would delay and then open 2 new tabs when I was only trying to open 1, and delay and open 2 new browser windows when I was only trying to open one. There were also delays when I was typing - I would type and nothing would display, then a second later my text would appear instead of the usual instantaneous typing. I ran a scan with Avast! free antivirus, which turned up nothing. Then I downloaded the latest update for Malwarebytes and ran a Custom Scan. It turned up several instances of PUPs and other problems listed here: PUP.Optional.FrostwireTB.A PUP.Optional.OpenCandy Backdoor0.Access Trojan.Medfos I proceeded to quarantine all items and later I deleted them. Since then, I've run a couple of Malwarebytes Custom Scans over the days since, which turned up nothing. Also, the "studders" appear to be gone and I haven't noticed any more strange behavior. Not yet, anyway. I'm wondering what more I should do to make sure I am free from this malware, and what I have to do before I can go back to using my computer for things such as Amazon purchases or job applications which may require me to enter personal information. I've looked on the "I'm infected - What do I do now?" post and so far today I've run a Malwarebytes Threat Scan (which I am told is the new name for the old Quick Scan). Like the past couple of scans I've done, it has turned up nothing. I've also downloaded the Farbar Recovery Scan Tool and run a scan. Below are the contents of the FRST.txt and Addition.txt files. PS - as far as I know, this computer isn't using any Peer 2 Peer software or uTorrent. I apologize if I'm wrong about that. I wouldn't say I am tech-savvy so I don't know for sure.

Yesterday, I ran a Malwarebytes Custom Scan after noticing some strange things on my PC. It seemed slower than usual, as well as opening 2 tabs at once whenever I tried to open a new tab after a short delay. To sum up, the computer seemed to studder with every action I took. I first did a virus scan using Avast! free antivirus, thorough scan, which turned up nothing. Then I downloaded the latest version of Malwarebytes and did a Custom Scan. What turned up were many instances of PUPs and other nasties: PUP.Optional.FrostwireTB.A PUP.Optional.OpenCandy Backdoor0.Access Trojan.Medfos FYI, I don't know much about computers. But I Google-searched these names and determined they were not the sort of thing one wants to find on their PC. I quarantined, and later deleted, all instances of these items. I did another Custom Scan today, and it revealed no instances of any malware. The "studder" also seems to be gone as well. Basically, I was wondering what to do next. According to Malwarebytes, nothing more is turning up in the scans. Am I free from this malware? Would it be safe to do something such as buying something online with this PC or entering personal information? Or is there any other action I need to take? Any help would be appreciated.