Jump to content

retxab

Members
  • Posts

    44
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello MBAM quarantined the file werfault.exe as mentioned above. I then deleted it from the quarantine. What should I do? Retxab
  2. The computer is working very well. Thank you for your help. You may close this thread.
  3. Attached are two logs. The first log detected the files that were quarantined at a previous step from FRST. The second log is clean. "Whole Computer Scan" "Medium severity";"8";"8";"0""Scanned folders:";"Scan Whole Computer""Started:";"11/29/2014, 12:07:42 AM""Finished:";"11/29/2014, 12:49:12 AM""Scanned items:";"229560""Launched by:";"Barbara" "Name";"Description";"Status";"Status";"Priority""C:\FRST\Quarantine\C\Program Files\Spyware Clear\SC_Svc.exe";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium""C:\FRST\Quarantine\C\Program Files\Spyware Clear\SpywareClearUpdate.exe";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium""C:\FRST\Quarantine\C\Program Files\Spyware Clear\SCShell.dll";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium""C:\FRST\Quarantine\C\Program Files\Spyware Clear\SpywareClearShield.exe";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium""C:\FRST\Quarantine\C\Program Files\PCTechHotline\PCTHdesk.dll";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium""C:\FRST\Quarantine\C\Program Files\PCTechHotline\PCTechHotlineSvc.exe";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium""C:\FRST\Quarantine\C\Program Files\PCTechHotline\PCTechHotline.exe";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium""C:\FRST\Quarantine\C\Program Files\Spyware Clear\SpywareClear.exe";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium" "Whole Computer Scan""No infection was found during this scan""Scanned folders:";"Scan Whole Computer""Started:";"12/1/2014, 1:12:22 AM""Finished:";"12/1/2014, 1:43:51 AM""Scanned items:";"229264""Launched by:";"Barbara"
  4. I quaranteed the files above and then deleted them using MBAM. Attached is the relevant log. Additional MBAM scans come up clean. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/30/2014Scan Time: 5:03:22 AMLogfile: mbam3.txtAdministrator: Yes Version: 2.00.3.1025Malware Database: v2014.11.28.10Rootkit Database: v2014.11.22.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows XP Service Pack 3CPU: x86File System: NTFSUser: Barbara Scan Type: Threat ScanResult: CompletedObjects Scanned: 340276Time Elapsed: 6 min, 5 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: WarnPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 3PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int, Quarantined, [1515d76a6a12d660d121a897e221fa06], Files: 40PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\DockData.ice, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\log.log, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\instagram.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\africa.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\asia.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\blogspot.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\bus.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\business.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ch.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ent.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\europe.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Facebook.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ff.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\foot.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\games.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\games2.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\golf.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\horoscope.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\icon-news.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ie.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Linkedin.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\lnews.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\me.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\msport.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\opera.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\reddit.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Settings.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\skyrocket.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\space.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\tech.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\tennis.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Thumbs.db, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\twitter.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\us.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Wikipedia.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\wnews.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\wsport.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\yahoonews.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Yahoow.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Youtube.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], Physical Sectors: 0(No malicious items detected) (end)
  5. Disregard my pervious post. Much better now. Latest malwarebyes scan log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/29/2014Scan Time: 1:01:25 AMLogfile: mbam2.txtAdministrator: Yes Version: 2.00.3.1025Malware Database: v2014.11.28.10Rootkit Database: v2014.11.22.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows XP Service Pack 3CPU: x86File System: NTFSUser: Barbara Scan Type: Threat ScanResult: CompletedObjects Scanned: 340439Time Elapsed: 5 min, 49 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: WarnPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 3PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int, , [94967cc5502ca195c13196a9a2610cf4], Files: 39PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\DockData.ice, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\log.log, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\instagram.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\africa.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\asia.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\blogspot.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\bus.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\business.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ch.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ent.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\europe.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Facebook.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ff.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\foot.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\games.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\games2.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\golf.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\horoscope.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\icon-news.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ie.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Linkedin.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\lnews.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\me.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\msport.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\opera.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\reddit.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Settings.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\skyrocket.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\space.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\tech.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\tennis.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\twitter.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\us.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Wikipedia.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\wnews.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\wsport.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\yahoonews.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Yahoow.png, , [94967cc5502ca195c13196a9a2610cf4], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Youtube.png, , [94967cc5502ca195c13196a9a2610cf4], Physical Sectors: 0(No malicious items detected) (end)
  6. Latest malwarebytes scan came back clean. Custom malwarebytes scan for rootkits came back clean. One minor problem. A window pops up during the desktop loading process showing the following folder: c:\Documents and Settings\Barbara\Application Data\AVG How can I prevent this window from popping up?
  7. Attached are the logs Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/24/2014Scan Time: 4:58:12 PMLogfile: mbam.txtAdministrator: Yes Version: 2.00.3.1025Malware Database: v2014.11.24.08Rootkit Database: v2014.11.22.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows XP Service Pack 3CPU: x86File System: NTFSUser: Barbara Scan Type: Threat ScanResult: CompletedObjects Scanned: 342614Time Elapsed: 8 min, 23 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: WarnPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 4PUP.Optional.DeskTopDock.A, C:\Program Files\Desktop Dock, Quarantined, [efa945fa7c00261071bbe75db350df21], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Local Settings\Application Data\DesktopDock, Quarantined, [6335350ad0ac5cdab479c77d8f7457a9], PUP.Optional.SearchExtensions.A, C:\Program Files\Search Extensions, Quarantined, [1682cd72116b8aac379e13a446bed52b], PUP.Optional.SearchExtensions.A, C:\Program Files\Search Extensions\Resources, Quarantined, [1682cd72116b8aac379e13a446bed52b], Files: 7PUP.Optional.OptimunInstaller, C:\Documents and Settings\Barbara\My Documents\Downloads\fl_setup.exe, Quarantined, [9503fa45ef8df93d17cdcc7d05fb956b], PUP.Optional.DeskTopDock.A, C:\Program Files\Desktop Dock\unins000.dat, Quarantined, [efa945fa7c00261071bbe75db350df21], PUP.Optional.DeskTopDock.A, C:\Program Files\Desktop Dock\DesktopDock.exe.config, Quarantined, [efa945fa7c00261071bbe75db350df21], PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Local Settings\Application Data\DesktopDock\DesktopDockApp.dat, Quarantined, [6335350ad0ac5cdab479c77d8f7457a9], PUP.Optional.SearchExtensions.A, C:\Program Files\Search Extensions\TrustedRoot.cer, Quarantined, [1682cd72116b8aac379e13a446bed52b], PUP.Optional.SearchExtensions.A, C:\Program Files\Search Extensions\config.dat, Quarantined, [1682cd72116b8aac379e13a446bed52b], PUP.Optional.SearchExtensions.A, C:\Program Files\Search Extensions\makecert.exe, Quarantined, [1682cd72116b8aac379e13a446bed52b], Physical Sectors: 0(No malicious items detected) (end) C:\FRST\Quarantine\C\Documents and Settings\Barbara\Local Settings\temp\sp-downloader.exe.xBAD Win32/Toolbar.Conduit.R potentially unwanted application deleted - quarantinedC:\Program Files\NCH Software\Components\NCHToolbars\ask.com\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
  8. Attached is the flixlog. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-11-2014 01 Ran by Barbara at 2014-11-23 17:39:32 Run:1Running from C:\Loaded Profiles: Barbara & Administrator (Available profiles: Barbara & Administrator)Boot Mode: Normal ============================================== Content of fixlist:*****************StartTask: C:\WINDOWS\Tasks\RocketTab Update Task.job => C:\Program Files\Search Extensions\uninstall.exe <==== ATTENTIONTask: C:\WINDOWS\Tasks\RocketTab.job => C:\Program Files\Search Extensions\Client.exe <==== ATTENTIONHKLM\...\Run: [PCTechHotline] => C:\Program Files\PCTechHotline\PCTechHotline.exe [1904968 2014-11-05] (Crawler, LLC)HKLM\...\Run: [spywareClearShield] => C:\Program Files\Spyware Clear\SpywareClearShield.exe [3733864 2014-11-05] (Crawler.com)HKLM\...\Run: [spywareClearUpdater] => C:\Program Files\Spyware Clear\SpywareClearUpdate.exe [5411176 2014-11-05] (Crawler.com)HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONR2 PCTechHotlineSvc; C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe [701768 2014-11-05] (Crawler, LLC) [File not signed]S1 MRxSmb; system32\DRIVERS\mrxsmb.sys [X]2014-11-19 18:39 - 2014-11-19 18:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spyware Clear2014-11-19 18:39 - 2014-11-19 18:46 - 00000000 ____D () C:\Program Files\Spyware Clear2014-11-19 18:39 - 2014-11-19 18:42 - 00000000 ____D () C:\Program Files\PCTechHotline2014-11-19 18:39 - 2014-11-19 18:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Clear2014-11-19 18:39 - 2014-11-19 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PC Tech Hotline2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Program Files\Couponarific2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Documents and Settings\Barbara\Application Data\Spyware Clear2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Documents and Settings\Barbara\Application Data\PC Tech HotlineC:\Documents and Settings\Barbara\Local Settings\temp\sp-downloader.exeC:\Documents and Settings\Barbara\Local Settings\temp\spywareclearADK.exeEnd***************** C:\WINDOWS\Tasks\RocketTab Update Task.job => Moved successfully.C:\WINDOWS\Tasks\RocketTab.job => Moved successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PCTechHotline => value deleted successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareClearShield => value deleted successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareClearUpdater => value deleted successfully."HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.PCTechHotlineSvc => Service stopped successfully.PCTechHotlineSvc => Service deleted successfully.MRxSmb => Service deleted successfully. "C:\Documents and Settings\All Users\Application Data\Spyware Clear" directory move: Could not move "C:\Documents and Settings\All Users\Application Data\Spyware Clear\ST_RL.spt" => Scheduled to move on reboot.C:\Documents and Settings\All Users\Application Data\Spyware Clear\Update\ST_1_CSD_3.000.000.0006.cab => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\Update\ST_1_DB_8.011.019.0001.cab => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\Shared\ST_1_CSD_3.000.000.0006.cab => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\Shared\ST_1_CSD_3.000.000.0006.ini => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\Shared\ST_1_CSD_3.000.000.0006.torrent => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\Shared\ST_1_DB_8.011.019.0001.cab => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\Shared\ST_1_DB_8.011.019.0001.ini => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\Shared\ST_1_DB_8.011.019.0001.torrent => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\Reports\scan_0001.rpt => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\185_en_1.pngx => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\186_en_2.pngx => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\187_en_4.pngx => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\188_en_1.pngx => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\189_en_2.pngx => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\191_en_6.pngx => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\192_en_2.pngx => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\193_en_1.pngx => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\251_en_2.pngx => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\275_en_1.pngx => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\276_en_1.pngx => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\277_en_1.pngx => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\278_en_1.pngx => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\302_en_2.pngx => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\303_en_1.pngx => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\307_en_3.pngx => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\308_en_1.pngx => Moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear\Addons\addons.xml => Moved successfully.Could not move "C:\Documents and Settings\All Users\Application Data\Spyware Clear" directory. => Scheduled to move on reboot. C:\Program Files\Spyware Clear => Moved successfully.C:\Program Files\PCTechHotline => Moved successfully.C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Clear => Moved successfully.C:\Documents and Settings\All Users\Start Menu\Programs\PC Tech Hotline => Moved successfully.C:\Program Files\Couponarific => Moved successfully.C:\Documents and Settings\Barbara\Application Data\Spyware Clear => Moved successfully.C:\Documents and Settings\Barbara\Application Data\PC Tech Hotline => Moved successfully.C:\Documents and Settings\Barbara\Local Settings\temp\sp-downloader.exe => Moved successfully.C:\Documents and Settings\Barbara\Local Settings\temp\spywareclearADK.exe => Moved successfully. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-23 17:40:55)<= C:\Documents and Settings\All Users\Application Data\Spyware Clear\ST_RL.spt => Is moved successfully.C:\Documents and Settings\All Users\Application Data\Spyware Clear => Is moved successfully. ==== End of Fixlog ====
  9. My computer is infection with a program called spyware cleaner. Attached are the relevant logs. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-11-2014 01 Ran by Barbara (administrator) on D32K5JC1 on 22-11-2014 23:33:21Running from C:\Loaded Profiles: Barbara & Administrator (Available profiles: Barbara & Administrator)Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)Internet Explorer Version 8Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Crawler, LLC) C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe(Crawler.com) C:\Program Files\Spyware Clear\SC_Svc.exe(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe() C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe() C:\Program Files\AVG SafeGuard toolbar\vprot.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Crawler.com) C:\Program Files\Spyware Clear\SpywareClearShield.exe(Crawler.com) C:\Program Files\Spyware Clear\SpywareClearUpdate.exe(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe(Crawler, LLC) C:\Program Files\PCTechHotline\PCTechHotline.exe(SupportSoft, Inc.) C:\Program Files\Dell Support Center\gs_agent\dsc.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16132608 2007-07-16] (Realtek Semiconductor Corp.)HKLM\...\Run: [Dell DataSafe Online] => C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.)HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2567272 2011-07-19] (CANON INC.)HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] ()HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)HKLM\...\Run: [spywareClearShield] => C:\Program Files\Spyware Clear\SpywareClearShield.exe [3733864 2014-11-05] (Crawler.com)HKLM\...\Run: [spywareClearUpdater] => C:\Program Files\Spyware Clear\SpywareClearUpdate.exe [5411176 2014-11-05] (Crawler.com)HKLM\...\Run: [PCTechHotline] => C:\Program Files\PCTechHotline\PCTechHotline.exe [1904968 2014-11-05] (Crawler, LLC)Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)HKLM\...\Policies\Explorer: [NoCDBurning] 0HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\...\Run: [Google Update] => C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-09-19] (Google Inc.)HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Documents and Settings\Barbara\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=3c5f42247ffb47d184c8d168ddcd3617-8531600e75149c2fdc93a5567bbd8317f0ab06a5 /CMPID=1 (the data entry has 4 more characters).BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-2821682522-1311732649-3067762728-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-2821682522-1311732649-3067762728-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1HKU\S-1-5-21-2821682522-1311732649-3067762728-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.comHKU\S-1-5-21-2821682522-1311732649-3067762728-500\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.comHKU\S-1-5-21-2821682522-1311732649-3067762728-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1HKU\S-1-5-21-2821682522-1311732649-3067762728-500\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspxHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> {88F0E3F0-DC1F-45B5-80DA-C2E25E61A0C2} URL = http://www.google.com/search?q={searchTerms}SearchScopes: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={40A2108E-AB14-48F5-8090-12A06F4F3ABD}&mid=3c5f42247ffb47d184c8d168ddcd3617-8531600e75149c2fdc93a5567bbd8317f0ab06a5〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-0521:28:21&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> {B1705111-8241-4C98-8AEF-4F3091A46404} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll No FileBHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll No FileToolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)Toolbar: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)Toolbar: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileToolbar: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No FileHandler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) FireFox:========FF ProfilePath: C:\Documents and Settings\Barbara\Application Data\Mozilla\Firefox\Profiles\jo5flxg6.defaultFF DefaultSearchEngine: AVG Secure SearchFF SelectedSearchEngine: AVG Secure SearchFF Homepage: hxxp://mysearch.avg.com?cid={40A2108E-AB14-48F5-8090-12A06F4F3ABD}&mid=3c5f42247ffb47d184c8d168ddcd3617-8531600e75149c2fdc93a5567bbd8317f0ab06a5〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 21:28:21&v=17.3.1.204&pid=safeguard&sg=0&sap=hpFF NetworkProxy: "no_proxies_on", "*.local"FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No FileFF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-2821682522-1311732649-3067762728-1005: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Barbara\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKU\S-1-5-21-2821682522-1311732649-3067762728-1005: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Barbara\Application Data\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKU\S-1-5-21-2821682522-1311732649-3067762728-1005: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-2821682522-1311732649-3067762728-1005: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Barbara\Application Data\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Barbara\Application Data\mozilla\plugins\npo1d.dll (Google)FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xmlFF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-06]FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204FF Extension: AVG SafeGuard toolbar - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-05]FF HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\...\Firefox\Extensions: [{19BBD522-AC5D-11E1-8270-B8AC6F996F26}] - C:\Documents and Settings\Barbara\Local Settings\Application Data\{19BBD522-AC5D-11E1-8270-B8AC6F996F26} Chrome: =======CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No FileCHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Barbara\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Barbara\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll No FileCHR Plugin: (Google Talk Plugin Video Renderer) - C:\Documents and Settings\Barbara\Application Data\Mozilla\plugins\npo1d.dll (Google)CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 7 U40) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll No FileCHR Plugin: (Java Deployment Toolkit 7.0.400.43) - C:\WINDOWS\system32\npDeployJava1.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No FileCHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Profile: C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-30]CHR Extension: (Google Drive) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-30]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]CHR Extension: (YouTube) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-30]CHR Extension: (Google Search) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-30]CHR Extension: (AVG SafeGuard) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-12-10]CHR Extension: (Google Wallet) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-30]CHR Extension: (Gmail) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-30] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-11-07] (AVG Technologies CZ, s.r.o.)R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)S2 gupdate1c9e3ab5e358b90; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)S3 ICDSPTSV; C:\WINDOWS\system32\IcdSptSv.exe [99688 2009-10-14] (Sony Corporation)R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-26] (Oracle Corporation)R2 PCTechHotlineSvc; C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe [701768 2014-11-05] (Crawler, LLC) [File not signed]R2 SC_Svc; C:\Program Files\Spyware Clear\SC_svc.exe [1933160 2014-11-05] (Crawler.com) [File not signed]R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)R2 UxTuneUp; C:\WINDOWS\System32\uxtuneup.dll [35640 2013-09-09] (AVG)R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)S3 ICDUSB3; C:\WINDOWS\System32\Drivers\ICDUSB3.sys [11264 2008-08-18] (Sony Corporation)R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]S3 MFE_RR; \??\C:\DOCUME~1\Barbara\LOCALS~1\Temp\mfe_rr.sys [X]S1 MRxSmb; system32\DRIVERS\mrxsmb.sys [X]U0 Partizan; system32\drivers\Partizan.sys [X]U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)S3 TuneUpUtilitiesDrv; \??\C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-22 23:33 - 2014-11-22 23:33 - 00024664 _____ () C:\FRST.txt2014-11-22 23:33 - 2014-11-22 23:33 - 00000000 ____D () C:\FRST2014-11-22 22:43 - 2014-11-22 22:43 - 00000000 _____ () C:\WINDOWS\setuperr.log2014-11-22 18:23 - 2014-11-22 18:23 - 01109504 _____ (Farbar) C:\FRST.exe2014-11-19 18:39 - 2014-11-19 18:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spyware Clear2014-11-19 18:39 - 2014-11-19 18:46 - 00000000 ____D () C:\Program Files\Spyware Clear2014-11-19 18:39 - 2014-11-19 18:42 - 00000000 ____D () C:\Program Files\PCTechHotline2014-11-19 18:39 - 2014-11-19 18:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Clear2014-11-19 18:39 - 2014-11-19 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PC Tech Hotline2014-11-19 18:39 - 2014-11-19 18:39 - 00000005 _____ () C:\end2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Program Files\Couponarific2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Documents and Settings\Barbara\Local Settings\Application Data\DesktopDock2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Documents and Settings\Barbara\Application Data\Spyware Clear2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Documents and Settings\Barbara\Application Data\PC Tech Hotline2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Documents and Settings\Barbara\Application Data\Dock2014-11-19 18:39 - 2011-06-21 11:24 - 00032768 _____ () C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys2014-11-19 18:38 - 2014-11-19 18:42 - 00000000 ____D () C:\Program Files\Desktop Dock2014-11-19 18:38 - 2014-11-19 18:42 - 00000000 ____D () C:\Program Files\740E97DF-6426-4A2A-ABEF-5C33040EFEE12014-11-19 18:38 - 2014-11-19 18:41 - 00000000 ____D () C:\Documents and Settings\Barbara\Start Menu\Programs\Desktop Dock2014-11-19 18:37 - 2014-11-22 23:31 - 00000762 _____ () C:\WINDOWS\Tasks\RocketTab Update Task.job2014-11-19 18:37 - 2014-11-22 23:31 - 00000496 _____ () C:\WINDOWS\Tasks\RocketTab.job2014-11-19 18:37 - 2014-11-19 18:42 - 00000000 ____D () C:\Program Files\Search Extensions2014-11-19 18:37 - 2014-11-19 18:40 - 00000000 ____D () C:\Program Files\0102014-11-18 13:55 - 2014-11-22 22:43 - 00017057 _____ () C:\WINDOWS\setupapi.log2014-11-18 13:54 - 2014-11-18 13:54 - 00000000 ____D () C:\Documents and Settings\Barbara\Local Settings\Application Data\Avg2014-10-29 14:58 - 2014-10-29 14:58 - 00000000 ____D () C:\Program Files\Common Files\Java2014-10-29 14:58 - 2014-10-29 14:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java2014-10-29 14:58 - 2014-09-26 17:42 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll2014-10-29 14:58 - 2014-09-26 17:36 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe2014-10-29 14:58 - 2014-09-26 17:36 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe2014-10-29 14:58 - 2014-09-26 17:35 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe2014-10-29 14:58 - 2014-09-26 17:16 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl2014-10-29 14:57 - 2014-10-29 14:58 - 00005641 _____ () C:\WINDOWS\system32\jupdate-1.7.0_71-b14.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-22 23:33 - 2013-09-22 17:32 - 00000000 ____D () C:\Documents and Settings\Barbara\Local Settings\temp2014-11-22 23:33 - 2012-12-22 01:27 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005UA.job2014-11-22 23:32 - 2008-04-25 16:28 - 01350573 _____ () C:\WINDOWS\WindowsUpdate.log2014-11-22 23:32 - 2008-04-25 11:16 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl2014-11-22 23:31 - 2014-03-13 10:56 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job2014-11-22 23:31 - 2013-09-11 08:09 - 00000050 _____ () C:\WINDOWS\wiaservc.log2014-11-22 23:31 - 2009-06-29 22:12 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-11-22 23:31 - 2008-04-25 16:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-11-22 23:31 - 2008-04-25 04:25 - 00000159 _____ () C:\WINDOWS\wiadebug.log2014-11-22 23:10 - 2009-02-28 17:08 - 00000178 ___SH () C:\Documents and Settings\Barbara\ntuser.ini2014-11-22 23:10 - 2008-04-25 16:32 - 00032544 _____ () C:\WINDOWS\SchedLgU.Txt2014-11-22 22:48 - 2012-01-28 14:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData2014-11-22 22:43 - 2014-06-06 06:44 - 00000236 _____ () C:\WINDOWS\setupact.log2014-11-22 22:43 - 2012-04-10 15:36 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-11-20 19:58 - 2013-09-26 21:46 - 00001509 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk2014-11-20 19:58 - 2013-09-24 23:30 - 00001609 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk2014-11-20 19:58 - 2009-02-28 17:08 - 00001601 _____ () C:\Documents and Settings\Barbara\Start Menu\Programs\Remote Assistance.LNK2014-11-19 20:14 - 2009-02-28 18:07 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job2014-11-19 19:28 - 2009-06-29 22:12 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-11-19 18:43 - 2009-02-28 17:08 - 00000000 ____D () C:\Documents and Settings\Barbara2014-11-19 18:40 - 2013-09-28 21:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG20142014-11-19 17:32 - 2012-12-22 01:27 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005Core.job2014-11-18 14:10 - 2008-04-25 04:22 - 00569026 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-11-18 14:08 - 2014-03-13 10:56 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job2014-11-18 13:56 - 2014-03-31 09:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG2014-11-18 13:56 - 2013-09-28 21:56 - 00000704 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk2014-11-16 12:13 - 2009-06-02 12:55 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job2014-11-12 12:16 - 2009-02-20 07:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help2014-11-12 12:15 - 2013-07-14 06:20 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-11-12 12:09 - 2009-03-02 18:42 - 100445232 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-11-11 22:43 - 2012-04-10 15:36 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2014-11-11 22:43 - 2011-06-03 21:41 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl2014-11-10 16:27 - 2012-06-18 09:37 - 00000000 ____D () C:\Documents and Settings\Barbara\Application Data\Mozilla2014-10-29 21:03 - 2011-08-08 06:08 - 00098584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys2014-10-29 14:58 - 2009-02-20 07:56 - 00000000 ____D () C:\Program Files\Java2014-10-28 21:25 - 2013-10-30 19:51 - 00001815 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk2014-10-24 10:20 - 2011-10-07 06:23 - 00189720 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx86.sys2014-10-23 21:35 - 2014-10-22 05:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox Some content of TEMP:====================C:\Documents and Settings\Barbara\Local Settings\temp\jre-7u71-windows-i586-iftw.exeC:\Documents and Settings\Barbara\Local Settings\temp\sp-downloader.exeC:\Documents and Settings\Barbara\Local Settings\temp\spywareclearADK.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-11-2014 01Ran by Barbara at 2014-11-22 23:34:11Running from C:\Boot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG Internet Security 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: AVG Internet Security 2014 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) HiddenAdobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4794 - AVG Technologies)AVG 2014 (Version: 14.0.4189 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4259 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4794 - AVG Technologies) HiddenAVG PC TuneUp 2014 (en-US) (Version: 14.0.1001.156 - AVG) HiddenAVG PC TuneUp Language Pack (en-US) (Version: 12.0.4000.108 - AVG Technologies) HiddenAVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)BorgataPoker (HKLM\...\BorgataPoker) (Version: - theBorgata)Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )Canon MP Navigator EX 5.1 (HKLM\...\MP Navigator EX 5.1) (Version: - )Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version: - )Canon MX430 series On-screen Manual (HKLM\...\Canon MX430 series On-screen Manual) (Version: - )Canon MX430 series User Registration (HKLM\...\Canon MX430 series User Registration) (Version: - )Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) HiddenDell DataSafe Online (HKLM\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08335 - Dell)DesktopDock (HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\...\DesktopDock) (Version: 1.0.1.32 - DesktopDock)Digital Voice Editor 3 (HKLM\...\{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}) (Version: 3.3.01.11240 - Sony Corporation)FamilySearch Indexing (HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\...\FamilySearch Indexing) (Version: - Intellectual Reserve, Inc.)FamilySearch Indexing 3.13.1 (HKLM\...\0591-8077-9297-0833) (Version: 3.13.1 - FamilySearch)Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.25.11 - Google Inc.) HiddenGoogle Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 14.5 - Intel)iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.710 - Oracle)JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Mozilla Firefox 31.2.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 31.2.0 ESR (x86 en-US)) (Version: 31.2.0 - Mozilla)MSN (HKLM\...\MSNINST) (Version: - )MSVCRT (Version: 14.0.1468.721 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation)PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)RootsMagic 5.0.4.1 (HKLM\...\{C1689DDD-6378-4966-8865-6292D7141A6A}_is1) (Version: - RootsMagic, Inc.)Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) HiddenUninstall FamilySearch Indexing (HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\...\Uninstall FamilySearch Indexing) (Version: - Intellectual Reserve, Inc.)Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) HiddenWindows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll (the data entry has 7 more characters).CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll (the data entry has 7 more characters).CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (the data entry has 8 more characters).CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}\InprocServer32 -> C:\WINDOWS\system32\pngfilt.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll (the data entry has 7 more characters).CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dl (the data entry has 9 more characters).CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll (the data entry has 7 more characters).CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll (the data entry has 7 more characters). ==================== Restore Points ========================= 22-08-2014 03:55:37 System Checkpoint26-08-2014 03:02:24 System Checkpoint27-08-2014 03:19:05 System Checkpoint28-08-2014 14:20:29 System Checkpoint29-08-2014 20:12:29 System Checkpoint30-08-2014 23:21:51 System Checkpoint01-09-2014 20:52:17 System Checkpoint02-09-2014 21:24:43 System Checkpoint03-09-2014 22:39:04 System Checkpoint05-09-2014 12:28:27 System Checkpoint07-09-2014 17:28:20 System Checkpoint09-09-2014 01:54:27 System Checkpoint10-09-2014 02:59:56 System Checkpoint11-09-2014 03:41:42 System Checkpoint12-09-2014 10:53:07 Software Distribution Service 3.014-09-2014 18:04:42 System Checkpoint15-09-2014 18:28:09 System Checkpoint17-09-2014 02:13:57 System Checkpoint18-09-2014 03:44:29 System Checkpoint19-09-2014 11:36:40 System Checkpoint20-09-2014 22:30:53 System Checkpoint21-09-2014 22:59:47 System Checkpoint23-09-2014 01:14:15 System Checkpoint24-09-2014 01:40:56 System Checkpoint25-09-2014 01:44:12 System Checkpoint26-09-2014 12:09:55 System Checkpoint27-09-2014 14:48:10 System Checkpoint29-09-2014 18:05:25 System Checkpoint01-10-2014 01:50:47 System Checkpoint02-10-2014 11:53:09 System Checkpoint03-10-2014 12:17:04 System Checkpoint04-10-2014 22:42:41 System Checkpoint05-10-2014 22:52:58 System Checkpoint07-10-2014 03:13:51 System Checkpoint08-10-2014 11:26:32 System Checkpoint09-10-2014 22:55:44 System Checkpoint11-10-2014 03:28:42 System Checkpoint12-10-2014 23:20:13 System Checkpoint14-10-2014 02:37:09 System Checkpoint15-10-2014 02:37:46 System Checkpoint16-10-2014 11:30:58 Software Distribution Service 3.020-10-2014 20:06:08 System Checkpoint21-10-2014 21:26:24 System Checkpoint22-10-2014 22:31:21 System Checkpoint24-10-2014 11:14:12 System Checkpoint25-10-2014 11:24:10 System Checkpoint26-10-2014 17:04:32 System Checkpoint28-10-2014 01:14:02 System Checkpoint29-10-2014 03:16:29 System Checkpoint29-10-2014 19:57:22 Installed Java 7 Update 7131-10-2014 02:34:25 System Checkpoint01-11-2014 21:11:25 System Checkpoint02-11-2014 22:06:26 System Checkpoint04-11-2014 02:13:06 System Checkpoint05-11-2014 20:20:36 System Checkpoint07-11-2014 03:48:50 System Checkpoint08-11-2014 11:05:06 System Checkpoint10-11-2014 00:07:08 System Checkpoint11-11-2014 00:49:25 System Checkpoint12-11-2014 01:37:56 System Checkpoint12-11-2014 17:09:34 Software Distribution Service 3.014-11-2014 01:04:23 System Checkpoint15-11-2014 13:42:39 System Checkpoint16-11-2014 21:15:48 System Checkpoint17-11-2014 22:40:52 System Checkpoint19-11-2014 20:52:34 System Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2008-04-25 11:16 - 2013-09-21 18:01 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exeTask: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005Core.job => C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005UA.job => C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exeTask: C:\WINDOWS\Tasks\RocketTab Update Task.job => C:\Program Files\Search Extensions\uninstall.exe <==== ATTENTIONTask: C:\WINDOWS\Tasks\RocketTab.job => C:\Program Files\Search Extensions\Client.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2014-08-11 18:05 - 2014-08-11 18:04 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe2014-08-11 18:05 - 2014-08-11 18:04 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll2009-11-13 16:15 - 2009-11-13 16:15 - 01807600 _____ () C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe2009-11-13 16:15 - 2009-11-13 16:15 - 00275696 _____ () C:\Program Files\Dell DataSafe Online\SdbShared.dll2008-11-03 10:54 - 2008-11-03 10:54 - 00058608 _____ () C:\Program Files\Dell DataSafe Online\BalloonWindow.dll2009-11-13 16:15 - 2009-11-13 16:15 - 00095472 _____ () C:\Program Files\Dell DataSafe Online\SdbUI.dll2009-11-13 16:15 - 2009-11-13 16:15 - 00152816 _____ () C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll2009-11-13 16:15 - 2009-11-13 16:15 - 00017648 _____ () C:\Program Files\Dell DataSafe Online\cpputils.dll2014-02-13 08:40 - 2014-03-20 22:23 - 01603608 _____ () C:\Program Files\AVG SafeGuard toolbar\TBAPI.dll2014-02-13 08:40 - 2014-08-25 18:49 - 02640408 _____ () C:\Program Files\AVG SafeGuard toolbar\vprot.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2821682522-1311732649-3067762728-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\AdministratorBarbara (S-1-5-21-2821682522-1311732649-3067762728-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\BarbaraGuest (S-1-5-21-2821682522-1311732649-3067762728-501 - Limited - Disabled)HelpAssistant (S-1-5-21-2821682522-1311732649-3067762728-1004 - Limited - Disabled)SUPPORT_388945a0 (S-1-5-21-2821682522-1311732649-3067762728-1002 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (11/22/2014 10:43:02 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.Processing media-specific event for [!ws!] Error: (11/21/2014 08:40:39 AM) (Source: Userenv) (EventID: 1007) (User: NT AUTHORITY)Description: Windows cannot determine the associated site for this computer. (The RPC server is too busy to complete this operation. ). Group Policy processing aborted. Error: (11/21/2014 08:40:39 AM) (Source: Userenv) (EventID: 1007) (User: D32K5JC1)Description: Windows cannot determine the associated site for this computer. (The RPC server is too busy to complete this operation. ). Group Policy processing aborted. Error: (11/21/2014 06:53:25 AM) (Source: ESENT) (EventID: 490) (User: )Description: wuauclt (3732) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (11/21/2014 06:53:14 AM) (Source: ESENT) (EventID: 490) (User: )Description: wuauclt (3368) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (11/21/2014 06:53:04 AM) (Source: ESENT) (EventID: 490) (User: )Description: wuauclt (260) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (11/21/2014 06:52:53 AM) (Source: ESENT) (EventID: 490) (User: )Description: wuauclt (2564) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (11/21/2014 06:52:43 AM) (Source: ESENT) (EventID: 490) (User: )Description: wuauclt (1944) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (11/21/2014 06:52:33 AM) (Source: ESENT) (EventID: 490) (User: )Description: wuauclt (2040) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (11/21/2014 06:52:22 AM) (Source: ESENT) (EventID: 490) (User: )Description: wuauclt (376) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). System errors:=============Error: (11/22/2014 11:33:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: %%1066 Error: (11/22/2014 11:33:07 PM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: The Workstation service terminated with service-specific error 2250 (0x8CA). Error: (11/22/2014 11:33:07 PM) (Source: Workstation) (EventID: 5727) (User: )Description: Could not load RDR device driver. Error: (11/22/2014 11:33:07 PM) (Source: Workstation) (EventID: 5727) (User: )Description: Could not load MRxSmb device driver. Error: (11/22/2014 11:32:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: %%1066 Error: (11/22/2014 11:32:28 PM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: The Workstation service terminated with service-specific error 2250 (0x8CA). Error: (11/22/2014 11:32:27 PM) (Source: Workstation) (EventID: 5727) (User: )Description: Could not load RDR device driver. Error: (11/22/2014 11:32:27 PM) (Source: Workstation) (EventID: 5727) (User: )Description: Could not load MRxSmb device driver. Error: (11/22/2014 11:32:27 PM) (Source: DCOM) (EventID: 10000) (User: D32K5JC1)Description: Unable to start a DCOM Server: {CA3A5461-96B5-46DD-9341-5350D3C94615}.The error:"%%6"Happened while starting this command:"C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\ScriptHelper.exe" -Embedding Error: (11/22/2014 11:32:27 PM) (Source: DCOM) (EventID: 10000) (User: D32K5JC1)Description: Unable to start a DCOM Server: {CA3A5461-96B5-46DD-9341-5350D3C94615}.The error:"%%6"Happened while starting this command:"C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\ScriptHelper.exe" -Embedding Microsoft Office Sessions:=========================Error: (03/03/2010 05:33:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E7400 @ 2.80GHzPercentage of memory in use: 35%Total physical RAM: 2037.1 MBAvailable physical RAM: 1315.03 MBTotal Pagefile: 3928.91 MBAvailable Pagefile: 3320.8 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1933.51 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:298.05 GB) (Free:263 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive d: (sysrcd-4.3.1) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 298.1 GB) (Disk ID: A42D04A3)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=298.1 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  10. I followed the instructions from the following: http://support.microsoft.com/kb/2438651 Retxab
  11. Gringo Good news! I fixed the problem above. You may now close this thread. Thank you again for your help. Retxab
  12. Gringo 1. The admin tools are now fixed. 2. I unstalled Foxit without any problems. 3. I tried installing three different versions of Adobe Reader (9, 10, and 11) and received the same error message about the windows installer. I suspect the problem lies with the machine. Retxab
  13. Gringo Foxit installed, but I would prefer Adobe Reader. I found something else, which might tie in with the problem installing Adobe Reader: If I click on control panel, then administrative tools, there are no icons. Retxab
  14. Gringo More bad news: AVG is still detecting Zero Access.TH in the system restore area. What should I do? Recall the last ESET scan was clean Retxab
  15. Gringo Sorry about the last post. I botched the formatting. Here it is again. Good news: ESET scan came back clean Bad news 1. I tried to run Adobe Reader 2. It gave me an error about Windows Installer. 3. I tried to uninstall it using add/remove programs and received the same error 4. I uninstalled it using Revo following your previous instructions 5. I downloaded it from Adobe and tried to install it 6. It gave me the same error about the Windows Installer. Retxab
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.