Possible infection (spyware cleaner)

[retxab]

My computer is infection with a program called spyware cleaner. Attached are the relevant logs.

 

 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-11-2014 01

Ran by Barbara (administrator) on D32K5JC1 on 22-11-2014 23:33:21

Running from C:\

Loaded Profiles: Barbara & Administrator (Available profiles: Barbara & Administrator)

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Crawler, LLC) C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe

(Crawler.com) C:\Program Files\Spyware Clear\SC_Svc.exe

(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe

(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe

() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe

(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe

(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe

() C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

() C:\Program Files\AVG SafeGuard toolbar\vprot.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Crawler.com) C:\Program Files\Spyware Clear\SpywareClearShield.exe

(Crawler.com) C:\Program Files\Spyware Clear\SpywareClearUpdate.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

(Crawler, LLC) C:\Program Files\PCTechHotline\PCTechHotline.exe

(SupportSoft, Inc.) C:\Program Files\Dell Support Center\gs_agent\dsc.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16132608 2007-07-16] (Realtek Semiconductor Corp.)

HKLM\...\Run: [Dell DataSafe Online] => C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()

HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2567272 2011-07-19] (CANON INC.)

HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] ()

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKLM\...\Run: [spywareClearShield] => C:\Program Files\Spyware Clear\SpywareClearShield.exe [3733864 2014-11-05] (Crawler.com)

HKLM\...\Run: [spywareClearUpdater] => C:\Program Files\Spyware Clear\SpywareClearUpdate.exe [5411176 2014-11-05] (Crawler.com)

HKLM\...\Run: [PCTechHotline] => C:\Program Files\PCTechHotline\PCTechHotline.exe [1904968 2014-11-05] (Crawler, LLC)

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\...\Run: [Google Update] => C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-09-19] (Google Inc.)

HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Documents and Settings\Barbara\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=3c5f42247ffb47d184c8d168ddcd3617-8531600e75149c2fdc93a5567bbd8317f0ab06a5 /CMPID=1 (the data entry has 4 more characters).

BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-2821682522-1311732649-3067762728-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1

HKU\S-1-5-21-2821682522-1311732649-3067762728-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com

HKU\S-1-5-21-2821682522-1311732649-3067762728-500\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com

HKU\S-1-5-21-2821682522-1311732649-3067762728-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

HKU\S-1-5-21-2821682522-1311732649-3067762728-500\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> {88F0E3F0-DC1F-45B5-80DA-C2E25E61A0C2} URL = http://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={40A2108E-AB14-48F5-8090-12A06F4F3ABD}&mid=3c5f42247ffb47d184c8d168ddcd3617-8531600e75149c2fdc93a5567bbd8317f0ab06a5〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-0521:28:21&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> {B1705111-8241-4C98-8AEF-4F3091A46404} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll No File

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll No File

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

 

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Barbara\Application Data\Mozilla\Firefox\Profiles\jo5flxg6.default

FF DefaultSearchEngine: AVG Secure Search

FF SelectedSearchEngine: AVG Secure Search

FF Homepage: hxxp://mysearch.avg.com?cid={40A2108E-AB14-48F5-8090-12A06F4F3ABD}&mid=3c5f42247ffb47d184c8d168ddcd3617-8531600e75149c2fdc93a5567bbd8317f0ab06a5〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 21:28:21&v=17.3.1.204&pid=safeguard&sg=0&sap=hp

FF NetworkProxy: "no_proxies_on", "*.local"

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File

FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2821682522-1311732649-3067762728-1005: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Barbara\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKU\S-1-5-21-2821682522-1311732649-3067762728-1005: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Barbara\Application Data\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKU\S-1-5-21-2821682522-1311732649-3067762728-1005: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-2821682522-1311732649-3067762728-1005: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Barbara\Application Data\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Barbara\Application Data\mozilla\plugins\npo1d.dll (Google)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-06]

FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204

FF Extension: AVG SafeGuard toolbar - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-05]

FF HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\...\Firefox\Extensions: [{19BBD522-AC5D-11E1-8270-B8AC6F996F26}] - C:\Documents and Settings\Barbara\Local Settings\Application Data\{19BBD522-AC5D-11E1-8270-B8AC6F996F26}

 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)

CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))

CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)

CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Barbara\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)

CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Barbara\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll No File

CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Documents and Settings\Barbara\Application Data\Mozilla\plugins\npo1d.dll (Google)

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 7 U40) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.400.43) - C:\WINDOWS\system32\npDeployJava1.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File

CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Profile: C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-30]

CHR Extension: (Google Drive) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-30]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]

CHR Extension: (YouTube) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-30]

CHR Extension: (Google Search) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-30]

CHR Extension: (AVG SafeGuard) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-12-10]

CHR Extension: (Google Wallet) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-30]

CHR Extension: (Gmail) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-30]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-11-07] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)

S2 gupdate1c9e3ab5e358b90; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)

S3 ICDSPTSV; C:\WINDOWS\system32\IcdSptSv.exe [99688 2009-10-14] (Sony Corporation)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-26] (Oracle Corporation)

R2 PCTechHotlineSvc; C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe [701768 2014-11-05] (Crawler, LLC) [File not signed]

R2 SC_Svc; C:\Program Files\Spyware Clear\SC_svc.exe [1933160 2014-11-05] (Crawler.com) [File not signed]

R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)

R2 UxTuneUp; C:\WINDOWS\System32\uxtuneup.dll [35640 2013-09-09] (AVG)

R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)

R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)

R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)

S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)

R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)

S3 ICDUSB3; C:\WINDOWS\System32\Drivers\ICDUSB3.sys [11264 2008-08-18] (Sony Corporation)

R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]

S3 MFE_RR; \??\C:\DOCUME~1\Barbara\LOCALS~1\Temp\mfe_rr.sys [X]

S1 MRxSmb; system32\DRIVERS\mrxsmb.sys [X]

U0 Partizan; system32\drivers\Partizan.sys [X]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

S3 TuneUpUtilitiesDrv; \??\C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-22 23:33 - 2014-11-22 23:33 - 00024664 _____ () C:\FRST.txt

2014-11-22 23:33 - 2014-11-22 23:33 - 00000000 ____D () C:\FRST

2014-11-22 22:43 - 2014-11-22 22:43 - 00000000 _____ () C:\WINDOWS\setuperr.log

2014-11-22 18:23 - 2014-11-22 18:23 - 01109504 _____ (Farbar) C:\FRST.exe

2014-11-19 18:39 - 2014-11-19 18:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spyware Clear

2014-11-19 18:39 - 2014-11-19 18:46 - 00000000 ____D () C:\Program Files\Spyware Clear

2014-11-19 18:39 - 2014-11-19 18:42 - 00000000 ____D () C:\Program Files\PCTechHotline

2014-11-19 18:39 - 2014-11-19 18:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Clear

2014-11-19 18:39 - 2014-11-19 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PC Tech Hotline

2014-11-19 18:39 - 2014-11-19 18:39 - 00000005 _____ () C:\end

2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Program Files\Couponarific

2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Documents and Settings\Barbara\Local Settings\Application Data\DesktopDock

2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Documents and Settings\Barbara\Application Data\Spyware Clear

2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Documents and Settings\Barbara\Application Data\PC Tech Hotline

2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Documents and Settings\Barbara\Application Data\Dock

2014-11-19 18:39 - 2011-06-21 11:24 - 00032768 _____ () C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys

2014-11-19 18:38 - 2014-11-19 18:42 - 00000000 ____D () C:\Program Files\Desktop Dock

2014-11-19 18:38 - 2014-11-19 18:42 - 00000000 ____D () C:\Program Files\740E97DF-6426-4A2A-ABEF-5C33040EFEE1

2014-11-19 18:38 - 2014-11-19 18:41 - 00000000 ____D () C:\Documents and Settings\Barbara\Start Menu\Programs\Desktop Dock

2014-11-19 18:37 - 2014-11-22 23:31 - 00000762 _____ () C:\WINDOWS\Tasks\RocketTab Update Task.job

2014-11-19 18:37 - 2014-11-22 23:31 - 00000496 _____ () C:\WINDOWS\Tasks\RocketTab.job

2014-11-19 18:37 - 2014-11-19 18:42 - 00000000 ____D () C:\Program Files\Search Extensions

2014-11-19 18:37 - 2014-11-19 18:40 - 00000000 ____D () C:\Program Files\010

2014-11-18 13:55 - 2014-11-22 22:43 - 00017057 _____ () C:\WINDOWS\setupapi.log

2014-11-18 13:54 - 2014-11-18 13:54 - 00000000 ____D () C:\Documents and Settings\Barbara\Local Settings\Application Data\Avg

2014-10-29 14:58 - 2014-10-29 14:58 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-10-29 14:58 - 2014-10-29 14:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java

2014-10-29 14:58 - 2014-09-26 17:42 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-10-29 14:58 - 2014-09-26 17:36 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-10-29 14:58 - 2014-09-26 17:36 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-10-29 14:58 - 2014-09-26 17:35 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-10-29 14:58 - 2014-09-26 17:16 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

2014-10-29 14:57 - 2014-10-29 14:58 - 00005641 _____ () C:\WINDOWS\system32\jupdate-1.7.0_71-b14.log

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-22 23:33 - 2013-09-22 17:32 - 00000000 ____D () C:\Documents and Settings\Barbara\Local Settings\temp

2014-11-22 23:33 - 2012-12-22 01:27 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005UA.job

2014-11-22 23:32 - 2008-04-25 16:28 - 01350573 _____ () C:\WINDOWS\WindowsUpdate.log

2014-11-22 23:32 - 2008-04-25 11:16 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

2014-11-22 23:31 - 2014-03-13 10:56 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job

2014-11-22 23:31 - 2013-09-11 08:09 - 00000050 _____ () C:\WINDOWS\wiaservc.log

2014-11-22 23:31 - 2009-06-29 22:12 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-11-22 23:31 - 2008-04-25 16:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-11-22 23:31 - 2008-04-25 04:25 - 00000159 _____ () C:\WINDOWS\wiadebug.log

2014-11-22 23:10 - 2009-02-28 17:08 - 00000178 ___SH () C:\Documents and Settings\Barbara\ntuser.ini

2014-11-22 23:10 - 2008-04-25 16:32 - 00032544 _____ () C:\WINDOWS\SchedLgU.Txt

2014-11-22 22:48 - 2012-01-28 14:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData

2014-11-22 22:43 - 2014-06-06 06:44 - 00000236 _____ () C:\WINDOWS\setupact.log

2014-11-22 22:43 - 2012-04-10 15:36 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-11-20 19:58 - 2013-09-26 21:46 - 00001509 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk

2014-11-20 19:58 - 2013-09-24 23:30 - 00001609 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk

2014-11-20 19:58 - 2009-02-28 17:08 - 00001601 _____ () C:\Documents and Settings\Barbara\Start Menu\Programs\Remote Assistance.LNK

2014-11-19 20:14 - 2009-02-28 18:07 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2014-11-19 19:28 - 2009-06-29 22:12 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-19 18:43 - 2009-02-28 17:08 - 00000000 ____D () C:\Documents and Settings\Barbara

2014-11-19 18:40 - 2013-09-28 21:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014

2014-11-19 17:32 - 2012-12-22 01:27 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005Core.job

2014-11-18 14:10 - 2008-04-25 04:22 - 00569026 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-11-18 14:08 - 2014-03-13 10:56 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

2014-11-18 13:56 - 2014-03-31 09:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG

2014-11-18 13:56 - 2013-09-28 21:56 - 00000704 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk

2014-11-16 12:13 - 2009-06-02 12:55 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job

2014-11-12 12:16 - 2009-02-20 07:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help

2014-11-12 12:15 - 2013-07-14 06:20 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-11-12 12:09 - 2009-03-02 18:42 - 100445232 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-11-11 22:43 - 2012-04-10 15:36 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2014-11-11 22:43 - 2011-06-03 21:41 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2014-11-10 16:27 - 2012-06-18 09:37 - 00000000 ____D () C:\Documents and Settings\Barbara\Application Data\Mozilla

2014-10-29 21:03 - 2011-08-08 06:08 - 00098584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys

2014-10-29 14:58 - 2009-02-20 07:56 - 00000000 ____D () C:\Program Files\Java

2014-10-28 21:25 - 2013-10-30 19:51 - 00001815 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

2014-10-24 10:20 - 2011-10-07 06:23 - 00189720 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx86.sys

2014-10-23 21:35 - 2014-10-22 05:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox

 

Some content of TEMP:

====================

C:\Documents and Settings\Barbara\Local Settings\temp\jre-7u71-windows-i586-iftw.exe

C:\Documents and Settings\Barbara\Local Settings\temp\sp-downloader.exe

C:\Documents and Settings\Barbara\Local Settings\temp\spywareclearADK.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

==================== End Of Log ============================

 

 Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-11-2014 01

Ran by Barbara at 2014-11-22 23:34:11

Running from C:\

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: AVG Internet Security 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Internet Security 2014 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)

Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden

Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4794 - AVG Technologies)

AVG 2014 (Version: 14.0.4189 - AVG Technologies) Hidden

AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden

AVG 2014 (Version: 14.0.4794 - AVG Technologies) Hidden

AVG PC TuneUp 2014 (en-US) (Version: 14.0.1001.156 - AVG) Hidden

AVG PC TuneUp Language Pack (en-US) (Version: 12.0.4000.108 - AVG Technologies) Hidden

AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

BorgataPoker (HKLM\...\BorgataPoker) (Version:  - theBorgata)

Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )

Canon MP Navigator EX 5.1 (HKLM\...\MP Navigator EX 5.1) (Version:  - )

Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version:  - )

Canon MX430 series On-screen Manual (HKLM\...\Canon MX430 series On-screen Manual) (Version:  - )

Canon MX430 series User Registration (HKLM\...\Canon MX430 series User Registration) (Version:  - )

Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )

Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)

Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden

Dell DataSafe Online (HKLM\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)

Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)

Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08335 - Dell)

DesktopDock (HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\...\DesktopDock) (Version: 1.0.1.32 - DesktopDock)

Digital Voice Editor 3 (HKLM\...\{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}) (Version: 3.3.01.11240 - Sony Corporation)

FamilySearch Indexing (HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\...\FamilySearch Indexing) (Version:  - Intellectual Reserve, Inc.)

FamilySearch Indexing 3.13.1 (HKLM\...\0591-8077-9297-0833) (Version: 3.13.1 - FamilySearch)

Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)

Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)

GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )

Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 14.5 - Intel)

iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)

Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.710 - Oracle)

JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)

Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 31.2.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 31.2.0 ESR (x86 en-US)) (Version: 31.2.0 - Mozilla)

MSN (HKLM\...\MSNINST) (Version:  - )

MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation)

PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)

QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )

Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

RootsMagic 5.0.4.1 (HKLM\...\{C1689DDD-6378-4966-8865-6292D7141A6A}_is1) (Version:  - RootsMagic, Inc.)

Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)

Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden

Uninstall FamilySearch Indexing (HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\...\Uninstall FamilySearch Indexing) (Version:  - Intellectual Reserve, Inc.)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)

Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)

Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)

Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )

Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )

XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll  (the data entry has 7 more characters).

CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll  (the data entry has 7 more characters).

CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)

CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (the data entry has 8 more characters).

CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}\InprocServer32 -> C:\WINDOWS\system32\pngfilt.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll  (the data entry has 7 more characters).

CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dl (the data entry has 9 more characters).

CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)

CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll  (the data entry has 7 more characters).

CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll  (the data entry has 7 more characters).

 

==================== Restore Points  =========================

 

22-08-2014 03:55:37 System Checkpoint

26-08-2014 03:02:24 System Checkpoint

27-08-2014 03:19:05 System Checkpoint

28-08-2014 14:20:29 System Checkpoint

29-08-2014 20:12:29 System Checkpoint

30-08-2014 23:21:51 System Checkpoint

01-09-2014 20:52:17 System Checkpoint

02-09-2014 21:24:43 System Checkpoint

03-09-2014 22:39:04 System Checkpoint

05-09-2014 12:28:27 System Checkpoint

07-09-2014 17:28:20 System Checkpoint

09-09-2014 01:54:27 System Checkpoint

10-09-2014 02:59:56 System Checkpoint

11-09-2014 03:41:42 System Checkpoint

12-09-2014 10:53:07 Software Distribution Service 3.0

14-09-2014 18:04:42 System Checkpoint

15-09-2014 18:28:09 System Checkpoint

17-09-2014 02:13:57 System Checkpoint

18-09-2014 03:44:29 System Checkpoint

19-09-2014 11:36:40 System Checkpoint

20-09-2014 22:30:53 System Checkpoint

21-09-2014 22:59:47 System Checkpoint

23-09-2014 01:14:15 System Checkpoint

24-09-2014 01:40:56 System Checkpoint

25-09-2014 01:44:12 System Checkpoint

26-09-2014 12:09:55 System Checkpoint

27-09-2014 14:48:10 System Checkpoint

29-09-2014 18:05:25 System Checkpoint

01-10-2014 01:50:47 System Checkpoint

02-10-2014 11:53:09 System Checkpoint

03-10-2014 12:17:04 System Checkpoint

04-10-2014 22:42:41 System Checkpoint

05-10-2014 22:52:58 System Checkpoint

07-10-2014 03:13:51 System Checkpoint

08-10-2014 11:26:32 System Checkpoint

09-10-2014 22:55:44 System Checkpoint

11-10-2014 03:28:42 System Checkpoint

12-10-2014 23:20:13 System Checkpoint

14-10-2014 02:37:09 System Checkpoint

15-10-2014 02:37:46 System Checkpoint

16-10-2014 11:30:58 Software Distribution Service 3.0

20-10-2014 20:06:08 System Checkpoint

21-10-2014 21:26:24 System Checkpoint

22-10-2014 22:31:21 System Checkpoint

24-10-2014 11:14:12 System Checkpoint

25-10-2014 11:24:10 System Checkpoint

26-10-2014 17:04:32 System Checkpoint

28-10-2014 01:14:02 System Checkpoint

29-10-2014 03:16:29 System Checkpoint

29-10-2014 19:57:22 Installed Java 7 Update 71

31-10-2014 02:34:25 System Checkpoint

01-11-2014 21:11:25 System Checkpoint

02-11-2014 22:06:26 System Checkpoint

04-11-2014 02:13:06 System Checkpoint

05-11-2014 20:20:36 System Checkpoint

07-11-2014 03:48:50 System Checkpoint

08-11-2014 11:05:06 System Checkpoint

10-11-2014 00:07:08 System Checkpoint

11-11-2014 00:49:25 System Checkpoint

12-11-2014 01:37:56 System Checkpoint

12-11-2014 17:09:34 Software Distribution Service 3.0

14-11-2014 01:04:23 System Checkpoint

15-11-2014 13:42:39 System Checkpoint

16-11-2014 21:15:48 System Checkpoint

17-11-2014 22:40:52 System Checkpoint

19-11-2014 20:52:34 System Checkpoint

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2008-04-25 11:16 - 2013-09-21 18:01 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe

Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005Core.job => C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005UA.job => C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\RocketTab Update Task.job => C:\Program Files\Search Extensions\uninstall.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\RocketTab.job => C:\Program Files\Search Extensions\Client.exe <==== ATTENTION

 

==================== Loaded Modules (whitelisted) =============

 

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-08-11 18:05 - 2014-08-11 18:04 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe

2014-08-11 18:05 - 2014-08-11 18:04 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll

2009-11-13 16:15 - 2009-11-13 16:15 - 01807600 _____ () C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

2009-11-13 16:15 - 2009-11-13 16:15 - 00275696 _____ () C:\Program Files\Dell DataSafe Online\SdbShared.dll

2008-11-03 10:54 - 2008-11-03 10:54 - 00058608 _____ () C:\Program Files\Dell DataSafe Online\BalloonWindow.dll

2009-11-13 16:15 - 2009-11-13 16:15 - 00095472 _____ () C:\Program Files\Dell DataSafe Online\SdbUI.dll

2009-11-13 16:15 - 2009-11-13 16:15 - 00152816 _____ () C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll

2009-11-13 16:15 - 2009-11-13 16:15 - 00017648 _____ () C:\Program Files\Dell DataSafe Online\cpputils.dll

2014-02-13 08:40 - 2014-03-20 22:23 - 01603608 _____ () C:\Program Files\AVG SafeGuard toolbar\TBAPI.dll

2014-02-13 08:40 - 2014-08-25 18:49 - 02640408 _____ () C:\Program Files\AVG SafeGuard toolbar\vprot.exe

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-2821682522-1311732649-3067762728-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator

Barbara (S-1-5-21-2821682522-1311732649-3067762728-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Barbara

Guest (S-1-5-21-2821682522-1311732649-3067762728-501 - Limited - Disabled)

HelpAssistant (S-1-5-21-2821682522-1311732649-3067762728-1004 - Limited - Disabled)

SUPPORT_388945a0 (S-1-5-21-2821682522-1311732649-3067762728-1002 - Limited - Disabled)

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/22/2014 10:43:02 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [!ws!]

 

Error: (11/21/2014 08:40:39 AM) (Source: Userenv) (EventID: 1007) (User: NT AUTHORITY)

Description: Windows cannot determine the associated site for this computer. (The RPC server is too busy to complete this operation. ). Group Policy processing aborted.

 

Error: (11/21/2014 08:40:39 AM) (Source: Userenv) (EventID: 1007) (User: D32K5JC1)

Description: Windows cannot determine the associated site for this computer. (The RPC server is too busy to complete this operation. ). Group Policy processing aborted.

 

Error: (11/21/2014 06:53:25 AM) (Source: ESENT) (EventID: 490) (User: )

Description: wuauclt (3732) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

 

Error: (11/21/2014 06:53:14 AM) (Source: ESENT) (EventID: 490) (User: )

Description: wuauclt (3368) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

 

Error: (11/21/2014 06:53:04 AM) (Source: ESENT) (EventID: 490) (User: )

Description: wuauclt (260) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

 

Error: (11/21/2014 06:52:53 AM) (Source: ESENT) (EventID: 490) (User: )

Description: wuauclt (2564) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

 

Error: (11/21/2014 06:52:43 AM) (Source: ESENT) (EventID: 490) (User: )

Description: wuauclt (1944) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

 

Error: (11/21/2014 06:52:33 AM) (Source: ESENT) (EventID: 490) (User: )

Description: wuauclt (2040) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

 

Error: (11/21/2014 06:52:22 AM) (Source: ESENT) (EventID: 490) (User: )

Description: wuauclt (376) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

 

 

System errors:

=============

Error: (11/22/2014 11:33:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 

%%1066

 

Error: (11/22/2014 11:33:07 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The Workstation service terminated with service-specific error 2250 (0x8CA).

 

Error: (11/22/2014 11:33:07 PM) (Source: Workstation) (EventID: 5727) (User: )

Description: Could not load RDR device driver.

 

Error: (11/22/2014 11:33:07 PM) (Source: Workstation) (EventID: 5727) (User: )

Description: Could not load MRxSmb device driver.

 

Error: (11/22/2014 11:32:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 

%%1066

 

Error: (11/22/2014 11:32:28 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The Workstation service terminated with service-specific error 2250 (0x8CA).

 

Error: (11/22/2014 11:32:27 PM) (Source: Workstation) (EventID: 5727) (User: )

Description: Could not load RDR device driver.

 

Error: (11/22/2014 11:32:27 PM) (Source: Workstation) (EventID: 5727) (User: )

Description: Could not load MRxSmb device driver.

 

Error: (11/22/2014 11:32:27 PM) (Source: DCOM) (EventID: 10000) (User: D32K5JC1)

Description: Unable to start a DCOM Server: {CA3A5461-96B5-46DD-9341-5350D3C94615}.

The error:

"%%6"

Happened while starting this command:

"C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\ScriptHelper.exe" -Embedding

 

Error: (11/22/2014 11:32:27 PM) (Source: DCOM) (EventID: 10000) (User: D32K5JC1)

Description: Unable to start a DCOM Server: {CA3A5461-96B5-46DD-9341-5350D3C94615}.

The error:

"%%6"

Happened while starting this command:

"C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\ScriptHelper.exe" -Embedding

 

 

Microsoft Office Sessions:

=========================

Error: (03/03/2010 05:33:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core2 Duo CPU E7400 @ 2.80GHz

Percentage of memory in use: 35%

Total physical RAM: 2037.1 MB

Available physical RAM: 1315.03 MB

Total Pagefile: 3928.91 MB

Available Pagefile: 3320.8 MB

Total Virtual: 2047.88 MB

Available Virtual: 1933.51 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:298.05 GB) (Free:263 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive d: (sysrcd-4.3.1) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 298.1 GB) (Disk ID: A42D04A3)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

[Maniac]

Hello retxab! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

fixlist.txt

[retxab]

Attached is the flixlog.

 

 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-11-2014 01

Ran by Barbara at 2014-11-23 17:39:32 Run:1

Running from C:\

Loaded Profiles: Barbara & Administrator (Available profiles: Barbara & Administrator)

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

Start

Task: C:\WINDOWS\Tasks\RocketTab Update Task.job => C:\Program Files\Search Extensions\uninstall.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\RocketTab.job => C:\Program Files\Search Extensions\Client.exe <==== ATTENTION

HKLM\...\Run: [PCTechHotline] => C:\Program Files\PCTechHotline\PCTechHotline.exe [1904968 2014-11-05] (Crawler, LLC)

HKLM\...\Run: [spywareClearShield] => C:\Program Files\Spyware Clear\SpywareClearShield.exe [3733864 2014-11-05] (Crawler.com)

HKLM\...\Run: [spywareClearUpdater] => C:\Program Files\Spyware Clear\SpywareClearUpdate.exe [5411176 2014-11-05] (Crawler.com)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

R2 PCTechHotlineSvc; C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe [701768 2014-11-05] (Crawler, LLC) [File not signed]

S1 MRxSmb; system32\DRIVERS\mrxsmb.sys [X]

2014-11-19 18:39 - 2014-11-19 18:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spyware Clear

2014-11-19 18:39 - 2014-11-19 18:46 - 00000000 ____D () C:\Program Files\Spyware Clear

2014-11-19 18:39 - 2014-11-19 18:42 - 00000000 ____D () C:\Program Files\PCTechHotline

2014-11-19 18:39 - 2014-11-19 18:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Clear

2014-11-19 18:39 - 2014-11-19 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PC Tech Hotline

2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Program Files\Couponarific

2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Documents and Settings\Barbara\Application Data\Spyware Clear

2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Documents and Settings\Barbara\Application Data\PC Tech Hotline

C:\Documents and Settings\Barbara\Local Settings\temp\sp-downloader.exe

C:\Documents and Settings\Barbara\Local Settings\temp\spywareclearADK.exe

End

*****************

 

C:\WINDOWS\Tasks\RocketTab Update Task.job => Moved successfully.

C:\WINDOWS\Tasks\RocketTab.job => Moved successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PCTechHotline => value deleted successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareClearShield => value deleted successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareClearUpdater => value deleted successfully.

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

PCTechHotlineSvc => Service stopped successfully.

PCTechHotlineSvc => Service deleted successfully.

MRxSmb => Service deleted successfully.

 

"C:\Documents and Settings\All Users\Application Data\Spyware Clear" directory move:

 

Could not move "C:\Documents and Settings\All Users\Application Data\Spyware Clear\ST_RL.spt" => Scheduled to move on reboot.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\Update\ST_1_CSD_3.000.000.0006.cab => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\Update\ST_1_DB_8.011.019.0001.cab => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\Shared\ST_1_CSD_3.000.000.0006.cab => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\Shared\ST_1_CSD_3.000.000.0006.ini => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\Shared\ST_1_CSD_3.000.000.0006.torrent => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\Shared\ST_1_DB_8.011.019.0001.cab => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\Shared\ST_1_DB_8.011.019.0001.ini => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\Shared\ST_1_DB_8.011.019.0001.torrent => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\Reports\scan_0001.rpt => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\185_en_1.pngx => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\186_en_2.pngx => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\187_en_4.pngx => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\188_en_1.pngx => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\189_en_2.pngx => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\191_en_6.pngx => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\192_en_2.pngx => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\193_en_1.pngx => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\251_en_2.pngx => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\275_en_1.pngx => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\276_en_1.pngx => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\277_en_1.pngx => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\278_en_1.pngx => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\302_en_2.pngx => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\303_en_1.pngx => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\307_en_3.pngx => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\308_en_1.pngx => Moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear\Addons\addons.xml => Moved successfully.

Could not move "C:\Documents and Settings\All Users\Application Data\Spyware Clear" directory. => Scheduled to move on reboot.

 

C:\Program Files\Spyware Clear => Moved successfully.

C:\Program Files\PCTechHotline => Moved successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Clear => Moved successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\PC Tech Hotline => Moved successfully.

C:\Program Files\Couponarific => Moved successfully.

C:\Documents and Settings\Barbara\Application Data\Spyware Clear => Moved successfully.

C:\Documents and Settings\Barbara\Application Data\PC Tech Hotline => Moved successfully.

C:\Documents and Settings\Barbara\Local Settings\temp\sp-downloader.exe => Moved successfully.

C:\Documents and Settings\Barbara\Local Settings\temp\spywareclearADK.exe => Moved successfully.

 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-23 17:40:55)<=

 

C:\Documents and Settings\All Users\Application Data\Spyware Clear\ST_RL.spt => Is moved successfully.

C:\Documents and Settings\All Users\Application Data\Spyware Clear => Is moved successfully.

 

==== End of Fixlog ====

[Maniac]

Step 1

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Threat Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

  ESET OnlineScan

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

    Save it to your Desktop.

  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under Scan Settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.
• In your next reply, post the following log files:
  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

[retxab]

Attached are the logs

 

  Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 11/24/2014

Scan Time: 4:58:12 PM

Logfile: mbam.txt

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.11.24.08

Rootkit Database: v2014.11.22.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: Barbara

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 342614

Time Elapsed: 8 min, 23 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 4

PUP.Optional.DeskTopDock.A, C:\Program Files\Desktop Dock, Quarantined, [efa945fa7c00261071bbe75db350df21], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Local Settings\Application Data\DesktopDock, Quarantined, [6335350ad0ac5cdab479c77d8f7457a9], 

PUP.Optional.SearchExtensions.A, C:\Program Files\Search Extensions, Quarantined, [1682cd72116b8aac379e13a446bed52b], 

PUP.Optional.SearchExtensions.A, C:\Program Files\Search Extensions\Resources, Quarantined, [1682cd72116b8aac379e13a446bed52b], 

 

Files: 7

PUP.Optional.OptimunInstaller, C:\Documents and Settings\Barbara\My Documents\Downloads\fl_setup.exe, Quarantined, [9503fa45ef8df93d17cdcc7d05fb956b], 

PUP.Optional.DeskTopDock.A, C:\Program Files\Desktop Dock\unins000.dat, Quarantined, [efa945fa7c00261071bbe75db350df21], 

PUP.Optional.DeskTopDock.A, C:\Program Files\Desktop Dock\DesktopDock.exe.config, Quarantined, [efa945fa7c00261071bbe75db350df21], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Local Settings\Application Data\DesktopDock\DesktopDockApp.dat, Quarantined, [6335350ad0ac5cdab479c77d8f7457a9], 

PUP.Optional.SearchExtensions.A, C:\Program Files\Search Extensions\TrustedRoot.cer, Quarantined, [1682cd72116b8aac379e13a446bed52b], 

PUP.Optional.SearchExtensions.A, C:\Program Files\Search Extensions\config.dat, Quarantined, [1682cd72116b8aac379e13a446bed52b], 

PUP.Optional.SearchExtensions.A, C:\Program Files\Search Extensions\makecert.exe, Quarantined, [1682cd72116b8aac379e13a446bed52b], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

 C:\FRST\Quarantine\C\Documents and Settings\Barbara\Local Settings\temp\sp-downloader.exe.xBAD Win32/Toolbar.Conduit.R potentially unwanted application deleted - quarantined

C:\Program Files\NCH Software\Components\NCHToolbars\ask.com\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined

[Maniac]

How is your system now?

[retxab]

Latest malwarebytes scan came back clean. Custom malwarebytes scan for rootkits came back clean.

One minor problem. A window pops up during the desktop loading process showing the following folder:

c:\Documents and Settings\Barbara\Application Data\AVG

How can I prevent this window from popping up?

[retxab]

Disregard my pervious post. Much better now.

 

Latest malwarebyes scan log:

 Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 11/29/2014

Scan Time: 1:01:25 AM

Logfile: mbam2.txt

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.11.28.10

Rootkit Database: v2014.11.22.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: Barbara

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 340439

Time Elapsed: 5 min, 49 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 3

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int, , [94967cc5502ca195c13196a9a2610cf4], 

 

Files: 39

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\DockData.ice, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\log.log, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\instagram.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\africa.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\asia.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\blogspot.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\bus.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\business.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ch.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ent.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\europe.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Facebook.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ff.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\foot.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\games.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\games2.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\golf.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\horoscope.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\icon-news.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ie.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Linkedin.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\lnews.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\me.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\msport.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\opera.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\reddit.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Settings.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\skyrocket.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\space.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\tech.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\tennis.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\twitter.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\us.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Wikipedia.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\wnews.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\wsport.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\yahoonews.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Yahoow.png, , [94967cc5502ca195c13196a9a2610cf4], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Youtube.png, , [94967cc5502ca195c13196a9a2610cf4], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[retxab]

I quaranteed the files above and then deleted them using MBAM. Attached is the relevant log. Additional MBAM scans come up clean.

 

 Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 11/30/2014

Scan Time: 5:03:22 AM

Logfile: mbam3.txt

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.11.28.10

Rootkit Database: v2014.11.22.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: Barbara

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 340276

Time Elapsed: 6 min, 5 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 3

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

 

Files: 40

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\DockData.ice, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\log.log, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\instagram.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\africa.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\asia.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\blogspot.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\bus.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\business.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ch.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ent.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\europe.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Facebook.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ff.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\foot.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\games.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\games2.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\golf.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\horoscope.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\icon-news.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ie.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Linkedin.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\lnews.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\me.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\msport.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\opera.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\reddit.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Settings.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\skyrocket.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\space.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\tech.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\tennis.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Thumbs.db, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\twitter.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\us.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Wikipedia.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\wnews.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\wsport.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\yahoonews.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Yahoow.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Youtube.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[Maniac]

Please update your AVG and perform a full system scan.

[retxab]

Attached are two logs. The first log detected the files that were quarantined at a previous step from FRST. The second log is clean.

 

 "Whole Computer Scan"

"Medium severity";"8";"8";"0"

"Scanned folders:";"Scan Whole Computer"

"Started:";"11/29/2014, 12:07:42 AM"

"Finished:";"11/29/2014, 12:49:12 AM"

"Scanned items:";"229560"

"Launched by:";"Barbara"

 

"Name";"Description";"Status";"Status";"Priority"

"C:\FRST\Quarantine\C\Program Files\Spyware Clear\SC_Svc.exe";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium"

"C:\FRST\Quarantine\C\Program Files\Spyware Clear\SpywareClearUpdate.exe";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium"

"C:\FRST\Quarantine\C\Program Files\Spyware Clear\SCShell.dll";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium"

"C:\FRST\Quarantine\C\Program Files\Spyware Clear\SpywareClearShield.exe";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium"

"C:\FRST\Quarantine\C\Program Files\PCTechHotline\PCTHdesk.dll";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium"

"C:\FRST\Quarantine\C\Program Files\PCTechHotline\PCTechHotlineSvc.exe";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium"

"C:\FRST\Quarantine\C\Program Files\PCTechHotline\PCTechHotline.exe";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium"

"C:\FRST\Quarantine\C\Program Files\Spyware Clear\SpywareClear.exe";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium"

 

 "Whole Computer Scan"

"No infection was found during this scan"

"Scanned folders:";"Scan Whole Computer"

"Started:";"12/1/2014, 1:12:22 AM"

"Finished:";"12/1/2014, 1:43:51 AM"

"Scanned items:";"229264"

"Launched by:";"Barbara"

[Maniac]

How are things now?

[retxab]

The computer is working very well. Thank you for your help.

 

You may close this thread.

[Maniac]

Thanks for letting me know!

Some malware prevention tips:

https://forums.malwarebytes.org/index.php?/topic/81386-so-how-did-i-get-infected-in-the-first-place/

Safe surfing!

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!