Jump to content

Possible infection (spyware cleaner)


retxab
 Share

Recommended Posts

My computer is infection with a program called spyware cleaner. Attached are the relevant logs.

 

 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-11-2014 01

Ran by Barbara (administrator) on D32K5JC1 on 22-11-2014 23:33:21
Running from C:\
Loaded Profiles: Barbara & Administrator (Available profiles: Barbara & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Crawler, LLC) C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe
(Crawler.com) C:\Program Files\Spyware Clear\SC_Svc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
() C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Crawler.com) C:\Program Files\Spyware Clear\SpywareClearShield.exe
(Crawler.com) C:\Program Files\Spyware Clear\SpywareClearUpdate.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Crawler, LLC) C:\Program Files\PCTechHotline\PCTechHotline.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\gs_agent\dsc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16132608 2007-07-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Dell DataSafe Online] => C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2567272 2011-07-19] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [spywareClearShield] => C:\Program Files\Spyware Clear\SpywareClearShield.exe [3733864 2014-11-05] (Crawler.com)
HKLM\...\Run: [spywareClearUpdater] => C:\Program Files\Spyware Clear\SpywareClearUpdate.exe [5411176 2014-11-05] (Crawler.com)
HKLM\...\Run: [PCTechHotline] => C:\Program Files\PCTechHotline\PCTechHotline.exe [1904968 2014-11-05] (Crawler, LLC)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\...\Run: [Google Update] => C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-09-19] (Google Inc.)
HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Documents and Settings\Barbara\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=3c5f42247ffb47d184c8d168ddcd3617-8531600e75149c2fdc93a5567bbd8317f0ab06a5 /CMPID=1 (the data entry has 4 more characters).
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2821682522-1311732649-3067762728-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
HKU\S-1-5-21-2821682522-1311732649-3067762728-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
HKU\S-1-5-21-2821682522-1311732649-3067762728-500\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
HKU\S-1-5-21-2821682522-1311732649-3067762728-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKU\S-1-5-21-2821682522-1311732649-3067762728-500\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> {88F0E3F0-DC1F-45B5-80DA-C2E25E61A0C2} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={40A2108E-AB14-48F5-8090-12A06F4F3ABD}&mid=3c5f42247ffb47d184c8d168ddcd3617-8531600e75149c2fdc93a5567bbd8317f0ab06a5〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-0521:28:21&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> {B1705111-8241-4C98-8AEF-4F3091A46404} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Barbara\Application Data\Mozilla\Firefox\Profiles\jo5flxg6.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://mysearch.avg.com?cid={40A2108E-AB14-48F5-8090-12A06F4F3ABD}&mid=3c5f42247ffb47d184c8d168ddcd3617-8531600e75149c2fdc93a5567bbd8317f0ab06a5〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 21:28:21&v=17.3.1.204&pid=safeguard&sg=0&sap=hp
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2821682522-1311732649-3067762728-1005: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Barbara\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2821682522-1311732649-3067762728-1005: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Barbara\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2821682522-1311732649-3067762728-1005: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2821682522-1311732649-3067762728-1005: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Barbara\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Barbara\Application Data\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-06]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204
FF Extension: AVG SafeGuard toolbar - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-05]
FF HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\...\Firefox\Extensions: [{19BBD522-AC5D-11E1-8270-B8AC6F996F26}] - C:\Documents and Settings\Barbara\Local Settings\Application Data\{19BBD522-AC5D-11E1-8270-B8AC6F996F26}
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Barbara\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Barbara\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Documents and Settings\Barbara\Application Data\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U40) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.400.43) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-30]
CHR Extension: (Google Drive) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-30]
CHR Extension: (Google Search) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-30]
CHR Extension: (AVG SafeGuard) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-12-10]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-30]
CHR Extension: (Gmail) - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-30]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)
S2 gupdate1c9e3ab5e358b90; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
S3 ICDSPTSV; C:\WINDOWS\system32\IcdSptSv.exe [99688 2009-10-14] (Sony Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-26] (Oracle Corporation)
R2 PCTechHotlineSvc; C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe [701768 2014-11-05] (Crawler, LLC) [File not signed]
R2 SC_Svc; C:\Program Files\Spyware Clear\SC_svc.exe [1933160 2014-11-05] (Crawler.com) [File not signed]
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)
R2 UxTuneUp; C:\WINDOWS\System32\uxtuneup.dll [35640 2013-09-09] (AVG)
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)
S3 ICDUSB3; C:\WINDOWS\System32\Drivers\ICDUSB3.sys [11264 2008-08-18] (Sony Corporation)
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
S3 MFE_RR; \??\C:\DOCUME~1\Barbara\LOCALS~1\Temp\mfe_rr.sys [X]
S1 MRxSmb; system32\DRIVERS\mrxsmb.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 TuneUpUtilitiesDrv; \??\C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-22 23:33 - 2014-11-22 23:33 - 00024664 _____ () C:\FRST.txt
2014-11-22 23:33 - 2014-11-22 23:33 - 00000000 ____D () C:\FRST
2014-11-22 22:43 - 2014-11-22 22:43 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-11-22 18:23 - 2014-11-22 18:23 - 01109504 _____ (Farbar) C:\FRST.exe
2014-11-19 18:39 - 2014-11-19 18:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spyware Clear
2014-11-19 18:39 - 2014-11-19 18:46 - 00000000 ____D () C:\Program Files\Spyware Clear
2014-11-19 18:39 - 2014-11-19 18:42 - 00000000 ____D () C:\Program Files\PCTechHotline
2014-11-19 18:39 - 2014-11-19 18:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Clear
2014-11-19 18:39 - 2014-11-19 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PC Tech Hotline
2014-11-19 18:39 - 2014-11-19 18:39 - 00000005 _____ () C:\end
2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Program Files\Couponarific
2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Documents and Settings\Barbara\Local Settings\Application Data\DesktopDock
2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Documents and Settings\Barbara\Application Data\Spyware Clear
2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Documents and Settings\Barbara\Application Data\PC Tech Hotline
2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Documents and Settings\Barbara\Application Data\Dock
2014-11-19 18:39 - 2011-06-21 11:24 - 00032768 _____ () C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys
2014-11-19 18:38 - 2014-11-19 18:42 - 00000000 ____D () C:\Program Files\Desktop Dock
2014-11-19 18:38 - 2014-11-19 18:42 - 00000000 ____D () C:\Program Files\740E97DF-6426-4A2A-ABEF-5C33040EFEE1
2014-11-19 18:38 - 2014-11-19 18:41 - 00000000 ____D () C:\Documents and Settings\Barbara\Start Menu\Programs\Desktop Dock
2014-11-19 18:37 - 2014-11-22 23:31 - 00000762 _____ () C:\WINDOWS\Tasks\RocketTab Update Task.job
2014-11-19 18:37 - 2014-11-22 23:31 - 00000496 _____ () C:\WINDOWS\Tasks\RocketTab.job
2014-11-19 18:37 - 2014-11-19 18:42 - 00000000 ____D () C:\Program Files\Search Extensions
2014-11-19 18:37 - 2014-11-19 18:40 - 00000000 ____D () C:\Program Files\010
2014-11-18 13:55 - 2014-11-22 22:43 - 00017057 _____ () C:\WINDOWS\setupapi.log
2014-11-18 13:54 - 2014-11-18 13:54 - 00000000 ____D () C:\Documents and Settings\Barbara\Local Settings\Application Data\Avg
2014-10-29 14:58 - 2014-10-29 14:58 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-29 14:58 - 2014-10-29 14:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-10-29 14:58 - 2014-09-26 17:42 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-10-29 14:58 - 2014-09-26 17:36 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-10-29 14:58 - 2014-09-26 17:36 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-10-29 14:58 - 2014-09-26 17:35 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-10-29 14:58 - 2014-09-26 17:16 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-10-29 14:57 - 2014-10-29 14:58 - 00005641 _____ () C:\WINDOWS\system32\jupdate-1.7.0_71-b14.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-22 23:33 - 2013-09-22 17:32 - 00000000 ____D () C:\Documents and Settings\Barbara\Local Settings\temp
2014-11-22 23:33 - 2012-12-22 01:27 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005UA.job
2014-11-22 23:32 - 2008-04-25 16:28 - 01350573 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-22 23:32 - 2008-04-25 11:16 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-22 23:31 - 2014-03-13 10:56 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-22 23:31 - 2013-09-11 08:09 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-22 23:31 - 2009-06-29 22:12 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-22 23:31 - 2008-04-25 16:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-22 23:31 - 2008-04-25 04:25 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-22 23:10 - 2009-02-28 17:08 - 00000178 ___SH () C:\Documents and Settings\Barbara\ntuser.ini
2014-11-22 23:10 - 2008-04-25 16:32 - 00032544 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-22 22:48 - 2012-01-28 14:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-11-22 22:43 - 2014-06-06 06:44 - 00000236 _____ () C:\WINDOWS\setupact.log
2014-11-22 22:43 - 2012-04-10 15:36 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-20 19:58 - 2013-09-26 21:46 - 00001509 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2014-11-20 19:58 - 2013-09-24 23:30 - 00001609 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-11-20 19:58 - 2009-02-28 17:08 - 00001601 _____ () C:\Documents and Settings\Barbara\Start Menu\Programs\Remote Assistance.LNK
2014-11-19 20:14 - 2009-02-28 18:07 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-11-19 19:28 - 2009-06-29 22:12 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-19 18:43 - 2009-02-28 17:08 - 00000000 ____D () C:\Documents and Settings\Barbara
2014-11-19 18:40 - 2013-09-28 21:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-11-19 17:32 - 2012-12-22 01:27 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005Core.job
2014-11-18 14:10 - 2008-04-25 04:22 - 00569026 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-18 14:08 - 2014-03-13 10:56 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-11-18 13:56 - 2014-03-31 09:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-11-18 13:56 - 2013-09-28 21:56 - 00000704 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-11-16 12:13 - 2009-06-02 12:55 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job
2014-11-12 12:16 - 2009-02-20 07:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-11-12 12:15 - 2013-07-14 06:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 12:09 - 2009-03-02 18:42 - 100445232 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-11 22:43 - 2012-04-10 15:36 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-11 22:43 - 2011-06-03 21:41 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-10 16:27 - 2012-06-18 09:37 - 00000000 ____D () C:\Documents and Settings\Barbara\Application Data\Mozilla
2014-10-29 21:03 - 2011-08-08 06:08 - 00098584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2014-10-29 14:58 - 2009-02-20 07:56 - 00000000 ____D () C:\Program Files\Java
2014-10-28 21:25 - 2013-10-30 19:51 - 00001815 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-10-24 10:20 - 2011-10-07 06:23 - 00189720 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx86.sys
2014-10-23 21:35 - 2014-10-22 05:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
 
Some content of TEMP:
====================
C:\Documents and Settings\Barbara\Local Settings\temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\Barbara\Local Settings\temp\sp-downloader.exe
C:\Documents and Settings\Barbara\Local Settings\temp\spywareclearADK.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-11-2014 01
Ran by Barbara at 2014-11-22 23:34:11
Running from C:\
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2014 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4794 - AVG Technologies)
AVG 2014 (Version: 14.0.4189 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4794 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (Version: 14.0.1001.156 - AVG) Hidden
AVG PC TuneUp Language Pack (en-US) (Version: 12.0.4000.108 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BorgataPoker (HKLM\...\BorgataPoker) (Version:  - theBorgata)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM\...\MP Navigator EX 5.1) (Version:  - )
Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version:  - )
Canon MX430 series On-screen Manual (HKLM\...\Canon MX430 series On-screen Manual) (Version:  - )
Canon MX430 series User Registration (HKLM\...\Canon MX430 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Dell DataSafe Online (HKLM\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08335 - Dell)
DesktopDock (HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\...\DesktopDock) (Version: 1.0.1.32 - DesktopDock)
Digital Voice Editor 3 (HKLM\...\{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}) (Version: 3.3.01.11240 - Sony Corporation)
FamilySearch Indexing (HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\...\FamilySearch Indexing) (Version:  - Intellectual Reserve, Inc.)
FamilySearch Indexing 3.13.1 (HKLM\...\0591-8077-9297-0833) (Version: 3.13.1 - FamilySearch)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 14.5 - Intel)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.710 - Oracle)
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.2.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 31.2.0 ESR (x86 en-US)) (Version: 31.2.0 - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation)
PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RootsMagic 5.0.4.1 (HKLM\...\{C1689DDD-6378-4966-8865-6292D7141A6A}_is1) (Version:  - RootsMagic, Inc.)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Uninstall FamilySearch Indexing (HKU\S-1-5-21-2821682522-1311732649-3067762728-1005\...\Uninstall FamilySearch Indexing) (Version:  - Intellectual Reserve, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}\InprocServer32 -> C:\WINDOWS\system32\pngfilt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-2821682522-1311732649-3067762728-1005_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll  (the data entry has 7 more characters).
 
==================== Restore Points  =========================
 
22-08-2014 03:55:37 System Checkpoint
26-08-2014 03:02:24 System Checkpoint
27-08-2014 03:19:05 System Checkpoint
28-08-2014 14:20:29 System Checkpoint
29-08-2014 20:12:29 System Checkpoint
30-08-2014 23:21:51 System Checkpoint
01-09-2014 20:52:17 System Checkpoint
02-09-2014 21:24:43 System Checkpoint
03-09-2014 22:39:04 System Checkpoint
05-09-2014 12:28:27 System Checkpoint
07-09-2014 17:28:20 System Checkpoint
09-09-2014 01:54:27 System Checkpoint
10-09-2014 02:59:56 System Checkpoint
11-09-2014 03:41:42 System Checkpoint
12-09-2014 10:53:07 Software Distribution Service 3.0
14-09-2014 18:04:42 System Checkpoint
15-09-2014 18:28:09 System Checkpoint
17-09-2014 02:13:57 System Checkpoint
18-09-2014 03:44:29 System Checkpoint
19-09-2014 11:36:40 System Checkpoint
20-09-2014 22:30:53 System Checkpoint
21-09-2014 22:59:47 System Checkpoint
23-09-2014 01:14:15 System Checkpoint
24-09-2014 01:40:56 System Checkpoint
25-09-2014 01:44:12 System Checkpoint
26-09-2014 12:09:55 System Checkpoint
27-09-2014 14:48:10 System Checkpoint
29-09-2014 18:05:25 System Checkpoint
01-10-2014 01:50:47 System Checkpoint
02-10-2014 11:53:09 System Checkpoint
03-10-2014 12:17:04 System Checkpoint
04-10-2014 22:42:41 System Checkpoint
05-10-2014 22:52:58 System Checkpoint
07-10-2014 03:13:51 System Checkpoint
08-10-2014 11:26:32 System Checkpoint
09-10-2014 22:55:44 System Checkpoint
11-10-2014 03:28:42 System Checkpoint
12-10-2014 23:20:13 System Checkpoint
14-10-2014 02:37:09 System Checkpoint
15-10-2014 02:37:46 System Checkpoint
16-10-2014 11:30:58 Software Distribution Service 3.0
20-10-2014 20:06:08 System Checkpoint
21-10-2014 21:26:24 System Checkpoint
22-10-2014 22:31:21 System Checkpoint
24-10-2014 11:14:12 System Checkpoint
25-10-2014 11:24:10 System Checkpoint
26-10-2014 17:04:32 System Checkpoint
28-10-2014 01:14:02 System Checkpoint
29-10-2014 03:16:29 System Checkpoint
29-10-2014 19:57:22 Installed Java 7 Update 71
31-10-2014 02:34:25 System Checkpoint
01-11-2014 21:11:25 System Checkpoint
02-11-2014 22:06:26 System Checkpoint
04-11-2014 02:13:06 System Checkpoint
05-11-2014 20:20:36 System Checkpoint
07-11-2014 03:48:50 System Checkpoint
08-11-2014 11:05:06 System Checkpoint
10-11-2014 00:07:08 System Checkpoint
11-11-2014 00:49:25 System Checkpoint
12-11-2014 01:37:56 System Checkpoint
12-11-2014 17:09:34 Software Distribution Service 3.0
14-11-2014 01:04:23 System Checkpoint
15-11-2014 13:42:39 System Checkpoint
16-11-2014 21:15:48 System Checkpoint
17-11-2014 22:40:52 System Checkpoint
19-11-2014 20:52:34 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-25 11:16 - 2013-09-21 18:01 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005Core.job => C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005UA.job => C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RocketTab Update Task.job => C:\Program Files\Search Extensions\uninstall.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RocketTab.job => C:\Program Files\Search Extensions\Client.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-11 18:05 - 2014-08-11 18:04 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-08-11 18:05 - 2014-08-11 18:04 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 01807600 _____ () C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
2009-11-13 16:15 - 2009-11-13 16:15 - 00275696 _____ () C:\Program Files\Dell DataSafe Online\SdbShared.dll
2008-11-03 10:54 - 2008-11-03 10:54 - 00058608 _____ () C:\Program Files\Dell DataSafe Online\BalloonWindow.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00095472 _____ () C:\Program Files\Dell DataSafe Online\SdbUI.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00152816 _____ () C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00017648 _____ () C:\Program Files\Dell DataSafe Online\cpputils.dll
2014-02-13 08:40 - 2014-03-20 22:23 - 01603608 _____ () C:\Program Files\AVG SafeGuard toolbar\TBAPI.dll
2014-02-13 08:40 - 2014-08-25 18:49 - 02640408 _____ () C:\Program Files\AVG SafeGuard toolbar\vprot.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2821682522-1311732649-3067762728-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Barbara (S-1-5-21-2821682522-1311732649-3067762728-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Barbara
Guest (S-1-5-21-2821682522-1311732649-3067762728-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2821682522-1311732649-3067762728-1004 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-2821682522-1311732649-3067762728-1002 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/22/2014 10:43:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
Error: (11/21/2014 08:40:39 AM) (Source: Userenv) (EventID: 1007) (User: NT AUTHORITY)
Description: Windows cannot determine the associated site for this computer. (The RPC server is too busy to complete this operation. ). Group Policy processing aborted.
 
Error: (11/21/2014 08:40:39 AM) (Source: Userenv) (EventID: 1007) (User: D32K5JC1)
Description: Windows cannot determine the associated site for this computer. (The RPC server is too busy to complete this operation. ). Group Policy processing aborted.
 
Error: (11/21/2014 06:53:25 AM) (Source: ESENT) (EventID: 490) (User: )
Description: wuauclt (3732) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/21/2014 06:53:14 AM) (Source: ESENT) (EventID: 490) (User: )
Description: wuauclt (3368) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/21/2014 06:53:04 AM) (Source: ESENT) (EventID: 490) (User: )
Description: wuauclt (260) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/21/2014 06:52:53 AM) (Source: ESENT) (EventID: 490) (User: )
Description: wuauclt (2564) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/21/2014 06:52:43 AM) (Source: ESENT) (EventID: 490) (User: )
Description: wuauclt (1944) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/21/2014 06:52:33 AM) (Source: ESENT) (EventID: 490) (User: )
Description: wuauclt (2040) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/21/2014 06:52:22 AM) (Source: ESENT) (EventID: 490) (User: )
Description: wuauclt (376) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (11/22/2014 11:33:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1066
 
Error: (11/22/2014 11:33:07 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Workstation service terminated with service-specific error 2250 (0x8CA).
 
Error: (11/22/2014 11:33:07 PM) (Source: Workstation) (EventID: 5727) (User: )
Description: Could not load RDR device driver.
 
Error: (11/22/2014 11:33:07 PM) (Source: Workstation) (EventID: 5727) (User: )
Description: Could not load MRxSmb device driver.
 
Error: (11/22/2014 11:32:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1066
 
Error: (11/22/2014 11:32:28 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Workstation service terminated with service-specific error 2250 (0x8CA).
 
Error: (11/22/2014 11:32:27 PM) (Source: Workstation) (EventID: 5727) (User: )
Description: Could not load RDR device driver.
 
Error: (11/22/2014 11:32:27 PM) (Source: Workstation) (EventID: 5727) (User: )
Description: Could not load MRxSmb device driver.
 
Error: (11/22/2014 11:32:27 PM) (Source: DCOM) (EventID: 10000) (User: D32K5JC1)
Description: Unable to start a DCOM Server: {CA3A5461-96B5-46DD-9341-5350D3C94615}.
The error:
"%%6"
Happened while starting this command:
"C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\ScriptHelper.exe" -Embedding
 
Error: (11/22/2014 11:32:27 PM) (Source: DCOM) (EventID: 10000) (User: D32K5JC1)
Description: Unable to start a DCOM Server: {CA3A5461-96B5-46DD-9341-5350D3C94615}.
The error:
"%%6"
Happened while starting this command:
"C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\ScriptHelper.exe" -Embedding
 
 
Microsoft Office Sessions:
=========================
Error: (03/03/2010 05:33:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 35%
Total physical RAM: 2037.1 MB
Available physical RAM: 1315.03 MB
Total Pagefile: 3928.91 MB
Available Pagefile: 3320.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.51 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:298.05 GB) (Free:263 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (sysrcd-4.3.1) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Hello retxab! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

Attached is the flixlog.

 

 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-11-2014 01

Ran by Barbara at 2014-11-23 17:39:32 Run:1
Running from C:\
Loaded Profiles: Barbara & Administrator (Available profiles: Barbara & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
Task: C:\WINDOWS\Tasks\RocketTab Update Task.job => C:\Program Files\Search Extensions\uninstall.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RocketTab.job => C:\Program Files\Search Extensions\Client.exe <==== ATTENTION
HKLM\...\Run: [PCTechHotline] => C:\Program Files\PCTechHotline\PCTechHotline.exe [1904968 2014-11-05] (Crawler, LLC)
HKLM\...\Run: [spywareClearShield] => C:\Program Files\Spyware Clear\SpywareClearShield.exe [3733864 2014-11-05] (Crawler.com)
HKLM\...\Run: [spywareClearUpdater] => C:\Program Files\Spyware Clear\SpywareClearUpdate.exe [5411176 2014-11-05] (Crawler.com)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
R2 PCTechHotlineSvc; C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe [701768 2014-11-05] (Crawler, LLC) [File not signed]
S1 MRxSmb; system32\DRIVERS\mrxsmb.sys [X]
2014-11-19 18:39 - 2014-11-19 18:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spyware Clear
2014-11-19 18:39 - 2014-11-19 18:46 - 00000000 ____D () C:\Program Files\Spyware Clear
2014-11-19 18:39 - 2014-11-19 18:42 - 00000000 ____D () C:\Program Files\PCTechHotline
2014-11-19 18:39 - 2014-11-19 18:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Clear
2014-11-19 18:39 - 2014-11-19 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PC Tech Hotline
2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Program Files\Couponarific
2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Documents and Settings\Barbara\Application Data\Spyware Clear
2014-11-19 18:39 - 2014-11-19 18:39 - 00000000 ____D () C:\Documents and Settings\Barbara\Application Data\PC Tech Hotline
C:\Documents and Settings\Barbara\Local Settings\temp\sp-downloader.exe
C:\Documents and Settings\Barbara\Local Settings\temp\spywareclearADK.exe
End
*****************
 
C:\WINDOWS\Tasks\RocketTab Update Task.job => Moved successfully.
C:\WINDOWS\Tasks\RocketTab.job => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PCTechHotline => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareClearShield => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareClearUpdater => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
PCTechHotlineSvc => Service stopped successfully.
PCTechHotlineSvc => Service deleted successfully.
MRxSmb => Service deleted successfully.
 
"C:\Documents and Settings\All Users\Application Data\Spyware Clear" directory move:
 
Could not move "C:\Documents and Settings\All Users\Application Data\Spyware Clear\ST_RL.spt" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\Update\ST_1_CSD_3.000.000.0006.cab => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\Update\ST_1_DB_8.011.019.0001.cab => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\Shared\ST_1_CSD_3.000.000.0006.cab => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\Shared\ST_1_CSD_3.000.000.0006.ini => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\Shared\ST_1_CSD_3.000.000.0006.torrent => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\Shared\ST_1_DB_8.011.019.0001.cab => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\Shared\ST_1_DB_8.011.019.0001.ini => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\Shared\ST_1_DB_8.011.019.0001.torrent => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\Reports\scan_0001.rpt => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\185_en_1.pngx => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\186_en_2.pngx => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\187_en_4.pngx => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\188_en_1.pngx => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\189_en_2.pngx => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\191_en_6.pngx => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\192_en_2.pngx => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\193_en_1.pngx => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\251_en_2.pngx => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\275_en_1.pngx => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\276_en_1.pngx => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\277_en_1.pngx => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\278_en_1.pngx => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\302_en_2.pngx => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\303_en_1.pngx => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\307_en_3.pngx => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\News\308_en_1.pngx => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear\Addons\addons.xml => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Spyware Clear" directory. => Scheduled to move on reboot.
 
C:\Program Files\Spyware Clear => Moved successfully.
C:\Program Files\PCTechHotline => Moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Clear => Moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PC Tech Hotline => Moved successfully.
C:\Program Files\Couponarific => Moved successfully.
C:\Documents and Settings\Barbara\Application Data\Spyware Clear => Moved successfully.
C:\Documents and Settings\Barbara\Application Data\PC Tech Hotline => Moved successfully.
C:\Documents and Settings\Barbara\Local Settings\temp\sp-downloader.exe => Moved successfully.
C:\Documents and Settings\Barbara\Local Settings\temp\spywareclearADK.exe => Moved successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-23 17:40:55)<=
 
C:\Documents and Settings\All Users\Application Data\Spyware Clear\ST_RL.spt => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Clear => Is moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Threat Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • In your next reply, post the following log files:
    • Malwarebytes' Anti-Malware log
    • ESET Online Scanner log
Link to post
Share on other sites

Attached are the logs

 

  Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 11/24/2014
Scan Time: 4:58:12 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.24.08
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Barbara
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342614
Time Elapsed: 8 min, 23 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 4
PUP.Optional.DeskTopDock.A, C:\Program Files\Desktop Dock, Quarantined, [efa945fa7c00261071bbe75db350df21], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Local Settings\Application Data\DesktopDock, Quarantined, [6335350ad0ac5cdab479c77d8f7457a9], 
PUP.Optional.SearchExtensions.A, C:\Program Files\Search Extensions, Quarantined, [1682cd72116b8aac379e13a446bed52b], 
PUP.Optional.SearchExtensions.A, C:\Program Files\Search Extensions\Resources, Quarantined, [1682cd72116b8aac379e13a446bed52b], 
 
Files: 7
PUP.Optional.OptimunInstaller, C:\Documents and Settings\Barbara\My Documents\Downloads\fl_setup.exe, Quarantined, [9503fa45ef8df93d17cdcc7d05fb956b], 
PUP.Optional.DeskTopDock.A, C:\Program Files\Desktop Dock\unins000.dat, Quarantined, [efa945fa7c00261071bbe75db350df21], 
PUP.Optional.DeskTopDock.A, C:\Program Files\Desktop Dock\DesktopDock.exe.config, Quarantined, [efa945fa7c00261071bbe75db350df21], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Local Settings\Application Data\DesktopDock\DesktopDockApp.dat, Quarantined, [6335350ad0ac5cdab479c77d8f7457a9], 
PUP.Optional.SearchExtensions.A, C:\Program Files\Search Extensions\TrustedRoot.cer, Quarantined, [1682cd72116b8aac379e13a446bed52b], 
PUP.Optional.SearchExtensions.A, C:\Program Files\Search Extensions\config.dat, Quarantined, [1682cd72116b8aac379e13a446bed52b], 
PUP.Optional.SearchExtensions.A, C:\Program Files\Search Extensions\makecert.exe, Quarantined, [1682cd72116b8aac379e13a446bed52b], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 C:\FRST\Quarantine\C\Documents and Settings\Barbara\Local Settings\temp\sp-downloader.exe.xBAD Win32/Toolbar.Conduit.R potentially unwanted application deleted - quarantined
C:\Program Files\NCH Software\Components\NCHToolbars\ask.com\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
Link to post
Share on other sites

Latest malwarebytes scan came back clean. Custom malwarebytes scan for rootkits came back clean.

One minor problem. A window pops up during the desktop loading process showing the following folder:

c:\Documents and Settings\Barbara\Application Data\AVG

How can I prevent this window from popping up?

Link to post
Share on other sites

Disregard my pervious post. Much better now.

 

Latest malwarebyes scan log:

 Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 11/29/2014
Scan Time: 1:01:25 AM
Logfile: mbam2.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.28.10
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Barbara
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340439
Time Elapsed: 5 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 3
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int, , [94967cc5502ca195c13196a9a2610cf4], 
 
Files: 39
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\DockData.ice, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\log.log, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\instagram.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\africa.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\asia.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\blogspot.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\bus.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\business.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ch.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ent.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\europe.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Facebook.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ff.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\foot.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\games.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\games2.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\golf.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\horoscope.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\icon-news.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ie.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Linkedin.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\lnews.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\me.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\msport.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\opera.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\reddit.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Settings.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\skyrocket.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\space.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\tech.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\tennis.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\twitter.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\us.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Wikipedia.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\wnews.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\wsport.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\yahoonews.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Yahoow.png, , [94967cc5502ca195c13196a9a2610cf4], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Youtube.png, , [94967cc5502ca195c13196a9a2610cf4], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

I quaranteed the files above and then deleted them using MBAM. Attached is the relevant log. Additional MBAM scans come up clean.

 

 Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 11/30/2014
Scan Time: 5:03:22 AM
Logfile: mbam3.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.28.10
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Barbara
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340276
Time Elapsed: 6 min, 5 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 3
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
 
Files: 40
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\DockData.ice, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\log.log, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\instagram.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\africa.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\asia.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\blogspot.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\bus.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\business.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ch.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ent.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\europe.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Facebook.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ff.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\foot.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\games.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\games2.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\golf.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\horoscope.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\icon-news.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\ie.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Linkedin.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\lnews.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\me.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\msport.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\opera.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\reddit.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Settings.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\skyrocket.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\space.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\tech.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\tennis.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Thumbs.db, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\twitter.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\us.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Wikipedia.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\wnews.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\wsport.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\yahoonews.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Yahoow.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
PUP.Optional.DeskTopDock.A, C:\Documents and Settings\Barbara\Application Data\Dock\Icons\int\Youtube.png, Quarantined, [1515d76a6a12d660d121a897e221fa06], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Attached are two logs. The first log detected the files that were quarantined at a previous step from FRST. The second log is clean.

 

 "Whole Computer Scan"

"Medium severity";"8";"8";"0"
"Scanned folders:";"Scan Whole Computer"
"Started:";"11/29/2014, 12:07:42 AM"
"Finished:";"11/29/2014, 12:49:12 AM"
"Scanned items:";"229560"
"Launched by:";"Barbara"
 
"Name";"Description";"Status";"Status";"Priority"
"C:\FRST\Quarantine\C\Program Files\Spyware Clear\SC_Svc.exe";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium"
"C:\FRST\Quarantine\C\Program Files\Spyware Clear\SpywareClearUpdate.exe";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium"
"C:\FRST\Quarantine\C\Program Files\Spyware Clear\SCShell.dll";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium"
"C:\FRST\Quarantine\C\Program Files\Spyware Clear\SpywareClearShield.exe";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium"
"C:\FRST\Quarantine\C\Program Files\PCTechHotline\PCTHdesk.dll";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium"
"C:\FRST\Quarantine\C\Program Files\PCTechHotline\PCTechHotlineSvc.exe";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium"
"C:\FRST\Quarantine\C\Program Files\PCTechHotline\PCTechHotline.exe";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium"
"C:\FRST\Quarantine\C\Program Files\Spyware Clear\SpywareClear.exe";"Found MalSign.Generic.41B";"Secured";"Healed";"Medium"
 
 "Whole Computer Scan"
"No infection was found during this scan"
"Scanned folders:";"Scan Whole Computer"
"Started:";"12/1/2014, 1:12:22 AM"
"Finished:";"12/1/2014, 1:43:51 AM"
"Scanned items:";"229264"
"Launched by:";"Barbara"
Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • 4 months later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.