Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Can't Remove Persistent Pop Ups [Solved]

Pop Ups

  • This topic is locked This topic is locked
25 replies to this topic

#1 devonrexcatz

devonrexcatz

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 30 October 2014 - 08:43 PM

Hi

 

My daughter has asked me to seek help in removing some persistent pop ups on her computer. I added Ad Block Plus to Chrome in the meantime so I haven't seen the pop ups myself but I have been told they are probably malicious and need to be removed regardless of whether they are actively popping up or not.

 

 

Pop Ups:

 

1. Gongrats...you've won an ipad.

 

2. Pop Up which plays iphone ring tone. Is tricky to shut out of.

 

3. Other pop ups which say survey in the tab and this pop up plays audio of someone talking like a motivational speaker.

 

 

 

Usually appear on her personal bank site, Target, Big W, Ebay, Gumtree and some other sites.

 

Using MalwareBytes, AVG and Super Anti Spyware.

 

I haven't been here for a while so I hope I've posted correctly.

 

 

Thankyou

 

Belinda & Rachael

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:10:18 PM, on 31/10/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\OLYMPUS\ODMS_R6\DM_TM\Notification.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\OLYMPUS\DeviceDetector\DeviceDetector4.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\WINDOWS\system32\CNAB3RPK.EXE
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Rachael\Local Settings\Apps\2.0\HZDRYRYV.PPY\C0KZE42W.Y5Z\jssc..tion_1d687127433bb7b3_0001.0000_f5da92438828112a\JsScreenShotProgram.exe
C:\Documents and Settings\Rachael\Application Data\uTorrent\uTorrent.exe
C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe
C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
E:\User Data\Rachael\Downloads\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Olympus Notification] C:\Program Files\OLYMPUS\ODMS_R6\DM_TM\Notification.exe
O4 - HKLM\..\Run: [Olympus DSS UpdateManager] "C:\Program Files\OLYMPUS\ODMS_R6\DM_TM\UpdateManager.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Rachael\Application Data\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\RunOnce: [1026_19351251137120] "C:\Documents and Settings\Rachael\Local Settings\Application Data\LMIR0001.tmp_r.bat"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1708537768-1364589140-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Device Detector 4.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DeviceDetector4.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1375351728078
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Olympus DVR Service - OLYMPUS IMAGING CORP. - C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
 
--
End of file - 8985 bytes
 

 

 

 


    Advertisements

Register to Remove


#2 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 31 October 2014 - 06:24 AM

Hello devonrexcatz and welcome to the WTT forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

P2P – I see your daughter’s computer has P2P software, (uTorrent), installed on her machine.

We are not here to pass judgment on file-sharing as a concept you should warn her that engaging in this activity will always make the computer very susceptible to infection and re-infection.

It almost certainly contributed to the current situation.

Please note: even if it is a "safe" P2P program, it is only the program that is safe. The computer will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Add or remove Programs. .

Should she decide to keep it, please don’t use it until we have finished up here.

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called FRST.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Logs to include with next post:

AdwCleaner log
JRT.txt
FRST.txt
Addition.txt


Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#3 devonrexcatz

devonrexcatz

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 31 October 2014 - 07:35 AM

Hi Satchfan...thanks for your assistance. I'll get onto it and report back.
Belinda

#4 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 31 October 2014 - 08:09 AM

:thumbup:


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#5 devonrexcatz

devonrexcatz

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 31 October 2014 - 08:00 PM

Hi Satchfan

 

Info below.

 

Thanks

Belinda

 

 
 
# AdwCleaner v3.311 - Report created 01/11/2014 at 11:33:59
# Updated 30/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Rachael - RACHAEL-PC
# Running from : E:\User Data\Rachael\Downloads\adwcleaner_3.311.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\DOCUME~1\Rachael\LOCALS~1\Temp\AirInstaller
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t0k3ugot.default\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t0k3ugot.default\Extensions\staged\ffxtlbr@mysearchdial.com
File Deleted : C:\Documents and Settings\Rachael\Desktop\Facebook.lnk
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t0k3ugot.default\user.js
File Deleted : C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKCU\Software\AVG Nation toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\AVG Nation toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v6.0.2900.5512
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t0k3ugot.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
 
[ File : C:\Documents and Settings\Rachael\Application Data\Mozilla\Firefox\Profiles\w2bm706i.default\prefs.js ]
 
 
-\\ Google Chrome v38.0.2125.111
 
[ File : C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://gumtree.com.au/s-search-results.html?keyword={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2826 octets] - [01/11/2014 11:31:06]
AdwCleaner[S0].txt - [2948 octets] - [01/11/2014 11:33:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3008 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Microsoft Windows XP x86
Ran by Rachael on Sat 01/11/2014 at 11:39:05.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/11/2014 at 11:41:42.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2014 01
Ran by Rachael (administrator) on RACHAEL-PC on 01-11-2014 11:49:03
Running from E:\User Data\Rachael\Downloads
Loaded Profiles: UpdatusUser & Rachael (Available profiles: UpdatusUser & Rachael & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(OLYMPUS IMAGING CORP.) C:\Program Files\OLYMPUS\ODMS_R6\DM_TM\Notification.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(OLYMPUS IMAGING CORP.) C:\Program Files\OLYMPUS\DeviceDetector\DeviceDetector4.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(CANON INC.) C:\WINDOWS\system32\CNAB3RPK.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33673216 2009-08-28] (VIA Technologies, Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2586912 2013-06-21] ()
HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-17] (NVIDIA Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [Olympus Notification] => C:\Program Files\OLYMPUS\ODMS_R6\DM_TM\Notification.exe [549888 2012-10-19] (OLYMPUS IMAGING CORP.)
HKLM\...\Run: [Olympus DSS UpdateManager] => C:\Program Files\OLYMPUS\ODMS_R6\DM_TM\UpdateManager.exe [493568 2012-10-19] (OLYMPUS IMAGING CORP.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1708537768-1364589140-839522115-1005\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1708537768-1364589140-839522115-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-10-08] (SUPERAntiSpyware)
HKU\S-1-5-21-1708537768-1364589140-839522115-1005\...\MountPoints2: {8bac601e-5a04-11e4-bc6a-00248c8cf187} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 4.lnk
ShortcutTarget: Device Detector 4.lnk -> C:\Program Files\OLYMPUS\DeviceDetector\DeviceDetector4.exe (OLYMPUS IMAGING CORP.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Rachael\Application Data\Mozilla\Firefox\Profiles\w2bm706i.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-02]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Photo Editor) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aenihapfpbplnoodpaebohaknejoidaj [2014-04-04]
CHR Extension: (Google Docs) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-22]
CHR Extension: (Google Drive) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-15]
CHR Extension: (Facebook) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-04-08]
CHR Extension: (Wallpaper) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cbipkhomahgllbfjlpkdlcgicdmffggb [2014-05-02]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-31]
CHR Extension: (Google Search) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-22]
CHR Extension: (Gumtree AU) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkikcapmobbpchilifibnfndebjdeilg [2014-03-24]
CHR Extension: (Candy) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fiejadjmcgacmocgeegodfhligbpecdg [2014-03-26]
CHR Extension: (Photo Editor) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fljockdiglkojioiphfiombienapajhc [2014-04-04]
CHR Extension: (AdBlock) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-31]
CHR Extension: (iPiccy Photo Editor) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2014-03-24]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (piZap Photo Editor) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\occpjibghkbopohbefbejkklnfdkdmok [2014-03-24]
CHR Extension: (Adblock Pro) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-10-31]
CHR Extension: (Picky Wallpapers) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj [2014-05-02]
CHR Extension: (My Chrome Theme) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-03-24]
CHR Extension: (Gmail) - C:\Documents and Settings\Rachael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-22]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-13] (SUPERAntiSpyware.com)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG)
S3 Olympus DVR Service; C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174592 2012-10-19] (OLYMPUS IMAGING CORP.) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [39424 2009-08-05] (Atheros Communications, Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2013-08-01] ()
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-02-25] (NVIDIA Corporation)
S3 qcserxp; C:\WINDOWS\System32\DRIVERS\qcserxp.sys [103424 2009-01-24] (QUALCOMM Incorporated)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [1390976 2009-08-17] (VIA Technologies, Inc.)
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S4 IntelIde; No ImagePath
S3 mcdbus; system32\DRIVERS\mcdbus.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-05] () [File not signed]
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-01 11:48 - 2014-11-01 11:49 - 00000000 ____D () C:\FRST
2014-11-01 11:41 - 2014-11-01 11:41 - 00000591 _____ () C:\Documents and Settings\Rachael\Desktop\JRT.txt
2014-11-01 11:39 - 2014-11-01 11:39 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-01 11:37 - 2014-11-01 11:37 - 00003088 _____ () C:\Documents and Settings\Rachael\Desktop\AdwCleaner[S0].txt
2014-11-01 11:31 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-11-01 11:29 - 2014-11-01 11:35 - 00000000 ____D () C:\AdwCleaner
2014-10-31 15:16 - 2014-10-31 15:16 - 00000000 ____D () C:\Documents and Settings\Rachael\Local Settings\Application Data\etax2014
2014-10-31 15:15 - 2014-10-31 15:15 - 00001710 _____ () C:\Documents and Settings\Rachael\Desktop\e-tax 2014.lnk
2014-10-31 15:15 - 2014-10-31 15:15 - 00000000 ____D () C:\Program Files\etax2014
2014-10-31 15:15 - 2014-10-31 15:15 - 00000000 ____D () C:\Documents and Settings\Rachael\Start Menu\Programs\e-tax 2014
2014-10-31 12:37 - 2014-10-31 12:37 - 00470698 _____ () C:\Documents and Settings\Rachael\Desktop\comp.txt
2014-10-31 12:17 - 2014-10-31 12:18 - 01368974 _____ () C:\Documents and Settings\Rachael\Desktop\xp Computer.nfo
2014-10-31 12:12 - 2014-10-31 12:12 - 00008986 _____ () C:\Documents and Settings\Rachael\Desktop\hijackthis.log
2014-10-30 18:53 - 2014-10-30 18:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-14 20:14 - 2012-10-28 00:00 - 00192512 _____ (CANON INC.) C:\WINDOWS\system32\CNAB3EMU.DLL
2014-10-14 20:14 - 2012-10-28 00:00 - 00163840 _____ (CANON INC.) C:\WINDOWS\system32\CNAB3SMK.DLL
2014-10-14 20:14 - 2012-10-28 00:00 - 00113856 _____ (CANON INC.) C:\WINDOWS\system32\CNAB3RPK.EXE
2014-10-14 20:14 - 2012-10-28 00:00 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\CNAB3LMK.DLL
2014-10-14 20:14 - 2012-10-28 00:00 - 00057344 _____ (CANON INC.) C:\WINDOWS\system32\CNAB3PTU.DLL
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-01 11:49 - 2013-08-01 19:16 - 00000000 ____D () C:\Documents and Settings\Rachael\Local Settings\Temp
2014-11-01 11:41 - 2013-08-02 02:49 - 00605272 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-01 11:37 - 2013-08-01 17:01 - 01536194 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-01 11:36 - 2014-08-10 13:14 - 00000000 ____D () C:\Documents and Settings\Rachael\Local Settings\Application Data\HTC MediaHub
2014-11-01 11:36 - 2014-03-31 08:02 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-01 11:36 - 2013-08-15 17:25 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-01 11:36 - 2013-08-15 13:48 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-01 11:36 - 2013-08-02 02:50 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-01 11:36 - 2013-08-02 02:50 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-11-01 11:36 - 2013-08-01 17:06 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-01 11:36 - 2004-08-04 22:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-01 11:35 - 2013-08-01 19:16 - 00000178 ___SH () C:\Documents and Settings\Rachael\ntuser.ini
2014-11-01 11:35 - 2013-08-01 17:06 - 00032586 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-01 11:31 - 2013-08-15 13:48 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-01 11:27 - 2014-06-30 20:58 - 00000000 ____D () C:\Documents and Settings\Rachael\Application Data\uTorrent
2014-11-01 11:21 - 2013-08-08 16:21 - 00000416 _____ () C:\WINDOWS\Tasks\At1.job
2014-11-01 11:10 - 2013-08-03 18:23 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-01 08:31 - 2013-08-15 14:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-10-31 22:59 - 2013-08-01 18:26 - 00000000 ____D () C:\Documents and Settings\UpdatusUser\Local Settings\Temp
2014-10-31 18:31 - 2013-08-01 18:32 - 00006380 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-10-31 09:49 - 2014-07-14 09:02 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-30 18:53 - 2014-07-14 09:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-30 18:53 - 2013-08-11 18:43 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-29 23:56 - 2013-08-01 19:40 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-10-29 11:28 - 2014-08-10 13:10 - 00000000 ____D () C:\Temp
2014-10-29 11:28 - 2013-08-02 02:46 - 01124674 _____ () C:\WINDOWS\setupapi.log
2014-10-29 11:28 - 2013-08-02 02:46 - 00189898 _____ () C:\WINDOWS\setupact.log
2014-10-29 00:42 - 2013-08-02 02:49 - 01328414 _____ () C:\WINDOWS\iis6.log
2014-10-29 00:42 - 2013-08-02 02:49 - 01224579 _____ () C:\WINDOWS\FaxSetup.log
2014-10-29 00:42 - 2013-08-02 02:49 - 00599737 _____ () C:\WINDOWS\ocgen.log
2014-10-29 00:42 - 2013-08-02 02:49 - 00565710 _____ () C:\WINDOWS\tsoc.log
2014-10-29 00:42 - 2013-08-02 02:49 - 00414126 _____ () C:\WINDOWS\comsetup.log
2014-10-29 00:42 - 2013-08-02 02:49 - 00372856 _____ () C:\WINDOWS\msmqinst.log
2014-10-29 00:42 - 2013-08-02 02:49 - 00249795 _____ () C:\WINDOWS\ntdtcsetup.log
2014-10-29 00:42 - 2013-08-02 02:49 - 00215750 _____ () C:\WINDOWS\netfxocm.log
2014-10-29 00:42 - 2013-08-02 02:49 - 00085905 _____ () C:\WINDOWS\MedCtrOC.log
2014-10-29 00:42 - 2013-08-02 02:49 - 00067990 _____ () C:\WINDOWS\ocmsn.log
2014-10-29 00:42 - 2013-08-02 02:49 - 00062406 _____ () C:\WINDOWS\tabletoc.log
2014-10-29 00:42 - 2013-08-02 02:49 - 00061619 _____ () C:\WINDOWS\msgsocm.log
2014-10-29 00:42 - 2013-08-02 02:49 - 00001943 _____ () C:\WINDOWS\imsins.log
2014-10-28 19:32 - 2014-03-22 14:04 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-10-27 00:35 - 2014-01-08 11:39 - 00000000 ____D () C:\Dictation
2014-10-17 03:05 - 2013-08-01 18:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-10-17 03:04 - 2013-08-15 03:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-17 03:00 - 2013-08-01 19:03 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-14 20:15 - 2014-08-27 08:37 - 00000000 ____D () C:\Program Files\Canon
2014-10-08 17:30 - 2014-03-31 08:02 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
 
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Rachael\Local Settings\Temp\24369uninstall.exe
C:\Documents and Settings\Rachael\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\Rachael\Local Settings\Temp\lowproc.exe
C:\Documents and Settings\Rachael\Local Settings\Temp\mirc732.exe
C:\Documents and Settings\Rachael\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Rachael\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\Rachael\Local Settings\Temp\Sqlite3.dll
C:\Documents and Settings\Rachael\Local Settings\Temp\stubhelper.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-10-2014 01
Ran by Rachael at 2014-11-01 11:49:28
Running from E:\User Data\Rachael\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.40 - Atheros Communications Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4189 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.2.0.7 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon LBP3000 (HKLM\...\Canon LBP3000) (Version:  - )
Canon MX300 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series) (Version:  - )
Canon RAW Codec (HKLM\...\Canon RAW Codec) (Version: 1.11.0.75 - Canon Inc.)
Drawn®: The Painted Tower ™ (HKLM\...\BFG-Drawn - The Painted Tower) (Version:  - )
e-tax 2014 (HKLM\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.10.788 - Australian Taxation Office)
Found: A Hidden Object Adventure (HKLM\...\BFG-Found - A Hidden Object Adventure) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)
HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{A9B3F8D5-DF4F-462B-81B7-4B69EBEDBC5B}) (Version: 11.2.0.115 - Apple Inc.)
Jays Snipping Tool (HKCU\...\e891758400ca417b) (Version: 1.0.0.12 - Missoula Software)
JPEG Recovery Pro 5.0 (HKLM\...\JPEG Recovery Pro5.0) (Version: 5.0 - e.World Technology Limited)
K-Lite Codec Pack 10.0.0 Basic (HKLM\...\KLiteCodecPack_is1) (Version: 10.0.0 - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mIRC (HKLM\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files&reg;: Escape from Ravenhearst™ Collector's Edition (HKLM\...\BFG-Mystery Case Files - Escape from Ravenhearst Collector's Edition) (Version:  - )
Mystery Case Files: Fate's Carnival Collector's Edition (HKLM\...\BFG-Mystery Case Files - Fates Carnival Collectors Edition) (Version:  - )
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
Olympus Dictation Management System R6 DM/TM (HKLM\...\{B1DF7A1C-B1D5-48C5-9380-966B2D5B82AA}) (Version: 6.1.1 - OLYMPUS IMAGING CORP.)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1032 - SUPERAntiSpyware.com)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
03-08-2014 15:03:53 System Checkpoint
04-08-2014 16:02:36 System Checkpoint
05-08-2014 16:15:21 System Checkpoint
06-08-2014 16:56:59 System Checkpoint
07-08-2014 00:21:42 Installed AVG 2014
07-08-2014 00:23:33 Removed AVG 2014
08-08-2014 01:22:43 System Checkpoint
09-08-2014 01:30:26 System Checkpoint
10-08-2014 01:35:06 System Checkpoint
10-08-2014 03:13:53 Installed HTC Sync Manager.
10-08-2014 17:00:33 Software Distribution Service 3.0
11-08-2014 17:21:47 System Checkpoint
12-08-2014 17:33:48 System Checkpoint
13-08-2014 17:00:16 Software Distribution Service 3.0
14-08-2014 17:24:50 System Checkpoint
15-08-2014 18:00:35 System Checkpoint
17-08-2014 02:13:52 System Checkpoint
18-08-2014 03:47:00 System Checkpoint
19-08-2014 04:01:57 System Checkpoint
20-08-2014 04:10:05 System Checkpoint
21-08-2014 05:02:04 System Checkpoint
22-08-2014 06:15:39 System Checkpoint
23-08-2014 07:39:40 System Checkpoint
24-08-2014 08:02:36 System Checkpoint
25-08-2014 08:59:25 System Checkpoint
26-08-2014 09:09:39 System Checkpoint
27-08-2014 09:41:58 System Checkpoint
28-08-2014 09:42:04 System Checkpoint
29-08-2014 10:42:03 System Checkpoint
31-08-2014 11:19:20 System Checkpoint
01-09-2014 11:19:44 System Checkpoint
02-09-2014 12:15:28 System Checkpoint
03-09-2014 13:47:06 System Checkpoint
04-09-2014 14:41:38 System Checkpoint
05-09-2014 14:42:05 System Checkpoint
06-09-2014 15:33:11 System Checkpoint
07-09-2014 15:40:50 System Checkpoint
08-09-2014 16:24:47 System Checkpoint
09-09-2014 18:09:38 System Checkpoint
10-09-2014 18:31:17 System Checkpoint
11-09-2014 17:00:14 Software Distribution Service 3.0
12-09-2014 17:24:57 System Checkpoint
14-09-2014 13:42:22 System Checkpoint
15-09-2014 14:29:52 System Checkpoint
16-09-2014 15:38:35 System Checkpoint
17-09-2014 15:50:33 System Checkpoint
18-09-2014 16:27:19 System Checkpoint
19-09-2014 18:11:52 System Checkpoint
20-09-2014 18:28:36 System Checkpoint
21-09-2014 19:23:22 System Checkpoint
22-09-2014 20:21:12 System Checkpoint
23-09-2014 20:33:14 System Checkpoint
24-09-2014 21:21:13 System Checkpoint
25-09-2014 21:33:12 System Checkpoint
26-09-2014 21:46:13 System Checkpoint
27-09-2014 22:33:13 System Checkpoint
28-09-2014 23:26:03 System Checkpoint
29-09-2014 23:33:13 System Checkpoint
01-10-2014 00:21:13 System Checkpoint
02-10-2014 01:33:12 System Checkpoint
03-10-2014 01:35:51 System Checkpoint
04-10-2014 02:11:44 System Checkpoint
05-10-2014 02:22:39 System Checkpoint
06-10-2014 03:17:19 System Checkpoint
07-10-2014 04:28:13 System Checkpoint
08-10-2014 05:16:13 System Checkpoint
09-10-2014 06:07:52 System Checkpoint
10-10-2014 06:18:24 System Checkpoint
11-10-2014 07:28:12 System Checkpoint
12-10-2014 08:16:13 System Checkpoint
13-10-2014 08:52:11 System Checkpoint
14-10-2014 09:02:23 System Checkpoint
15-10-2014 09:20:42 System Checkpoint
16-10-2014 09:31:40 System Checkpoint
16-10-2014 17:00:16 Software Distribution Service 3.0
17-10-2014 17:26:27 System Checkpoint
18-10-2014 17:52:52 System Checkpoint
19-10-2014 18:00:38 System Checkpoint
20-10-2014 18:39:52 System Checkpoint
21-10-2014 19:32:54 System Checkpoint
22-10-2014 20:14:42 System Checkpoint
23-10-2014 21:14:42 System Checkpoint
24-10-2014 22:14:43 System Checkpoint
25-10-2014 23:14:42 System Checkpoint
27-10-2014 00:02:42 System Checkpoint
28-10-2014 01:21:17 System Checkpoint
29-10-2014 02:02:43 System Checkpoint
30-10-2014 02:11:19 System Checkpoint
31-10-2014 03:10:08 System Checkpoint
31-10-2014 05:15:54 Installed e-tax 2014
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 22:00 - 2004-08-04 22:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Rachael\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (whitelisted) =============
 
2004-08-04 22:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 22:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00031080 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2014-08-06 13:41 - 2014-08-06 13:41 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2014-05-27 12:33 - 2014-05-27 12:33 - 00059752 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-05-27 12:33 - 2014-05-27 12:33 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-05-27 12:34 - 2014-05-27 12:34 - 00129376 _____ () C:\Program Files\HTC\HTC Sync Manager\zlib1.dll
2014-05-27 12:35 - 2014-05-27 12:35 - 00223592 _____ () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2014-08-06 13:42 - 2014-08-06 13:42 - 00821600 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-10-28 19:32 - 2014-10-22 14:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 19:32 - 2014-10-22 14:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1A15E356
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2CB9631F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4B6A9FDA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:AE34D87E
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1708537768-1364589140-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1708537768-1364589140-839522115-1003 - Limited - Enabled)
Guest (S-1-5-21-1708537768-1364589140-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1708537768-1364589140-839522115-1000 - Limited - Disabled)
Rachael (S-1-5-21-1708537768-1364589140-839522115-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Rachael
SUPPORT_388945a0 (S-1-5-21-1708537768-1364589140-839522115-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-1708537768-1364589140-839522115-1004 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/01/2014 11:36:36 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (11/01/2014 11:36:36 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (11/01/2014 11:36:36 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (11/01/2014 11:36:36 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (11/01/2014 11:31:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.25.5\DealPlyLiveHelper.msi
 
Error: (11/01/2014 10:47:43 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (11/01/2014 10:47:43 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (11/01/2014 10:38:42 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (11/01/2014 10:38:42 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (11/01/2014 10:31:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.25.5\DealPlyLiveHelper.msi
 
 
System errors:
=============
Error: (11/01/2014 11:36:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (11/01/2014 11:36:40 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1
 
Error: (11/01/2014 11:21:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942403
 
Error: (11/01/2014 10:21:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942403
 
Error: (11/01/2014 09:21:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942403
 
Error: (11/01/2014 08:21:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942403
 
Error: (11/01/2014 07:21:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942403
 
Error: (11/01/2014 06:21:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942403
 
Error: (11/01/2014 05:21:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942403
 
Error: (11/01/2014 04:21:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942403
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 23%
Total physical RAM: 3583.11 MB
Available physical RAM: 2751.16 MB
Total Pagefile: 5465.16 MB
Available Pagefile: 4651.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.78 GB) (Free:64.42 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: () (Fixed) (Total:465.75 GB) (Free:272.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: E997E997)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 0C030C02)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 01 November 2014 - 02:20 AM

Hi Belinda

The Farbar Recovery Scan Tool , (FRST), log shows nothing bad on the PC but there was some junk cleared up and a sign of DealPly in the log, (a browser plugin which can be easily classified as adware), so we’ll run another scan after FRST.


Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below.
 

Google Update Helper (Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Rachael\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Program Files\Google\Update\1.3.25.5\DealPlyLiveHelper.msi

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scanner” tab, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Please include the log in your next post together with Fixlog.txt and let me know if any problems remain.

Thanks

Satchfan

 

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#7 devonrexcatz

devonrexcatz

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 01 November 2014 - 03:11 AM

This does not work for me...saying no fixlist.txt found :(



#8 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 01 November 2014 - 03:26 AM

Where did you save fixlist.txt? It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

FRST was saved here:

E:\User Data\Rachael\Downloads

Therefore that is where fixlist.txt should be saved to.

Please make sure that is the case and then try again.

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#9 devonrexcatz

devonrexcatz

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 01 November 2014 - 06:08 AM

Thank you! Lol...I had the wrong folder.

 

 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-10-2014 01
Ran by Rachael at 2014-11-01 22:06:45 Run:1
Running from E:\User Data\Rachael\Downloads
Loaded Profiles: UpdatusUser & Rachael (Available profiles: UpdatusUser & Rachael & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Google Update Helper (Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Rachael\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Program Files\Google\Update\1.3.25.5\DealPlyLiveHelper.msi
*****************
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value deleted successfully.
C:\WINDOWS\Tasks\At1.job => Moved successfully.
"C:\Program Files\Google\Update\1.3.25.5\DealPlyLiveHelper.msi" => File/Directory not found.
 
==== End of Fixlog ====


#10 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 01 November 2014 - 04:11 PM

Please run Malwarebytes according to the previous instructions, post the log and tell me what problems remain.

 

Cheers

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

    Advertisements

Register to Remove


#11 devonrexcatz

devonrexcatz

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 01 November 2014 - 05:16 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/11/2014
Scan Time: 9:06:43 AM
Logfile: Malwarebytes.txt
Administrator: No
 
Version: 2.00.3.1025
Malware Database: v2014.11.01.09
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Rachael
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 411305
Time Elapsed: 6 min, 40 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 02 November 2014 - 02:41 AM

tell me what problems remain.

 

I need some feedback about how the computer is now and if there are any remaining problems.

 

Thanks

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#13 devonrexcatz

devonrexcatz

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 02 November 2014 - 03:53 AM

Hi Satchfan

 

The computer hasn't been used much this weekend but I'm happy to say when it has, so far, so good. Should I remove Ad Block Plus now or leave it? Thank you so much for your help! I'm very grateful. My son-in-law's computer needs fixing now so I'll start a new post soon.

 

Belinda & Rachael :)



#14 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 02 November 2014 - 04:09 AM

Should I remove Ad Block Plus now or leave it?

I don’t use it so I can’t give an opinion. At the end of the day it’s up to you. It has its uses and you can control the way it works to some extent. There is more information here which may help.


I’m pleased that things seem OK now but I’d like you to run an online scan to be sure that everything has gone. This scan may take some time so please be patient.

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Scan archives and Remove found threats
  • click Advanced settings and select the following:


    o    Scan potentially unwanted applications
    o    Scan for potentially unsafe applications
    o    Enable Anti-Stealth technology
     

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    Note - if ESET doesn't find any threats, no report will be created.
     
  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:

o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found

If threats were found:

o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    Click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here

Thanks

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#15 devonrexcatz

devonrexcatz

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 02 November 2014 - 08:16 AM

C:\Documents and Settings\Rachael\Local Settings\Temporary Internet Files\Content.IE5\2PWFOVEF\CAEU2F5I.htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\Rachael\Local Settings\Temporary Internet Files\Content.IE5\2PWFOVEF\fmr[1].js HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\Rachael\Local Settings\Temporary Internet Files\Content.IE5\6HCZ43WP\D%253Bdvm%253D%253Bdsr%253D%253Bdjs%253D%253Bdhs%253D%253Bq%253D%253Bk%253D%26seller_member_id%3D%24%7BSELLER_MEMBER_ID%7D%26tag_id%3D%24%7BTAG_ID%7D&cb=1414485820 HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\Rachael\Local Settings\Temporary Internet Files\Content.IE5\MHWJUJS9\CAI4NYPS.htm HTML/ScrInject.B.Gen virus deleted - quarantined

Related Topics




Also tagged with one or more of these keywords: Pop Ups

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users