Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan: JS/Iframe.DM infected my computer [Closed]

Started by KateC1 , Apr 19 2015 07:15 AM

  • This topic is locked This topic is locked

#1
KateC1
Posted 19 April 2015 - 07:15 AM

KateC1

    New Member

  • Member
  • Pip
  • 1 posts

Hello,

I use Windows 7, 64bit. Windows Defender found a trojan horse on my computer. I'm not sure if I picked it up from trying to set up an email link on my hp printer at HPconnected.com or from browsing images and DIY projects for porch swings. Both tabs were open. It attacked Internet Explorer. Windows Defender said it deleted the following: file:C:\Users\Kathy\AppData\Local\Windows\TemporaryInternetFiles\Low\Content:IE5\106M4Z0GV\fullcalendar.min[1].js

As soon as I tried to open Internet Explorer after the cleaning, it shut down again, so obviously there is something written that reactivates the trojan horse. I tried using AVAST but it didn't find it. I think the problem is in DOS (if it is still called that) and I am unsure as to the next procedure.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015
Ran by Kathy (administrator) on KATHY-PC on 19-04-2015 08:56:46
Running from C:\Users\Kathy\Desktop
Loaded Profiles: Kathy & UpdatusUser (Available profiles: Kathy & HomeGroupUser$ & Kathy XP programs & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Capital Intellect, Inc.) C:\Users\Kathy\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.18.4\BFHP.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
() C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Creative Home) C:\Program Files (x86)\Creative Home\Hallmark Card Studio Select\Planner\PLNRnote.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1293386045\ee\aolsoftware.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7b\shellmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7b\aolbrowser.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [397992 2011-07-26] (Ask)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1293386045\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [AddressBookReminderApp] => C:\Program Files (x86)\Creative Home\Hallmark Card Studio Select\ReminderApp.exe
HKU\S-1-5-21-952588860-2934446381-1091925672-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-952588860-2934446381-1091925672-1001\...\Run: [BFHP] => C:\Users\Kathy\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.18.4\BFHP.exe [415776 2015-03-10] (Capital Intellect, Inc.)
HKU\S-1-5-21-952588860-2934446381-1091925672-1001\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7b\AOL.EXE [72296 2014-08-19] (AOL Inc.)
HKU\S-1-5-21-952588860-2934446381-1091925672-1001\...\MountPoints2: {9ab67011-27cd-11e0-88c6-00038a000015} - G:\EasySuite.exe bootup
HKU\S-1-5-21-952588860-2934446381-1091925672-1001\...\MountPoints2: {9ab6701b-27cd-11e0-88c6-00038a000015} - G:\EasySuite.exe bootup
HKU\S-1-5-21-952588860-2934446381-1091925672-1001\...\MountPoints2: {b7702240-149f-11e1-8850-00038a000015} - G:\TL_Bootstrap.exe
HKU\S-1-5-21-952588860-2934446381-1091925672-1004\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [154144 2010-07-29] ()
HKU\S-1-5-21-952588860-2934446381-1091925672-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\eMachines.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk
ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files (x86)\Creative Home\Hallmark Card Studio Select\Planner\PLNRnote.exe (Creative Home)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-952588860-2934446381-1091925672-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-952588860-2934446381-1091925672-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language
HKU\S-1-5-21-952588860-2934446381-1091925672-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://www.yahoo.com/
URLSearchHook: HKU\S-1-5-21-952588860-2934446381-1091925672-1001 - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
URLSearchHook: HKU\S-1-5-21-952588860-2934446381-1091925672-1001 - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (MindSpark)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheri...q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {597b1823-7ff0-4cd3-8095-9d8cba514992} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKU\S-1-5-21-952588860-2934446381-1091925672-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcas...q={searchTerms}
SearchScopes: HKU\S-1-5-21-952588860-2934446381-1091925672-1001 -> {1D4A0D11-3C24-4554-A6BC-61300AC5BC5D} URL = http://search.yahoo....erms}&fr=mkg114
SearchScopes: HKU\S-1-5-21-952588860-2934446381-1091925672-1001 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://ws.infospace....r?_iceUrl=trueuser_id=%userid&tool_id=60231&qkw={searchTerms}
SearchScopes: HKU\S-1-5-21-952588860-2934446381-1091925672-1001 -> {44F4841A-B0E4-48A4-A7CF-DDB0EFD46504} URL = http://www.mypoints....&mypoints_brw=1
SearchScopes: HKU\S-1-5-21-952588860-2934446381-1091925672-1001 -> {597b1823-7ff0-4cd3-8095-9d8cba514992} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKU\S-1-5-21-952588860-2934446381-1091925672-1001 -> {A12274F0-7613-4508-89C1-86347175CE9B} URL = http://www.ask.com/w...src=0&o=0&l=dir
SearchScopes: HKU\S-1-5-21-952588860-2934446381-1091925672-1001 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = 
SearchScopes: HKU\S-1-5-21-952588860-2934446381-1091925672-1001 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox...id=80116&lng=en
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Toolbar BHO -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll [2012-12-09] (MindSpark)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Search Assistant BHO -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} -> C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll [2012-12-09] (MindSpark)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-07-26] (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-07-26] (Ask)
Toolbar: HKLM-x32 - MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll [2012-12-09] (MindSpark)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-952588860-2934446381-1091925672-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-952588860-2934446381-1091925672-1001 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {4AEF8AEE-3DE8-4B69-8B6E-6353B6C59B50} http://onesite.realp...ab/Realpage.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab
DPF: HKLM-x32 {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse...se/ghplayer.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab
DPF: HKLM-x32 {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://aolsvc.aol.co...mesLauncher.cab
DPF: HKLM-x32 {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinn...ly/monopoly.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.co...gamesplayer.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2010-01-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @MapsGalaxy_39.com/Plugin -> C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll [2012-12-09] (MindSpark)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2010-03-24] ()
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll [2009-10-13] (Unity Technologies ApS)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: npDisplayEngine -> C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll No File
FF Extension: LivingPlay TextLinks - C:\Users\Kathy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2011-08-07]
FF HKLM-x32\...\Firefox\Extensions: [39ffxtbr@MapsGalaxy_39.com] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin
FF Extension: MapsGalaxy - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin [2012-12-09]
 
Chrome: 
=======
CHR Profile: C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-25]
CHR Extension: (Google Drive) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-25]
CHR Extension: (YouTube) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-25]
CHR Extension: (Google Search) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-25]
CHR Extension: (Skype Click to Call) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-25]
CHR Extension: (Gmail) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-05-14] () <==== ATTENTION (zero size file/folder)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-05-14] () <==== ATTENTION (zero size file/folder)
R2 MapsGalaxy_39Service; C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe [42504 2012-12-09] (COMPANYVERS_NAME)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-05-14] () <==== ATTENTION (zero size file/folder)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
R2 nvsvc; C:\Windows\SysWOW64\nvvsvc.exe [0 2013-05-14] () <==== ATTENTION (zero size file/folder)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-05-14] () <==== ATTENTION (zero size file/folder)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-05-14] () <==== ATTENTION (zero size file/folder)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-05-14] () <==== ATTENTION (zero size file/folder)
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-05-14] () <==== ATTENTION (zero size file/folder)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-19 08:56 - 2015-04-19 08:57 - 00024262 _____ () C:\Users\Kathy\Desktop\FRST.txt
2015-04-19 08:56 - 2015-04-19 08:56 - 00000000 ____D () C:\FRST
2015-04-19 08:52 - 2015-04-19 08:52 - 02098176 _____ (Farbar) C:\Users\Kathy\Desktop\FRST64.exe
2015-04-18 22:09 - 2015-04-18 22:09 - 00000000 __SHD () C:\Users\Kathy XP programs\AppData\Local\EmieBrowserModeList
2015-04-18 20:15 - 2015-04-18 20:36 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-04-18 20:15 - 2015-04-18 20:36 - 00000000 ____D () C:\Windows\system32\vbox
2015-04-18 20:09 - 2015-04-18 20:09 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\AVAST Software
2015-04-18 18:48 - 2015-04-18 18:48 - 00000071 _____ () C:\Windows\MPCWIN01.INI
2015-04-15 18:00 - 2015-04-15 18:00 - 00000000 ____D () C:\Users\Kathy\AppData\Local\BeFrugal
2015-04-15 12:25 - 2015-04-15 12:25 - 00000482 _____ () C:\Windows\Tasks\BeFrugal.com Toolbar.job
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-19 08:57 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-19 08:57 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-19 08:50 - 2013-05-25 14:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-19 08:05 - 2012-04-01 10:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-19 06:10 - 2012-04-09 15:49 - 00000000 ____D () C:\Users\Kathy\AppData\Local\CrashDumps
2015-04-19 06:08 - 2011-04-09 07:08 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5F5DBD95-9D28-4F78-B04C-374B614A41CF}
2015-04-19 06:07 - 2010-10-09 19:57 - 01336910 _____ () C:\Windows\WindowsUpdate.log
2015-04-19 06:07 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-18 22:19 - 2010-12-25 21:12 - 00000000 ____D () C:\Users\Kathy\Documents\Outlook Files
2015-04-18 22:18 - 2013-05-25 14:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-18 22:18 - 2013-05-25 14:28 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-18 22:18 - 2010-10-09 19:59 - 00939714 _____ () C:\Windows\PFRO.log
2015-04-18 22:18 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-18 22:18 - 2009-07-14 00:51 - 00054540 _____ () C:\Windows\setupact.log
2015-04-18 19:50 - 2011-02-28 16:07 - 00179960 _____ () C:\Users\Kathy XP programs\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-18 19:44 - 2011-02-20 18:28 - 00000000 ____D () C:\MyFiles
2015-04-18 19:02 - 2014-02-23 09:32 - 00000000 ____D () C:\Users\Kathy\Documents\Family Tree Maker
2015-04-17 11:21 - 2014-12-25 08:20 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\HpUpdate
2015-04-16 18:53 - 2012-04-01 10:54 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-16 18:53 - 2012-04-01 10:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-16 18:53 - 2011-06-13 12:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-11 08:30 - 2005-02-11 21:24 - 00000000 ____D () C:\Users\Kathy\Documents\Geneaology
2015-03-27 07:16 - 2006-10-07 06:19 - 00000000 ____D () C:\Users\Kathy\Documents\Route Sheets
 
==================== Files in the root of some directories =======
 
2011-09-08 08:07 - 2011-09-04 11:25 - 0161728 _____ () C:\Program Files (x86)\gcres.dll
2012-04-22 03:37 - 2015-03-16 13:50 - 0096011 _____ () C:\Users\Kathy\AppData\Local\ars.cache
2012-04-22 03:37 - 2015-03-16 13:50 - 1671121 _____ () C:\Users\Kathy\AppData\Local\census.cache
2012-04-22 03:28 - 2012-04-22 03:28 - 0000036 _____ () C:\Users\Kathy\AppData\Local\housecall.guid.cache
2013-02-21 20:29 - 2013-02-21 20:29 - 0004096 ____H () C:\Users\Kathy\AppData\Local\keyfile3.drm
2014-10-14 07:52 - 2014-10-14 07:52 - 0000017 _____ () C:\Users\Kathy\AppData\Local\resmon.resmoncfg
2014-04-25 15:39 - 2015-03-16 13:47 - 0000010 _____ () C:\Users\Kathy\AppData\Local\sponge.last.runtime.cache
2013-05-25 14:24 - 2013-05-25 14:25 - 0025726 _____ () C:\ProgramData\1369506296.1200.bin
2013-05-25 14:24 - 2013-05-25 14:49 - 0000189 _____ () C:\ProgramData\1369506296.3040.bin
2013-05-25 14:24 - 2013-05-25 14:49 - 0002052 _____ () C:\ProgramData\1369506296.3320.bin
2014-06-20 08:36 - 2014-06-20 08:36 - 0488498 _____ () C:\ProgramData\1403267360.bdinstall.bin
2014-06-22 09:12 - 2014-06-22 09:12 - 0249928 _____ () C:\ProgramData\1403442600.bdinstall.bin
2014-12-25 08:18 - 2014-12-25 08:18 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-01-01 16:21 - 2011-01-01 16:21 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-01-27 12:37 - 2015-01-27 12:37 - 0000411 _____ () C:\ProgramData\MagicTranslator.ini
 
Files to move or delete:
====================
C:\Users\HomeGroupUser$\hpothb07.dat
C:\Users\Kathy\jobq.dat
C:\Users\Kathy XP programs\hpothb07.dat
C:\Users\Public\hpothb07.dat
 
 
Some content of TEMP:
====================
C:\Users\Kathy\AppData\Local\Temp\AcsInstall.dll
C:\Users\Kathy\AppData\Local\Temp\bitdefender_isecurity_[quickscan].exe
C:\Users\Kathy\AppData\Local\Temp\bstrapInstall.exe
C:\Users\Kathy\AppData\Local\Temp\dotNetFx35.exe
C:\Users\Kathy\AppData\Local\Temp\i4jdel0.exe
C:\Users\Kathy\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Kathy\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Kathy\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Kathy\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Kathy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Kathy\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Kathy\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Kathy\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Kathy\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Kathy\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Kathy\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Kathy\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Kathy\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Kathy\AppData\Local\Temp\LaunchPrivacyStatement.exe
C:\Users\Kathy\AppData\Local\Temp\Msi_launcher.exe
C:\Users\Kathy\AppData\Local\Temp\setup.exe
C:\Users\Kathy\AppData\Local\Temp\SHFOLDER.DLL
C:\Users\Kathy\AppData\Local\Temp\spinandwin-110300453-setup.s110300453.c110268333.len.u8dc8e8682869ddcd6effd30dc44c26385f73b9f0.dl.exe
C:\Users\Kathy\AppData\Local\Temp\SymCCIS.dll
C:\Users\Kathy\AppData\Local\Temp\WindowsInstaller-KB893803-x86.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\nvvsvc.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\winlogon.exe
C:\Windows\SysWOW64\WUDFHost.exe
C:\Windows\System32\jgdw400.dll
C:\Windows\System32\jgpl400.dll
C:\Windows\System32\MSVCRT20.dll
C:\Windows\System32\nvd3dum.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-14 04:23
 
==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2015
Ran by Kathy at 2015-04-19 08:58:06
Running from C:\Users\Kathy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Art Explosion Calendar Maker (HKLM-x32\...\{7E5F00AA-70BA-4BB5-94A7-012DD08B8B42}) (Version: 1.0.0.12 - Nova Development)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.12.5.0 - Ask.com) <==== ATTENTION
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cash Back Assistant (HKU\S-1-5-21-952588860-2934446381-1091925672-1001\...\{644CF48B-61FE-43E4-8B2E-7EAE916B49C4}_is1) (Version: 2013.3.18.4 - BeFrugal.com)
Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.345 - Corel Corporation)
Corel PaintShop Pro X4 (x32 Version: 14.3.0.3 - Corel Corporation) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0825.2010 - Acer Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Family Tree Maker 2011 (HKLM-x32\...\Family Tree Maker 2011) (Version: 20.0.368 - Ancestry.com)
Family Tree Maker 2011 (x32 Version: 20.0.368 - Ancestry.com) Hidden
FamilySearch Indexing 3.12.1 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.12.1 - FamilySearch)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hallmark Card Studio Select (HKLM-x32\...\{B9FF36AF-29F6-47EC-BE07-D3FB2CA02531}) (Version: 15.0.3.4 - Creative Home)
Hallmark Scrapbook Studio Deluxe (HKLM-x32\...\{C92CA83A-E0EF-4449-BA4C-C959779447FC}) (Version: 3.0.0.18 - Creative Home)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{DAE3B13B-5097-4EAE-BC26-C463377BD80E}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICA (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
IPM_PSP_COM (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
MapsGalaxy Toolbar (HKLM-x32\...\MapsGalaxy_39bar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Personal Historian 2.0.2.3 (HKLM-x32\...\{D4A075F8-B4F3-442D-9AC3-AB25FC28D41F}_is1) (Version:  - RootsMagic, Inc.)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{710F7B0F-A679-4314-8E69-E868B660FAEA}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
PSPPContent (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
PSPPro64 (Version: 14.0.0.345 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 2.5.5b4_50 - Unity Technologies ApS)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
26-03-2015 04:55:40 Windows Update
29-03-2015 06:36:08 Windows Update
02-04-2015 05:53:46 Windows Update
05-04-2015 17:15:22 Windows Update
09-04-2015 09:30:11 Windows Update
13-04-2015 05:45:57 Windows Update
17-04-2015 06:55:49 Windows Update
18-04-2015 20:04:23 avast! antivirus system restore point
18-04-2015 22:06:01 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1957DBBC-722C-419B-9DB9-116942EFDFF2} - System32\Tasks\{66FDA1F5-E571-4F40-9EF3-57865EC299A5} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {1B121E14-0B38-4099-B639-4D19FC01DB2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-25] (Google Inc.)
Task: {1C699999-A97B-4813-8CE0-EBA3D66E99C6} - System32\Tasks\{FB615C2E-24EB-4321-84A3-92CC0D6B4CF6} => Iexplore.exe http://ui.skype.com/...led;madedefault
Task: {2ADF829C-A338-45C5-8ACC-E041810FE2F5} - System32\Tasks\{B2889ADD-6646-4CB1-9343-C7C471F7C170} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {3DC0AA2D-4FCA-425A-99A0-30E8000E650F} - System32\Tasks\{4AACF5EC-3643-44D7-A657-918B3E7C7BFD} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3B3D2CFD-3C21-4AA0-94DE-45577B5BAB16}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
Task: {732FA314-41E9-43BB-ACC3-A7CE4D42BE14} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {78293EF2-0B66-4781-B9C2-1419907F20F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-25] (Google Inc.)
Task: {78BA8B93-EEAB-4B3B-8B46-331B105B229E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8539BF39-DDFC-4DAE-91C9-7F5BC6A8D503} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {9C87CF68-01E0-4FC8-9AA5-83B3CA60C496} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2011-07-26] () <==== ATTENTION
Task: {D0E81A68-4F6A-48DE-A691-62B8685EA0B5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D124F4BA-B426-4A7A-BDA0-E4CA4D414AFE} - System32\Tasks\{222BEC3C-996E-4DEF-81B5-86F7249EC76B} => pcalua.exe -a "C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JQ6H2L5\MFInstall[1].exe" -d C:\Users\Kathy\Desktop
Task: {DC97389D-2CB5-47B8-A53F-263C89CF45D6} - System32\Tasks\{57895250-5D71-4FA4-AB5D-359A95F58A8D} => pcalua.exe -a "C:\Program Files (x86)\RealArcade\Installer\bin\gameinstaller.exe" -d C:\Users\Kathy\Desktop -c "C:\Program Files (x86)\RealArcade\Installer\bin\..\installerMain.clf" "C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJ3UPMSY\gameInitializer[1].rgi"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BeFrugal.com Toolbar.job => C:\Users\Kathy\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.18.4\BFHP.exeFC:\Users\Kathy\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.18.4BeFrugal.com
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-04-13 03:03 - 2013-01-31 05:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-01-31 11:47 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-08-10 19:01 - 2009-08-10 19:01 - 00626208 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-08-10 19:00 - 2009-08-10 19:00 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-08-10 19:01 - 2009-08-10 19:01 - 00578592 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2009-08-10 19:01 - 2009-08-10 19:01 - 00206880 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-08-04 08:40 - 2010-08-04 08:40 - 00611872 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
2014-08-19 14:34 - 2014-08-19 14:34 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7b\zlib.dll
2014-08-19 14:34 - 2014-08-19 14:34 - 21151232 _____ () C:\Program Files (x86)\AOL Desktop 9.7b\libcef.dll
2014-08-19 14:34 - 2014-08-19 14:34 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.7b\libglesv2.dll
2014-08-19 14:34 - 2014-08-19 14:34 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.7b\libegl.dll
2014-06-20 09:13 - 2014-06-20 09:13 - 00000000 _____ () C:\Windows\system32\jgpl400.dll
2014-06-20 09:13 - 2014-06-20 09:13 - 00000000 _____ () C:\Windows\system32\jgdw400.dll
2014-06-20 09:13 - 2014-06-20 09:13 - 00000000 _____ () C:\Windows\system32\MSVCRT20.dll
2014-08-19 14:34 - 2014-08-19 14:34 - 00094208 _____ () C:\Program Files (x86)\AOL Desktop 9.7b\Components\Tier2Svc.dll
2014-08-19 14:34 - 2014-08-19 14:34 - 00060928 _____ () C:\Program Files (x86)\AOL Desktop 9.7b\Components\DataSvcs.dll
2010-08-04 05:47 - 2010-08-04 05:47 - 00144896 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll
2015-04-16 18:53 - 2015-04-16 18:53 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
2014-05-21 08:51 - 2014-05-21 08:51 - 00000000 _____ () C:\Windows\system32\nvd3dum.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:09DC8014
AlternateDataStreams: C:\ProgramData\TEMP:ABCD2B94
AlternateDataStreams: C:\Users\Kathy\Documents\Document.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-952588860-2934446381-1091925672-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Kathy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: HostManager => C:\Program Files (x86)\Common Files\AOL\1293386045\ee\AOLSoftware.exe
MSCONFIG\startupreg: MapsGalaxy Search Scope Monitor => "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: MapsGalaxy_39 Browser Plugin Loader => C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-952588860-2934446381-1091925672-500 - Administrator - Disabled)
Guest (S-1-5-21-952588860-2934446381-1091925672-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-952588860-2934446381-1091925672-1002 - Administrator - Enabled) => C:\Users\HomeGroupUser$
Kathy (S-1-5-21-952588860-2934446381-1091925672-1001 - Administrator - Enabled) => C:\Users\Kathy
Kathy XP programs (S-1-5-21-952588860-2934446381-1091925672-1003 - Administrator - Enabled) => C:\Users\Kathy XP programs
UpdatusUser (S-1-5-21-952588860-2934446381-1091925672-1004 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: WAN Miniport (ATW) #2
Description: WAN Miniport (ATW)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: America Online, Inc.
Service: wanatw
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/19/2015 06:38:19 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/19/2015 06:10:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xc0000005
Fault offset: 0x0002eb3b
Faulting process id: 0x1294
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (04/19/2015 06:10:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xc0000005
Fault offset: 0x0002eb3b
Faulting process id: 0x7dc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (04/19/2015 06:10:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xc0000005
Fault offset: 0x0002eb3b
Faulting process id: 0xd84
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (04/19/2015 06:10:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xc0000005
Fault offset: 0x0002eb3b
Faulting process id: 0x130c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (04/19/2015 06:10:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xc0000005
Fault offset: 0x0002eb3b
Faulting process id: 0x102c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (04/19/2015 06:10:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xc0000005
Fault offset: 0x0002eb3b
Faulting process id: 0xf54
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (04/18/2015 10:21:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xc0000005
Fault offset: 0x0002eb3b
Faulting process id: 0xee8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (04/18/2015 10:21:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xc0000005
Fault offset: 0x0002eb3b
Faulting process id: 0xdc0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (04/18/2015 10:20:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xc0000005
Fault offset: 0x0002eb3b
Faulting process id: 0x138c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
 
System errors:
=============
Error: (04/18/2015 11:23:33 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.
 
Error: (04/18/2015 08:09:40 AM) (Source: DCOM) (EventID: 10016) (User: Kathy-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Kathy-PCKathyS-1-5-21-952588860-2934446381-1091925672-1001LocalHost (Using LRPC)
 
Error: (04/18/2015 08:09:40 AM) (Source: DCOM) (EventID: 10016) (User: Kathy-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Kathy-PCKathyS-1-5-21-952588860-2934446381-1091925672-1001LocalHost (Using LRPC)
 
Error: (04/18/2015 07:53:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.195.3703.0).
 
Error: (04/18/2015 07:53:15 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.195.3701.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.6.0305.00
 
Source Path: 4.6.0305.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (04/16/2015 01:03:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (04/16/2015 01:03:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (04/15/2015 07:51:18 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (04/15/2015 07:51:18 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (04/09/2015 06:42:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:18:17 PM on ‎4/‎9/‎2015 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (04/19/2015 06:38:19 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
 
Error: (04/19/2015 06:10:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccKERNELBASE.dll6.1.7601.1840953159a86c00000050002eb3b129401d07a8916d34c58C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\KERNELBASE.dll55136c78-e67c-11e4-b42a-00038a000015
 
Error: (04/19/2015 06:10:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccKERNELBASE.dll6.1.7601.1840953159a86c00000050002eb3b7dc01d07a890ec3ce70C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\KERNELBASE.dll514a9cd8-e67c-11e4-b42a-00038a000015
 
Error: (04/19/2015 06:10:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccKERNELBASE.dll6.1.7601.1840953159a86c00000050002eb3bd8401d07a890ec3ce70C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\KERNELBASE.dll4d24d470-e67c-11e4-b42a-00038a000015
 
Error: (04/19/2015 06:10:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccKERNELBASE.dll6.1.7601.1840953159a86c00000050002eb3b130c01d07a890b3e2250C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\KERNELBASE.dll49d40f48-e67c-11e4-b42a-00038a000015
 
Error: (04/19/2015 06:10:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccKERNELBASE.dll6.1.7601.1840953159a86c00000050002eb3b102c01d07a8907481890C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\KERNELBASE.dll45811490-e67c-11e4-b42a-00038a000015
 
Error: (04/19/2015 06:10:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccKERNELBASE.dll6.1.7601.1840953159a86c00000050002eb3bf5401d07a8901fd8320C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\KERNELBASE.dll40eb67a0-e67c-11e4-b42a-00038a000015
 
Error: (04/18/2015 10:21:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccKERNELBASE.dll6.1.7601.1840953159a86c00000050002eb3bee801d07a477ee365b8C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\KERNELBASE.dllc23ec230-e63a-11e4-b42a-00038a000015
 
Error: (04/18/2015 10:21:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccKERNELBASE.dll6.1.7601.1840953159a86c00000050002eb3bdc001d07a477ee365b8C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\KERNELBASE.dllbd61b7b8-e63a-11e4-b42a-00038a000015
 
Error: (04/18/2015 10:20:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccKERNELBASE.dll6.1.7601.1840953159a86c00000050002eb3b138c01d07a476ad40960C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\KERNELBASE.dllb510b460-e63a-11e4-b42a-00038a000015
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X2 220 Processor
Percentage of memory in use: 47%
Total physical RAM: 3839.37 MB
Available physical RAM: 2032.9 MB
Total Pagefile: 7676.92 MB
Available Pagefile: 5551.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (eMachines) (Fixed) (Total:453.66 GB) (Free:332.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F48B7043)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 


  • 0

Advertisements

#2
BrianDrab
Posted 27 April 2015 - 05:24 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

I apologize about the delay. If you still need assistance, please do the following.

 

Step#1 - JRT
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open and start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.

 

Step#2 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

Items for your next post

1. Junkware log

2. Adwcleaner log


  • 0

#3
BrianDrab
Posted 02 May 2015 - 08:09 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP