Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

whoooo, i messed up bad


  • This topic is locked This topic is locked
35 replies to this topic

#1 keekeemama30

keekeemama30

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 07 July 2014 - 04:03 PM

i have so many problems i dont kow where to start, i started couponing and ended up w/more problems than i could have imagined for one thing i cant remove the rocket browser i dont even know how i got it...and thats just the beginning i need help



BC AdBot (Login to Remove)

 


#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 08 July 2014 - 09:43 PM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:


FRST Log

Addition.txt Log

aswMBR Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 keekeemama30

keekeemama30
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 09 July 2014 - 12:48 AM

awesome, i am so glad to have someone help me so soon, i really appreciate the time you take :) anyhoo i wil get to work on the morning on the steps u would like me to take  



#4 keekeemama30

keekeemama30
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 09 July 2014 - 12:55 AM

or i can do it at 1 in the morning, lol  Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01

Ran by PCs for People (administrator) on PCS-1G6RT6AOVC2 on 09-07-2014 00:50:56
Running from C:\Users\PCs for People\Downloads
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(ShopAtHome.com) C:\Users\PCs for People\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2010-06-15] (Analog Devices, Inc.)
HKLM\...\Run: [BrowserAppCoreService] => C:\Users\PCs for People\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe [49152 2013-08-26] (ShopAtHome.com)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-3053747354-2151507529-4294192617-1000\...\Run: [GoogleChromeAutoLaunch_A900EC581A591BDF1F77A2B88F4996F3] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
Startup: C:\Users\PCs for People\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1010 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1010 series.lnk -> C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = 
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\PCs for People\AppData\Roaming\Mozilla\Firefox\Profiles\rlh360di.default
FF DefaultSearchEngine: Yahoo
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.user_pref("browser.search.order.2", "");: user_pref("browser.search.order.2", "");
FF NetworkProxy: "autoconfig_url", "file:///C:\\Users\\PCs for People\\AppData\\Roaming\\ShopAtHome.com BrowserAppCore Service\\BAC_PAC.js"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\PCs for People\AppData\Roaming\Mozilla\Firefox\Profiles\rlh360di.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\PCs for People\AppData\Roaming\Mozilla\Firefox\Profiles\rlh360di.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\PCs for People\AppData\Roaming\Mozilla\Firefox\Profiles\rlh360di.default\searchplugins\Speedial.xml
FF SearchPlugin: C:\Users\PCs for People\AppData\Roaming\Mozilla\Firefox\Profiles\rlh360di.default\searchplugins\WSE Rocket.xml
FF SearchPlugin: C:\Users\PCs for People\AppData\Roaming\Mozilla\Firefox\Profiles\rlh360di.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\PCsforPeople.xml
FF Extension: Yahoo! Toolbar - C:\Users\PCs for People\AppData\Roaming\Mozilla\Firefox\Profiles\rlh360di.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-07-06]
FF Extension: Rocket New Tab - C:\Users\PCs for People\AppData\Roaming\Mozilla\Firefox\Profiles\rlh360di.default\Extensions\{ecaa9181-d92a-47b9-8e14-bef9680f204b} [2014-07-07]
FF HKLM\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
 
Chrome: 
=======
CHR HomePage: hxxp://rocket-find.com/?f=1&a=rckt_dnldstr_14_28_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtDyCtD0EzzzztA0EyB0ByBtN0D0Tzu0SzytCzytN1L2XzutBtFtBtCtFtCyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0EyByEyCzzyDtGzytDtCzytGzy0AzyyEtG0BtB0CyDtGyBzzyCtAyDtDtA0A0D0AyDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0AtB0BtCyD0FzytG0C0B0E0FtGtD0EtB0FtGtByByBtBtGtD0F0FtAtD0AyC0F0EtCtAzz2Q&cr=582024880&ir=
CHR StartupUrls: "hxxp://rocket-find.com/?f=7&a=rckt_dnldstr_14_28_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtDyCtD0EzzzztA0EyB0ByBtN0D0Tzu0SzytCzytN1L2XzutBtFtBtCtFtCyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0EyByEyCzzyDtGzytDtCzytGzy0AzyyEtG0BtB0CyDtGyBzzyCtAyDtDtA0A0D0AyDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0AtB0BtCyD0FzytG0C0B0E0FtGtD0EtB0FtGtByByBtBtGtD0F0FtAtD0AyC0F0EtCtAzz2Q&cr=582024880&ir=", "https://search.yahoo.com/yhs/web?hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,203,0_0,StartPage,20140727,20033,0,89,0", "hxxp://www.yahoo.com/"
CHR NewTab: "chrome-extension://ibnjmihbbanannlbobkbmnmckjnmdnom/newtab.html"
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\PCs for People\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-06]
CHR Extension: (Google Drive) - C:\Users\PCs for People\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-06]
CHR Extension: (Amazon Shopping Helper) - C:\Users\PCs for People\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbecdmcnlcoebdcidcfdkoimbjkcegbc [2014-07-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\PCs for People\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\PCs for People\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-06]
CHR Extension: (Walmart) - C:\Users\PCs for People\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmelcnhnemihidpaehodijpamdaeeglh [2014-07-04]
CHR Extension: (Google Search) - C:\Users\PCs for People\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-06]
CHR Extension: (Gun Blood) - C:\Users\PCs for People\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbkahmbgcfjocgliikbkfiieemcjkoj [2014-03-06]
CHR Extension: (Pin It Button) - C:\Users\PCs for People\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-04-30]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\PCs for People\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-05-08]
CHR Extension: (Rocket New Tab) - C:\Users\PCs for People\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom [2014-07-07]
CHR Extension: (Kindle Cloud Reader) - C:\Users\PCs for People\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-03-06]
CHR Extension: (BeFrugal.com Add-On) - C:\Users\PCs for People\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdcneeneoifbeenbbnjodcflhdbaggp [2014-06-06]
CHR Extension: (Google Wallet) - C:\Users\PCs for People\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06]
CHR Extension: (Gmail) - C:\Users\PCs for People\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-06]
CHR HKLM\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx [2014-04-23]
CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx [2014-04-23]
CHR HKLM\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files\Common Files\Spigot\GC\nta_1.0_0.crx [2014-04-23]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
 
========================== Services (Whitelisted) =================
 
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [152560 2014-02-13] (Coupons.com Inc.)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S2 Update NetCrawl; "C:\Program Files\NetCrawl\updateNetCrawl.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [368392 2013-02-20] (Intel Corporation)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHDA.sys [2398544 2012-11-02] (Realtek Semiconductor Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 MEI; C:\Windows\system32\drivers\HECI.sys [45056 2007-05-11] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys [52920 2014-07-07] (StdLib)
S3 catchme; \??\C:\Users\PCSFOR~1\AppData\Local\Temp\catchme.sys [X]
S1 MpKsl05b2964f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF482F9F-4033-4659-A0AC-99048854394A}\MpKsl05b2964f.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-09 00:50 - 2014-07-09 00:51 - 00016847 _____ () C:\Users\PCs for People\Downloads\FRST.txt
2014-07-09 00:49 - 2014-07-09 00:51 - 00000000 ____D () C:\FRST
2014-07-09 00:49 - 2014-07-09 00:49 - 01074688 _____ (Farbar) C:\Users\PCs for People\Downloads\FRST (1).exe
2014-07-09 00:48 - 2014-07-09 00:49 - 01074688 _____ (Farbar) C:\Users\PCs for People\Downloads\FRST.exe
2014-07-07 22:01 - 2014-07-07 22:01 - 00000000 ____D () C:\Users\PCs for People\Downloads\LK-21211
2014-07-07 21:53 - 2014-07-07 21:55 - 81886924 _____ () C:\Users\PCs for People\Downloads\LK-21211 (2).rar
2014-07-07 21:51 - 2014-07-07 21:52 - 81886924 _____ () C:\Users\PCs for People\Downloads\LK-21211 (1).rar
2014-07-07 21:50 - 2014-07-07 21:51 - 81886924 _____ () C:\Users\PCs for People\Downloads\LK-21211.rar
2014-07-07 21:03 - 2014-07-07 21:03 - 02002080 _____ (PC Drivers HeadQuarters) C:\Users\PCs for People\Downloads\DriverDetective.exe
2014-07-07 21:00 - 2014-07-07 21:00 - 01998248 _____ (Driver Whiz) C:\Users\PCs for People\Downloads\Driverwhiz.exe
2014-07-07 17:04 - 2014-07-08 23:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 17:03 - 2014-07-07 17:03 - 00001074 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-07 17:03 - 2014-07-07 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-07 17:03 - 2014-07-07 17:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-07 17:03 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-07 17:03 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-07 17:03 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-07 17:02 - 2014-07-07 17:02 - 00000079 _____ () C:\Windows\wininit.ini
2014-07-07 17:01 - 2014-07-07 17:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\PCs for People\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-07 16:06 - 2014-07-08 23:29 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-07-07 16:06 - 2014-07-07 17:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-07 16:04 - 2014-07-07 16:05 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\PCs for People\Downloads\spybot-2.4.exe
2014-07-07 15:59 - 2014-07-07 15:59 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-07 15:55 - 2014-07-07 15:55 - 00014778 _____ () C:\ComboFix.txt
2014-07-07 15:43 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-07 15:43 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-07 15:43 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-07 15:43 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-07 15:43 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-07 15:43 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-07 15:43 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-07 15:43 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-07 15:42 - 2014-07-07 15:56 - 00000000 ____D () C:\Qoobox
2014-07-07 15:41 - 2014-07-07 15:54 - 00000000 ____D () C:\Windows\erdnt
2014-07-07 15:40 - 2014-07-07 15:41 - 05215766 ____R (Swearware) C:\Users\PCs for People\Downloads\ComboFix.exe
2014-07-07 14:42 - 2014-07-08 23:29 - 00000224 _____ () C:\Windows\setupact.log
2014-07-07 14:42 - 2014-07-07 14:42 - 00064024 _____ () C:\Users\PCs for People\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-07 14:42 - 2014-07-07 14:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-07 14:41 - 2014-07-08 23:29 - 00007596 _____ () C:\Windows\PFRO.log
2014-07-07 14:41 - 2014-07-07 14:42 - 00295672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-07 14:39 - 2014-07-07 14:39 - 00001160 _____ () C:\Users\PCs for People\Desktop\Continue CCleaner Installation.lnk
2014-07-07 14:38 - 2014-07-07 14:38 - 04378864 _____ (Piriform Ltd) C:\Users\PCs for People\Downloads\cc_setup.exe
2014-07-07 14:38 - 2014-07-07 14:38 - 00838296 _____ ( ) C:\Users\PCs for People\Downloads\CCleaner_Setup.exe
2014-07-07 14:24 - 2014-07-07 11:36 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys
2014-07-07 13:23 - 2014-07-07 13:23 - 00000000 ____D () C:\Users\PCs for People\AppData\Local\IsolatedStorage
2014-07-07 13:20 - 2014-07-07 13:20 - 00000000 ____D () C:\Users\PCs for People\AppData\Roaming\UpdaterEX
2014-07-07 13:14 - 2014-07-07 15:06 - 00000000 ____D () C:\Users\PCs for People\AppData\Local\Rocket
2014-07-07 13:14 - 2014-07-07 13:14 - 00838296 _____ ( ) C:\Users\PCs for People\Downloads\Google_Talk_Setup (2).exe
2014-07-07 13:13 - 2014-07-07 13:13 - 00000000 ____D () C:\Users\PCs for People\AppData\Roaming\RocketUpdater
2014-07-07 13:13 - 2014-07-07 13:12 - 01606064 _____ () C:\Users\PCs for People\Downloads\google-talk_setup.exe
2014-07-07 13:12 - 2014-07-07 13:12 - 00838296 _____ ( ) C:\Users\PCs for People\Downloads\Google_Talk_Setup.exe
2014-07-07 13:12 - 2014-07-07 13:12 - 00838296 _____ ( ) C:\Users\PCs for People\Downloads\Google_Talk_Setup (1).exe
2014-07-05 11:42 - 2014-07-05 11:42 - 00000000 ____D () C:\Users\PCs for People\AppData\Roaming\Yahoo!
2014-07-05 11:42 - 2014-07-05 11:42 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-07-05 11:42 - 2014-07-05 11:42 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-07-05 11:41 - 2014-07-05 11:42 - 00000000 ____D () C:\Program Files\Yahoo!
2014-07-05 11:40 - 2014-07-05 11:40 - 02036088 _____ (SafeInstall, LLC) C:\Users\PCs for People\Downloads\7zip_bimo.exe
2014-07-05 11:23 - 2014-07-05 11:24 - 02849024 _____ (LionSea Software co., ltd ) C:\Users\PCs for People\Downloads\setup.exe
2014-07-03 23:55 - 2014-07-03 23:55 - 00001976 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-07-03 22:47 - 2014-07-03 22:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-07-03 22:46 - 2014-07-03 22:46 - 00002222 _____ () C:\Users\Public\Desktop\HP Deskjet 1010 series.lnk
2014-07-03 22:46 - 2014-07-03 22:46 - 00001169 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 1010 series.lnk
2014-07-03 22:46 - 2014-07-03 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-07-03 22:43 - 2014-07-03 23:55 - 00000000 ____D () C:\Program Files\HP
2014-06-29 14:23 - 2014-06-29 14:23 - 00001768 _____ () C:\Users\PCs for People\Downloads\PortraitinSepia9780062254436.acsm
2014-06-29 12:04 - 2014-06-29 12:04 - 00456776 _____ () C:\Users\PCs for People\Downloads\ShopAtHome_AppCore_7127_C54107765_D1_R85057_B3.exe
2014-06-29 12:04 - 2014-06-29 12:04 - 00456776 _____ () C:\Users\PCs for People\Downloads\ShopAtHome_AppCore_7127_C54107765_D1_R85057_B3 (1).exe
2014-06-28 19:25 - 2014-06-28 19:25 - 00000000 ____D () C:\Program Files\Valassis
2014-06-28 19:18 - 2014-06-28 19:23 - 00275712 _____ () C:\Users\PCs for People\Downloads\P@H_prodcand-xJDM9pKQ (1).exe
2014-06-28 19:15 - 2014-06-28 19:23 - 00304136 _____ () C:\Users\PCs for People\Downloads\P@H_prodcand-MsVlBIEI.exe
2014-06-28 18:53 - 2014-06-28 18:53 - 02119632 _____ (Valassis) C:\Users\PCs for People\Downloads\P@H_prodcand-xJDM9pKQ.exe
2014-06-28 08:00 - 2014-06-28 08:01 - 00895120 _____ (Google Inc.) C:\Users\PCs for People\Downloads\googledrivesync.exe
2014-06-25 17:19 - 2014-06-25 17:19 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-06-22 18:00 - 2014-06-22 18:00 - 02119632 _____ (Valassis) C:\Users\PCs for People\Downloads\P@H_prodcand-5NVz3UIh.exe
2014-06-20 09:33 - 2014-06-20 09:33 - 00000046 _____ () C:\Users\PCs for People\AppData\Roaming\WB.CFG
2014-06-20 08:37 - 2014-06-20 08:37 - 09021720 _____ () C:\Users\PCs for People\Downloads\Attachments_2014620 (1).zip
2014-06-20 08:34 - 2014-06-20 08:35 - 00000000 ____D () C:\Users\PCs for People\AppData\Local\WinZip
2014-06-20 08:34 - 2014-06-20 08:34 - 00002297 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-06-20 08:34 - 2014-06-20 08:34 - 00002291 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-06-20 08:34 - 2014-06-20 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-06-20 08:33 - 2014-06-20 08:34 - 00000000 ____D () C:\ProgramData\WinZip
2014-06-20 08:33 - 2014-06-20 08:34 - 00000000 ____D () C:\Program Files\WinZip
2014-06-20 08:31 - 2014-06-20 08:31 - 00858832 _____ ( ) C:\Users\PCs for People\Downloads\winzip18-lan_en.exe
2014-06-20 08:30 - 2014-06-20 08:31 - 08976112 _____ () C:\Users\PCs for People\Downloads\Attachments_2014620.zip
2014-06-19 23:14 - 2014-06-19 23:14 - 02119632 _____ (Valassis) C:\Users\PCs for People\Downloads\P@H_prodcand-WopiMahL.exe
2014-06-16 18:05 - 2014-06-16 18:05 - 01119998 _____ () C:\Users\PCs for People\Downloads\game.dcr
2014-06-14 15:31 - 2014-06-14 15:31 - 02119632 _____ (Valassis) C:\Users\PCs for People\Downloads\P@H_prodcand-SThVSFGK.exe
2014-06-14 06:58 - 2014-06-14 06:58 - 30720000 _____ () C:\Windows\system32\config\COMPONENTS.iodefrag.bak
2014-06-14 01:11 - 2014-06-14 01:11 - 30720000 _____ () C:\Windows\system32\config\COMPONENTS.iobit
2014-06-13 13:59 - 2014-06-13 13:59 - 02119632 _____ (Valassis) C:\Users\PCs for People\Downloads\P@H_prodcand-ybUAxvMq.exe
2014-06-13 13:37 - 2014-06-13 13:37 - 00000000 ____D () C:\Users\PCs for People\AppData\Local\Valassis
2014-06-13 13:36 - 2014-06-13 13:37 - 02119632 _____ (Valassis) C:\Users\PCs for People\Downloads\P@H_prodcand-zGEkbuWH.exe
2014-06-12 03:21 - 2014-05-30 04:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 03:21 - 2014-05-30 04:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 03:21 - 2014-05-30 04:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 03:21 - 2014-05-30 03:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 03:21 - 2014-05-30 03:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 03:21 - 2014-05-30 03:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 03:21 - 2014-05-30 03:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 03:21 - 2014-05-30 03:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 03:21 - 2014-05-30 03:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 03:21 - 2014-05-30 03:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 03:21 - 2014-05-30 03:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 03:21 - 2014-05-30 03:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 03:21 - 2014-05-30 03:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 03:21 - 2014-05-30 03:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 03:21 - 2014-05-30 03:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 03:21 - 2014-05-30 03:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 03:21 - 2014-05-30 03:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 03:21 - 2014-05-30 03:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 03:21 - 2014-05-30 03:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 03:21 - 2014-05-30 02:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 03:21 - 2014-05-30 02:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 03:21 - 2014-05-30 02:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 03:21 - 2014-05-30 02:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 03:21 - 2014-05-30 02:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 03:21 - 2014-05-30 02:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 03:21 - 2014-05-30 02:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 03:21 - 2014-05-30 02:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 03:21 - 2014-05-30 02:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 03:17 - 2014-06-08 03:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 03:17 - 2014-06-08 03:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 03:17 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 03:17 - 2014-04-04 21:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 03:17 - 2014-04-04 21:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 03:17 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 03:17 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 03:17 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 03:17 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 19:11 - 2014-07-07 22:00 - 00000000 ____D () C:\Users\PCs for People\Downloads\Tiffany Peterson_files
2014-06-11 19:11 - 2014-06-11 19:11 - 00988080 _____ () C:\Users\PCs for People\Downloads\Tiffany Peterson.htm
2014-06-11 05:19 - 2014-05-08 04:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 05:19 - 2014-05-08 04:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
 
==================== One Month Modified Files and Folders =======
 
2014-07-09 00:51 - 2014-07-09 00:50 - 00016847 _____ () C:\Users\PCs for People\Downloads\FRST.txt
2014-07-09 00:51 - 2014-07-09 00:49 - 00000000 ____D () C:\FRST
2014-07-09 00:49 - 2014-07-09 00:49 - 01074688 _____ (Farbar) C:\Users\PCs for People\Downloads\FRST (1).exe
2014-07-09 00:49 - 2014-07-09 00:48 - 01074688 _____ (Farbar) C:\Users\PCs for People\Downloads\FRST.exe
2014-07-09 00:49 - 2013-12-23 10:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-09 00:45 - 2014-03-31 06:19 - 02059977 _____ () C:\Windows\WindowsUpdate.log
2014-07-09 00:13 - 2014-03-06 13:30 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-08 23:37 - 2009-07-13 23:34 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-08 23:37 - 2009-07-13 23:34 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-08 23:31 - 2014-07-07 17:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-08 23:29 - 2014-07-07 16:06 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-07-08 23:29 - 2014-07-07 14:42 - 00000224 _____ () C:\Windows\setupact.log
2014-07-08 23:29 - 2014-07-07 14:41 - 00007596 _____ () C:\Windows\PFRO.log
2014-07-08 23:29 - 2014-03-06 13:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-08 23:29 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-08 19:35 - 2010-11-20 16:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-08 15:41 - 2014-06-06 14:53 - 00000000 ____D () C:\Users\PCs for People\AppData\Roaming\ShopAtHome.com BrowserAppCore Service
2014-07-07 22:01 - 2014-07-07 22:01 - 00000000 ____D () C:\Users\PCs for People\Downloads\LK-21211
2014-07-07 22:00 - 2014-06-11 19:11 - 00000000 ____D () C:\Users\PCs for People\Downloads\Tiffany Peterson_files
2014-07-07 21:55 - 2014-07-07 21:53 - 81886924 _____ () C:\Users\PCs for People\Downloads\LK-21211 (2).rar
2014-07-07 21:52 - 2014-07-07 21:51 - 81886924 _____ () C:\Users\PCs for People\Downloads\LK-21211 (1).rar
2014-07-07 21:51 - 2014-07-07 21:50 - 81886924 _____ () C:\Users\PCs for People\Downloads\LK-21211.rar
2014-07-07 21:03 - 2014-07-07 21:03 - 02002080 _____ (PC Drivers HeadQuarters) C:\Users\PCs for People\Downloads\DriverDetective.exe
2014-07-07 21:00 - 2014-07-07 21:00 - 01998248 _____ (Driver Whiz) C:\Users\PCs for People\Downloads\Driverwhiz.exe
2014-07-07 17:03 - 2014-07-07 17:03 - 00001074 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-07 17:03 - 2014-07-07 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-07 17:03 - 2014-07-07 17:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-07 17:03 - 2013-12-23 10:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-07 17:02 - 2014-07-07 17:02 - 00000079 _____ () C:\Windows\wininit.ini
2014-07-07 17:02 - 2014-07-07 16:06 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-07 17:01 - 2014-07-07 17:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\PCs for People\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-07 16:05 - 2014-07-07 16:04 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\PCs for People\Downloads\spybot-2.4.exe
2014-07-07 15:59 - 2014-07-07 15:59 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-07 15:59 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-07 15:56 - 2014-07-07 15:42 - 00000000 ____D () C:\Qoobox
2014-07-07 15:55 - 2014-07-07 15:55 - 00014778 _____ () C:\ComboFix.txt
2014-07-07 15:55 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Default
2014-07-07 15:55 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-07-07 15:54 - 2014-07-07 15:41 - 00000000 ____D () C:\Windows\erdnt
2014-07-07 15:52 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-07-07 15:41 - 2014-07-07 15:40 - 05215766 ____R (Swearware) C:\Users\PCs for People\Downloads\ComboFix.exe
2014-07-07 15:06 - 2014-07-07 13:14 - 00000000 ____D () C:\Users\PCs for People\AppData\Local\Rocket
2014-07-07 14:42 - 2014-07-07 14:42 - 00064024 _____ () C:\Users\PCs for People\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-07 14:42 - 2014-07-07 14:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-07 14:42 - 2014-07-07 14:41 - 00295672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-07 14:39 - 2014-07-07 14:39 - 00001160 _____ () C:\Users\PCs for People\Desktop\Continue CCleaner Installation.lnk
2014-07-07 14:38 - 2014-07-07 14:38 - 04378864 _____ (Piriform Ltd) C:\Users\PCs for People\Downloads\cc_setup.exe
2014-07-07 14:38 - 2014-07-07 14:38 - 00838296 _____ ( ) C:\Users\PCs for People\Downloads\CCleaner_Setup.exe
2014-07-07 14:37 - 2013-12-23 10:53 - 00000000 ____D () C:\Users\PCs for People\AppData\Local\Google
2014-07-07 14:37 - 2013-12-23 10:52 - 00000000 ____D () C:\Program Files\Google
2014-07-07 14:24 - 2009-07-13 21:04 - 00000505 _____ () C:\Windows\win.ini
2014-07-07 13:23 - 2014-07-07 13:23 - 00000000 ____D () C:\Users\PCs for People\AppData\Local\IsolatedStorage
2014-07-07 13:20 - 2014-07-07 13:20 - 00000000 ____D () C:\Users\PCs for People\AppData\Roaming\UpdaterEX
2014-07-07 13:14 - 2014-07-07 13:14 - 00838296 _____ ( ) C:\Users\PCs for People\Downloads\Google_Talk_Setup (2).exe
2014-07-07 13:13 - 2014-07-07 13:13 - 00000000 ____D () C:\Users\PCs for People\AppData\Roaming\RocketUpdater
2014-07-07 13:12 - 2014-07-07 13:13 - 01606064 _____ () C:\Users\PCs for People\Downloads\google-talk_setup.exe
2014-07-07 13:12 - 2014-07-07 13:12 - 00838296 _____ ( ) C:\Users\PCs for People\Downloads\Google_Talk_Setup.exe
2014-07-07 13:12 - 2014-07-07 13:12 - 00838296 _____ ( ) C:\Users\PCs for People\Downloads\Google_Talk_Setup (1).exe
2014-07-07 11:36 - 2014-07-07 14:24 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys
2014-07-05 11:42 - 2014-07-05 11:42 - 00000000 ____D () C:\Users\PCs for People\AppData\Roaming\Yahoo!
2014-07-05 11:42 - 2014-07-05 11:42 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-07-05 11:42 - 2014-07-05 11:42 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-07-05 11:42 - 2014-07-05 11:41 - 00000000 ____D () C:\Program Files\Yahoo!
2014-07-05 11:40 - 2014-07-05 11:40 - 02036088 _____ (SafeInstall, LLC) C:\Users\PCs for People\Downloads\7zip_bimo.exe
2014-07-05 11:24 - 2014-07-05 11:23 - 02849024 _____ (LionSea Software co., ltd ) C:\Users\PCs for People\Downloads\setup.exe
2014-07-03 23:55 - 2014-07-03 23:55 - 00001976 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-07-03 23:55 - 2014-07-03 22:43 - 00000000 ____D () C:\Program Files\HP
2014-07-03 23:55 - 2014-03-12 13:18 - 00000000 ____D () C:\ProgramData\HP
2014-07-03 23:54 - 2014-03-12 13:18 - 00000000 ____D () C:\Users\PCs for People\AppData\Local\HP
2014-07-03 22:47 - 2014-07-03 22:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-07-03 22:46 - 2014-07-03 22:46 - 00002222 _____ () C:\Users\Public\Desktop\HP Deskjet 1010 series.lnk
2014-07-03 22:46 - 2014-07-03 22:46 - 00001169 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 1010 series.lnk
2014-07-03 22:46 - 2014-07-03 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-06-29 14:23 - 2014-06-29 14:23 - 00001768 _____ () C:\Users\PCs for People\Downloads\PortraitinSepia9780062254436.acsm
2014-06-29 12:04 - 2014-06-29 12:04 - 00456776 _____ () C:\Users\PCs for People\Downloads\ShopAtHome_AppCore_7127_C54107765_D1_R85057_B3.exe
2014-06-29 12:04 - 2014-06-29 12:04 - 00456776 _____ () C:\Users\PCs for People\Downloads\ShopAtHome_AppCore_7127_C54107765_D1_R85057_B3 (1).exe
2014-06-28 19:25 - 2014-06-28 19:25 - 00000000 ____D () C:\Program Files\Valassis
2014-06-28 19:23 - 2014-06-28 19:18 - 00275712 _____ () C:\Users\PCs for People\Downloads\P@H_prodcand-xJDM9pKQ (1).exe
2014-06-28 19:23 - 2014-06-28 19:15 - 00304136 _____ () C:\Users\PCs for People\Downloads\P@H_prodcand-MsVlBIEI.exe
2014-06-28 18:53 - 2014-06-28 18:53 - 02119632 _____ (Valassis) C:\Users\PCs for People\Downloads\P@H_prodcand-xJDM9pKQ.exe
2014-06-28 08:01 - 2014-06-28 08:00 - 00895120 _____ (Google Inc.) C:\Users\PCs for People\Downloads\googledrivesync.exe
2014-06-25 17:21 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\twain_32
2014-06-25 17:19 - 2014-06-25 17:19 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-06-25 17:18 - 2014-04-19 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-06-22 18:00 - 2014-06-22 18:00 - 02119632 _____ (Valassis) C:\Users\PCs for People\Downloads\P@H_prodcand-5NVz3UIh.exe
2014-06-22 11:10 - 2014-03-28 21:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-21 23:02 - 2014-05-19 20:14 - 33464320 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2014-06-21 23:02 - 2014-05-19 20:14 - 00233472 _____ () C:\Windows\system32\config\DEFAULT.iobit
2014-06-21 23:02 - 2014-05-19 20:14 - 00028672 _____ () C:\Windows\system32\config\SAM.iobit
2014-06-21 23:02 - 2014-05-19 20:14 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit
2014-06-21 23:02 - 2013-12-20 14:50 - 00000000 ____D () C:\Users\PCs for People
2014-06-20 09:33 - 2014-06-20 09:33 - 00000046 _____ () C:\Users\PCs for People\AppData\Roaming\WB.CFG
2014-06-20 08:37 - 2014-06-20 08:37 - 09021720 _____ () C:\Users\PCs for People\Downloads\Attachments_2014620 (1).zip
2014-06-20 08:35 - 2014-06-20 08:34 - 00000000 ____D () C:\Users\PCs for People\AppData\Local\WinZip
2014-06-20 08:34 - 2014-06-20 08:34 - 00002297 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-06-20 08:34 - 2014-06-20 08:34 - 00002291 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-06-20 08:34 - 2014-06-20 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-06-20 08:34 - 2014-06-20 08:33 - 00000000 ____D () C:\ProgramData\WinZip
2014-06-20 08:34 - 2014-06-20 08:33 - 00000000 ____D () C:\Program Files\WinZip
2014-06-20 08:31 - 2014-06-20 08:31 - 00858832 _____ ( ) C:\Users\PCs for People\Downloads\winzip18-lan_en.exe
2014-06-20 08:31 - 2014-06-20 08:30 - 08976112 _____ () C:\Users\PCs for People\Downloads\Attachments_2014620.zip
2014-06-19 23:14 - 2014-06-19 23:14 - 02119632 _____ (Valassis) C:\Users\PCs for People\Downloads\P@H_prodcand-WopiMahL.exe
2014-06-16 18:05 - 2014-06-16 18:05 - 01119998 _____ () C:\Users\PCs for People\Downloads\game.dcr
2014-06-14 15:31 - 2014-06-14 15:31 - 02119632 _____ (Valassis) C:\Users\PCs for People\Downloads\P@H_prodcand-SThVSFGK.exe
2014-06-14 06:58 - 2014-06-14 06:58 - 30720000 _____ () C:\Windows\system32\config\COMPONENTS.iodefrag.bak
2014-06-14 06:58 - 2014-05-26 14:46 - 33308672 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-06-14 06:58 - 2014-05-26 14:46 - 00233472 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-06-14 06:58 - 2014-05-26 14:46 - 00028672 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-06-14 06:58 - 2014-05-26 14:46 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-06-14 01:11 - 2014-06-14 01:11 - 30720000 _____ () C:\Windows\system32\config\COMPONENTS.iobit
2014-06-13 13:59 - 2014-06-13 13:59 - 02119632 _____ (Valassis) C:\Users\PCs for People\Downloads\P@H_prodcand-ybUAxvMq.exe
2014-06-13 13:37 - 2014-06-13 13:37 - 00000000 ____D () C:\Users\PCs for People\AppData\Local\Valassis
2014-06-13 13:37 - 2014-06-13 13:36 - 02119632 _____ (Valassis) C:\Users\PCs for People\Downloads\P@H_prodcand-zGEkbuWH.exe
2014-06-13 05:55 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-06-13 03:18 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 03:26 - 2014-03-06 13:31 - 00002139 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 03:15 - 2013-12-20 16:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:04 - 2013-12-20 16:03 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 19:11 - 2014-06-11 19:11 - 00988080 _____ () C:\Users\PCs for People\Downloads\Tiffany Peterson.htm
 
==================== Bamital & volsnap Check =================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014 01
Ran by PCs for People at 2014-07-09 00:52:34
Running from C:\Users\PCs for People\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP Deskjet 1010 series Basic Device Software (HKLM\...\{B3AB3A67-2BCF-4A50-9FBF-4700DCFC5C45}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 1010 series Help (HKLM\...\{BFB6C2B0-9643-4B59-A706-71DEB3017A99}) (Version: 30.0.0 - Hewlett Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
K-Lite Codec Pack 10.2.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
P@H-Protocol (HKLM\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E2}) (Version: 18.5.11111 - WinZip Computing, S.L. )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Restore Points  =========================
 
04-07-2014 17:31:18 Windows Update
05-07-2014 17:56:02 Removed File Association Helper
07-07-2014 18:23:07 Installed FastClean PRO
07-07-2014 19:32:26 Removed FastClean PRO
07-07-2014 19:36:45 Removed Google Drive
08-07-2014 04:03:22 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:04 - 2014-07-07 15:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {086C3290-643C-4317-9C95-AD0103369038} - System32\Tasks\Reset ShopAtHome BAC => C:\Users\PCs for People\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe [2013-08-26] (ShopAtHome.com)
Task: {75ECE21D-0F7B-41FC-A378-D5702E64219E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-22] (Adobe Systems Incorporated)
Task: {805856E5-7941-4649-BC4D-A09F43CEECD7} - System32\Tasks\HP AR Program Upload - 5201402591e54c7fb253f1d1cea585d6fa5341be6c8445a5b81c519441ac30d0 => C:\Program Files\HP\HP Deskjet 1010 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {902EEB60-92CD-4CF8-BC6C-E6AEE2DD7F37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-06] (Google Inc.)
Task: {D24010C6-3F71-476E-94B4-C36F31C18BB1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-06] (Google Inc.)
Task: {E6D66F3E-C48C-4122-9905-7C04CF428DA2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-12 03:26 - 2014-06-05 08:58 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-12 03:26 - 2014-06-05 08:58 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-12 03:26 - 2014-06-05 08:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 03:26 - 2014-06-05 08:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 03:26 - 2014-06-05 08:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-12 03:26 - 2014-06-05 08:58 - 14612296 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: MpKsl05b2964f
Description: MpKsl05b2964f
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl05b2964f
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/08/2014 11:30:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/08/2014 02:56:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/07/2014 03:53:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2014 03:09:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2014 03:06:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233
Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x6a4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
 
Error: (07/07/2014 02:43:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2014 02:40:44 PM) (Source: MsiInstaller) (EventID: 11719) (User: PCS-1G6RT6AOVC2)
Description: Product: Driver Support -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.
 
 
System errors:
=============
Error: (07/08/2014 11:29:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update NetCrawl service failed to start due to the following error: 
%%2
 
Error: (07/08/2014 11:29:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:42:11 PM on ‎7/‎8/‎2014 was unexpected.
 
Error: (07/07/2014 10:49:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (07/07/2014 04:43:55 PM) (Source: Serial) (EventID: 45) (User: )
Description: The serial driver detected a hardware failure on device \Device\Serial0 and will disable this device.
 
Error: (07/07/2014 03:51:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update NetCrawl service failed to start due to the following error: 
%%2
 
Error: (07/07/2014 03:51:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:50:36 PM on ‎7/‎7/‎2014 was unexpected.
 
Error: (07/07/2014 03:47:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (07/07/2014 03:44:55 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (07/07/2014 03:07:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update NetCrawl service failed to start due to the following error: 
%%2
 
Error: (07/07/2014 02:42:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update NetCrawl service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (07/08/2014 11:30:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/08/2014 02:56:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 1010 series\DriverStore\Yeti\V3\amd64\hpinkinsB511.exe
 
Error: (07/07/2014 03:53:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2014 03:09:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2014 03:06:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b6a401cf9a1d2ccb0736C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll3b97d76f-0612-11e4-90e8-001aa060e883
 
Error: (07/07/2014 02:43:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2014 02:40:44 PM) (Source: MsiInstaller) (EventID: 11719) (User: PCS-1G6RT6AOVC2)
Description: Product: Driver Support -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.(NULL)(NULL)(NULL)(NULL)(NULL)
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 68%
Total physical RAM: 2004.61 MB
Available physical RAM: 637.29 MB
Total Pagefile: 4009.22 MB
Available Pagefile: 1838.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.19 MB
 
==================== Drives ================================
 
Drive c: (New Volume) (Fixed) (Total:74.53 GB) (Free:50.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RTL8188_RTL8192) (CDROM) (Total:0.16 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 08FA2014)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 keekeemama30

keekeemama30
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 09 July 2014 - 01:06 AM

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-09 00:57:37
-----------------------------
00:57:37.575    OS Version: Windows 6.1.7601 Service Pack 1
00:57:37.575    Number of processors: 2 586 0xF0D
00:57:37.578    ComputerName: PCS-1G6RT6AOVC2  UserName: PCs for People
00:57:38.929    Initialize success
00:57:39.029    VM: initialized successfully
00:57:39.050    VM: Intel CPU virtualization not supported 
01:03:53.465    AVAST engine defs: 14070801
01:05:38.593    The log file has been saved successfully to "C:\Users\PCs for People\Desktop\aswMBR.txt"


#6 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 09 July 2014 - 06:45 AM

awesome, i am so glad to have someone help me so soon, i really appreciate the time you take :) anyhoo i wil get to work on the morning on the steps u would like me to take


You're quite welcome. :) Quite a bit for me to go through, but we'll get it fixed, no worries. I'm reviewing your logs, but it will be this evening before I can post back instructions.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#7 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 09 July 2014 - 07:39 PM

Hi, let's get started cleaning out the junk. :thumbsup:

I notice you've run ComboFix on your machine. Please post the log from ComboFix located here: C:\ComboFix.txt

Also, please do not run that tool without supervision. It can leave your machine an unbootable brick if used improperly. :)

Please copy FRST.exe from C:\Users\PCs for People\Downloads to your desktop before running these steps or the FRST fix will not work.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstall and Chrome Changes


Please uninstall the following program from your machine as it is a known malware program: Coupon Printer for Windows


Changing Chrome's Homepage

We need to change your homepage in Chrome. Please follow the instructions below.
  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under On Startup and then click Open a specific set of pages and click Set Pages
  • When the window opens, type in any page you wish as your new start page. Also, remove rocket-find.com from the list of pages.
  • Once you have typed in your new home page, close the window.
Remove Chrome Extensions

There is an extension in Chrome that need to be removed, please follow the instructions below to remove it.

Start Chrome and type this into the address bar: chrome:extensions

This will display a page of all the installed extensions. Please remove the extension Rocket New Tab by clicking the trash can icon.


Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
C:\Program Files\Coupons
(ShopAtHome.com) C:\Users\PCs for People\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe
C:\Users\PCs for People\AppData\Roaming\ShopAtHome.com BrowserAppCore Service
HKLM\...\Run: [BrowserAppCoreService] => C:\Users\PCs for People\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe [49152 2013-08-26] (ShopAtHome.com)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rocket-find.com/?f=1&a=rckt_dnldstr_14_28_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtDyCtD0EzzzztA0EyB0ByBtN0D0Tzu0SzytCzytN1L2XzutBtFtBtCtFtCyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0EyByEyCzzyDtGzytDtCzytGzy0AzyyEtG0BtB0CyDtGyBzzyCtAyDtDtA0A0D0AyDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0AtB0BtCyD0FzytG0C0B0E0FtGtD0EtB0FtGtByByBtBtGtD0F0FtAtD0AyC0F0EtCtAzz2Q&cr=582024880&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_wnzp01_14_25_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtDyCtD0EzzzztA0EyB0ByBtN0D0Tzu0SzytDtBtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StBtDtByD0FtDtAyEtG0A0CyBzztG0AyB0E0EtGyDzzyD0EtGtD0A0E0C0CyEyB0AzzyBzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0AtB0BtCyD0FzytG0C0B0E0FtGtD0EtB0FtGtByByBtBtGtD0F0FtAtD0AyC0F0EtCtAzz2QtN1B1L1H1Ezu1O2U1M1B&cr=1912974408&ir=
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKCU - DefaultScope {0FCB15A3-1C3F-480E-9CFD-654300FC8658} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dnldstr_14_28_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtDyCtD0EzzzztA0EyB0ByBtN0D0Tzu0SzytCzytN1L2XzutBtFtBtCtFtCyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0EyByEyCzzyDtGzytDtCzytGzy0AzyyEtG0BtB0CyDtGyBzzyCtAyDtDtA0A0D0AyDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0AtB0BtCyD0FzytG0C0B0E0FtGtD0EtB0FtGtByByBtBtGtD0F0FtAtD0AyC0F0EtCtAzz2Q&cr=582024880&ir=
SearchScopes: HKCU - {0314E492-E993-4259-93F4-6D6237ADF5B0} URL = http://www.pcsforpeople.com/searchresults.htm?cx=partner-pub-6979030203714387%3A5kivi1p8gkd&cof=FORID%3A11&ie=ISO-8859-1&q={searchTerms}&sa=Search&siteurl=www.pcsforpeople.com%2Fsearch.htm&ref=&ss=504j92480j4
SearchScopes: HKCU - {0FCB15A3-1C3F-480E-9CFD-654300FC8658} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dnldstr_14_28_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtDyCtD0EzzzztA0EyB0ByBtN0D0Tzu0SzytCzytN1L2XzutBtFtBtCtFtCyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0EyByEyCzzyDtGzytDtCzytGzy0AzyyEtG0BtB0CyDtGyBzzyCtAyDtDtA0A0D0AyDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0AtB0BtCyD0FzytG0C0B0E0FtGtD0EtB0FtGtByByBtBtGtD0F0FtAtD0AyC0F0EtCtAzz2Q&cr=582024880&ir=
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
FF NetworkProxy: "autoconfig_url", "file:///C:\\Users\\PCs for People\\AppData\\Roaming\\ShopAtHome.com BrowserAppCore Service\\BAC_PAC.js"
FF NetworkProxy: "type", 2
FF SearchPlugin: C:\Users\PCs for People\AppData\Roaming\Mozilla\Firefox\Profiles\rlh360di.default\searchplugins\Speedial.xml
FF SearchPlugin: C:\Users\PCs for People\AppData\Roaming\Mozilla\Firefox\Profiles\rlh360di.default\searchplugins\WSE Rocket.xml
FF Extension: Rocket New Tab - C:\Users\PCs for People\AppData\Roaming\Mozilla\Firefox\Profiles\rlh360di.default\Extensions\{ecaa9181-d92a-47b9-8e14-bef9680f204b} [2014-07-07]
FF HKLM\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
CHR HKLM\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx [2014-04-23]
CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx [2014-04-23]
CHR HKLM\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files\Common Files\Spigot\GC\nta_1.0_0.crx [2014-04-23]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [152560 2014-02-13] (Coupons.com Inc.)
S2 Update NetCrawl; "C:\Program Files\NetCrawl\updateNetCrawl.exe" [X]
2009-07-13 21:04 - 2014-07-07 15:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
C:\Program Files\NetCrawl
Task: {086C3290-643C-4317-9C95-AD0103369038} - System32\Tasks\Reset ShopAtHome BAC => C:\Users\PCs for People\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe [2013-08-26] (ShopAtHome.com)
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log (Fixlog.txt) in the same location as FRST.exe, in this case, on your desktop. Please post it in your next reply.


Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 4: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 5: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

ComboFix.txt Log

Fixlog.txt Log

AdwCleaner Log

Junkware Removal Tool Log

Fresh FRST Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#8 keekeemama30

keekeemama30
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 09 July 2014 - 11:31 PM

ComboFix 14-07-07.01 - PCs for People 07/07/2014  15:45:03.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2005.410 [GMT -5:00]
Running from: c:\users\PCs for People\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Java\jre7\bin\jp2ssv.dll
c:\users\PCs for People\AppData\Roaming\windows
c:\users\PCs for People\AppData\Roaming\windows\Start Menu\Programs\ShopAtHome.com BrowserAppCore Service\ShopAtHome.com Homepage.url
.
Infected copy of c:\windows\system32\Version.dll was found and disinfected 
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll 
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-07 to 2014-07-07  )))))))))))))))))))))))))))))))
.
.
2014-07-07 20:50 . 2014-07-07 20:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-07 20:42 . 2014-07-07 20:42 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF482F9F-4033-4659-A0AC-99048854394A}\MpKsl05b2964f.sys
2014-07-07 19:39 . 2014-07-07 19:40 -------- d-----w- c:\programdata\UAB
2014-07-07 19:39 . 2014-07-07 19:39 -------- d-----w- c:\users\PCs for People\AppData\Local\PC_Drivers_Headquarters
2014-07-07 19:39 . 2014-07-07 19:39 -------- d-----w- c:\programdata\Driver Support
2014-07-07 19:39 . 2014-07-07 19:39 -------- d-----w- c:\program files\Driver Support
2014-07-07 19:24 . 2014-07-07 16:36 52920 ----a-w- c:\windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys
2014-07-07 18:23 . 2014-07-07 18:23 -------- d-----w- c:\users\PCs for People\AppData\Local\IsolatedStorage
2014-07-07 18:20 . 2014-07-07 18:20 -------- d-----w- c:\users\PCs for People\AppData\Roaming\UpdaterEX
2014-07-07 18:14 . 2014-07-07 20:06 -------- d-----w- c:\users\PCs for People\AppData\Local\Rocket
2014-07-07 18:13 . 2014-07-07 18:13 -------- d-----w- c:\users\PCs for People\AppData\Roaming\RocketUpdater
2014-07-06 22:47 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF482F9F-4033-4659-A0AC-99048854394A}\mpengine.dll
2014-07-06 12:29 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-05 16:42 . 2014-07-05 16:42 -------- d-----w- c:\programdata\Yahoo! Companion
2014-07-05 16:42 . 2014-07-05 16:42 -------- d-----w- c:\programdata\Yahoo!
2014-07-05 16:42 . 2014-07-05 16:42 -------- d-----w- c:\users\PCs for People\AppData\Roaming\Yahoo!
2014-07-05 16:41 . 2014-07-05 16:42 -------- d-----w- c:\program files\Yahoo!
2014-07-04 17:32 . 2014-05-01 19:19 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15AE50CE-CD7F-4D15-A3D8-BB6D3F5B0409}\gapaengine.dll
2014-07-04 03:47 . 2014-07-04 03:47 -------- d-----w- c:\program files\Hewlett-Packard
2014-07-04 03:43 . 2014-07-04 04:55 -------- d-----w- c:\program files\HP
2014-06-29 00:25 . 2014-06-29 00:25 -------- d-----w- c:\program files\Valassis
2014-06-27 13:35 . 2014-07-07 19:55 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-06-20 13:34 . 2014-06-20 13:35 -------- d-----w- c:\users\PCs for People\AppData\Local\WinZip
2014-06-20 13:33 . 2014-06-20 13:34 -------- d-----w- c:\programdata\WinZip
2014-06-13 18:37 . 2014-06-13 18:37 -------- d-----w- c:\users\PCs for People\AppData\Local\Valassis
2014-06-12 08:17 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\system32\msxml6.dll
2014-06-12 08:17 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-06-12 08:17 . 2014-03-26 14:25 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-06-12 08:17 . 2014-03-26 14:25 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-06-12 08:17 . 2014-04-05 02:25 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-12 08:17 . 2014-04-05 02:24 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-12 08:17 . 2014-06-08 08:48 391680 ----a-w- c:\windows\system32\aepdu.dll
2014-06-12 08:17 . 2014-06-08 08:43 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-06-12 08:17 . 2014-04-25 02:06 626688 ----a-w- c:\windows\system32\usp10.dll
2014-06-11 10:19 . 2014-05-08 09:06 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-06-11 10:19 . 2014-05-08 09:06 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-06-08 16:49 . 2014-06-08 16:49 -------- d-----w- c:\program files\Common Files\Java
2014-06-08 16:48 . 2014-05-07 20:02 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-01 19:19 . 2014-01-30 16:53 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-20 04:36 . 2014-04-20 04:36 1060864 ----a-w- c:\windows\system32\mfc71.dll
2014-04-20 04:36 . 2014-04-20 04:36 348160 ----a-w- c:\windows\system32\msvcr71.dll
2014-04-20 04:36 . 2014-04-20 04:36 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2014-04-12 02:15 . 2014-05-14 09:53 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15 . 2014-05-14 09:53 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12 . 2014-05-14 09:53 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12 . 2014-05-14 09:53 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12 . 2014-05-14 09:53 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11 . 2014-05-14 09:53 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11 . 2014-05-14 09:53 22528 ----a-w- c:\windows\system32\lsass.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_A900EC581A591BDF1F77A2B88F4996F3"="c:\program files\Google\Chrome\Application\chrome.exe" [2014-06-05 860488]
"Driver Support"="c:\program files\Driver Support\Driver Support\DriverSupport.exe" [2014-07-01 5474656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2010-06-15 1314816]
"BrowserAppCoreService"="c:\users\PCs for People\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe" [2013-08-26 55808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
c:\users\PCs for People\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 1010 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 1010 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN44E1808005S8;CONNECTION=USB;MONITOR=1; [2009-7-13 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-05-04 2152736]
R2 Update NetCrawl;Update NetCrawl;c:\program files\NetCrawl\updateNetCrawl.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-05-30 108032]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2007-05-11 45056]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-12-21 1343400]
S1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw;{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw;c:\windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys [2014-07-07 52920]
S1 MpKsl05b2964f;MpKsl05b2964f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF482F9F-4033-4659-A0AC-99048854394A}\MpKsl05b2964f.sys [2014-07-07 39464]
S2 CouponPrinterService;Coupon Printer Service;c:\program files\Coupons\CouponPrinterService.exe [2014-02-13 152560]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-12 08:02 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-23 00:32]
.
2014-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-03-06 18:30]
.
2014-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-03-06 18:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://rocket-find.com/?f=1&a=rckt_dnldstr_14_28_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtDyCtD0EzzzztA0EyB0ByBtN0D0Tzu0SzytCzytN1L2XzutBtFtBtCtFtCyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0EyByEyCzzyDtGzytDtCzytGzy0AzyyEtG0BtB0CyDtGyBzzyCtAyDtDtA0A0D0AyDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0AtB0BtCyD0FzytG0C0B0E0FtGtD0EtB0FtGtByByBtBtGtD0F0FtAtD0AyC0F0EtCtAzz2Q&cr=582024880&ir=
mStart Page = hxxp://speedial.com/?f=1&a=spd_wnzp01_14_25_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtDyCtD0EzzzztA0EyB0ByBtN0D0Tzu0SzytDtBtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StBtDtByD0FtDtAyEtG0A0CyBzztG0AyB0E0EtGyDzzyD0EtGtD0A0E0C0CyEyB0AzzyBzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0AtB0BtCyD0FzytG0C0B0E0FtGtD0EtB0FtGtByByBtBtGtD0F0FtAtD0AyC0F0EtCtAzz2QtN1B1L1H1Ezu1O2U1M1B&cr=1912974408&ir=
uInternet Settings,ProxyOverride = <-loopback>
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\PCs for People\AppData\Roaming\Mozilla\Firefox\Profiles\rlh360di.default\
FF - prefs.js: network.proxy.type - 2
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.nspdlrckt.aflt - rckt_dnldstr_14_28_ie
FF - user.js: extensions.nspdlrckt.instlRef - 142905_a
FF - user.js: extensions.nspdlrckt.cr - 582024880
FF - user.js: extensions.nspdlrckt.cd - 2XzuyEtN2Y1L1QzutDtDtC0A0AtDyCtD0EzzzztA0EyB0ByBtN0D0Tzu0SzytCzytN1L2XzutBtFtBtCtFtCyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0EyByEyCzzyDtGzytDtCzytGzy0AzyyEtG0BtB0CyDtGyBzzyCtAyDtDtA0A0D0AyDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0AtB0BtCyD0FzytG0C0B0E0FtGtD0EtB0FtGtByByBtBtGtD0F0FtAtD0AyC0F0EtCtAzz2Q
FF - user.js: network.proxy.type - 2
FF - user.js: network.proxy.autoconfig_url - file:///c:\users\PCs for People\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\BAC_PAC.js
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\conhost.exe
c:\program files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\RunDll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\users\PCs for People\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2014-07-07  15:55:57 - machine was rebooted
ComboFix-quarantined-files.txt  2014-07-07 20:55
.
Pre-Run: 54,904,496,128 bytes free
Post-Run: 54,513,291,264 bytes free


#9 keekeemama30

keekeemama30
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 09 July 2014 - 11:40 PM

ok i finished all of step one except removing the coupon thing...couponing is my life, lol, i couldnt print coupons w/o it, see my profile pic? thats what i aspire to w/couponing ;)



#10 keekeemama30

keekeemama30
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 09 July 2014 - 11:49 PM

is there anyway i can move on and leave it?



#11 keekeemama30

keekeemama30
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 10 July 2014 - 12:04 AM

ok i found frst and made a shortcut of it on my desktop, its there... then i copied the code box pasted it in notepad, saved it on my desktop and named it fixlist.txt, it is also on my desktop, but when i open frst and press fix i get the message no fixlist found~they should be in the same directory???



#12 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 10 July 2014 - 06:41 AM

ok i finished all of step one except removing the coupon thing...couponing is my life, lol, i couldnt print coupons w/o it, see my profile pic? thats what i aspire to w/couponing ;)

Hello :)

I can understand that, but your machine is infected because of the coupon program. Programs like that coupon program will only bring more trouble to your machine, as they take you to sites that will introduce new infections into your machine. Please read the link below regarding the program. We can leave the program if you wish, but your machine will remain infected, and will get even more so the longer that program is there.

http://www.shouldiremoveit.com/Coupon-Printer-for-Windows-7673-program.aspx

Please read the link and let me know your decision. Do not run any of the steps unless you've decided to remove the program, as the steps will remove the Coupon Printer for Windows from your machine.
 

ok i found frst and made a shortcut of it on my desktop, its there... then i copied the code box pasted it in notepad, saved it on my desktop and named it fixlist.txt, it is also on my desktop, but when i open frst and press fix i get the message no fixlist found~they should be in the same directory???


The reason it's not working is even though there is a shortcut to the program on your desktop, the actual program is still in the C:\Users\PCs for People\Downloads directory. You will need to move the actual program itself to the desktop where the fixlist.txt is and it will work. :thumbsup:

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#13 keekeemama30

keekeemama30
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 10 July 2014 - 10:50 AM

ok i removed the coupon printer and how do i move the actual program?



#14 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 10 July 2014 - 06:27 PM

Hi :-)

Click on Start then Computer . Then click on C:\ >> Users>>PCs for People>>Downloads.

You can then drag and drop FRST.exe onto your desktop. :-)

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#15 keekeemama30

keekeemama30
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 10 July 2014 - 08:38 PM

ix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:10-07-2014 01
Ran by PCs for People at 2014-07-10 20:37:09 Run:1
Running from C:\Users\PCs for People\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
C:\Program Files\Coupons
(ShopAtHome.com) C:\Users\PCs for People\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe
C:\Users\PCs for People\AppData\Roaming\ShopAtHome.com BrowserAppCore Service
HKLM\...\Run: [BrowserAppCoreService] => C:\Users\PCs for People\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe [49152 2013-08-26] (ShopAtHome.com)
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
FF NetworkProxy: "autoconfig_url", "file:///C:\\Users\\PCs for People\\AppData\\Roaming\\ShopAtHome.com BrowserAppCore Service\\BAC_PAC.js"
FF NetworkProxy: "type", 2
FF SearchPlugin: C:\Users\PCs for People\AppData\Roaming\Mozilla\Firefox\Profiles\rlh360di.default\searchplugins\Speedial.xml
FF SearchPlugin: C:\Users\PCs for People\AppData\Roaming\Mozilla\Firefox\Profiles\rlh360di.default\searchplugins\WSE Rocket.xml
FF Extension: Rocket New Tab - C:\Users\PCs for People\AppData\Roaming\Mozilla\Firefox\Profiles\rlh360di.default\Extensions\{ecaa9181-d92a-47b9-8e14-bef9680f204b} [2014-07-07]
FF HKLM\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
CHR HKLM\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx [2014-04-23]
CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx [2014-04-23]
CHR HKLM\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files\Common Files\Spigot\GC\nta_1.0_0.crx [2014-04-23]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [152560 2014-02-13] (Coupons.com Inc.)
S2 Update NetCrawl; "C:\Program Files\NetCrawl\updateNetCrawl.exe" [X]
2009-07-13 21:04 - 2014-07-07 15:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
C:\Program Files\NetCrawl
Task: {086C3290-643C-4317-9C95-AD0103369038} - System32\Tasks\Reset ShopAtHome BAC => C:\Users\PCs for People\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe [2013-08-26] (ShopAtHome.com)
End
*****************
 
C:\Program Files\Coupons\CouponPrinterService.exe => No running process found
C:\Program Files\Coupons => Moved successfully.
[2872] C:\Users\PCs for People\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe => Process closed successfully.
C:\Users\PCs for People\AppData\Roaming\ShopAtHome.com BrowserAppCore Service => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BrowserAppCoreService => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}'=> Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0314E492-E993-4259-93F4-6D6237ADF5B0}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{0314E492-E993-4259-93F4-6D6237ADF5B0}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0FCB15A3-1C3F-480E-9CFD-654300FC8658}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{0FCB15A3-1C3F-480E-9CFD-654300FC8658}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.
'HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
C:\Users\PCs for People\AppData\Roaming\Mozilla\Firefox\Profiles\rlh360di.default\searchplugins\Speedial.xml => Moved successfully.
C:\Users\PCs for People\AppData\Roaming\Mozilla\Firefox\Profiles\rlh360di.default\searchplugins\WSE Rocket.xml => Moved successfully.
C:\Users\PCs for People\AppData\Roaming\Mozilla\Firefox\Profiles\rlh360di.default\Extensions\{ecaa9181-d92a-47b9-8e14-bef9680f204b} => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D} => value deleted successfully.
'HKLM\SOFTWARE\Google\Chrome\Extensions\cikkkfooompgefbcjlgdjejfdknkheaj' => Key deleted successfully.
C:\Program Files\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx => Moved successfully.
'HKLM\SOFTWARE\Google\Chrome\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf' => Key deleted successfully.
"C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx" => File/Directory not found.
'HKLM\SOFTWARE\Google\Chrome\Extensions\gpiifgmgnfdiblgpaepbmfdkcheicgof' => Key deleted successfully.
C:\Program Files\Common Files\Spigot\GC\nta_1.0_0.crx => Moved successfully.
'HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj' => Key deleted successfully.
C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx => Moved successfully.
'HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk' => Key deleted successfully.
C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx => Moved successfully.
'HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp' => Key deleted successfully.
C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx => Moved successfully.
CouponPrinterService => Service not found.
Update NetCrawl => Service deleted successfully.
C:\Windows\system32\Drivers\etc\hosts => Moved successfully.
"C:\Program Files\NetCrawl" => File/Directory not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{086C3290-643C-4317-9C95-AD0103369038}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{086C3290-643C-4317-9C95-AD0103369038}' => Key deleted successfully.
C:\Windows\System32\Tasks\Reset ShopAtHome BAC => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reset ShopAtHome BAC' => Key deleted successfully.
 
==== End of Fixlog ===





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users