Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Positive Finds Adware, redirecting me to other windows,pop-ups


  • This topic is locked This topic is locked
43 replies to this topic

#1 boocat

boocat

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:08:53 PM

Posted 07 February 2015 - 06:24 AM

Ran Malwarebytes which quarantined 23 threats.  Rebooted, but it was still there!  Ran it again but Malwarebytes didn't see anything the second time. 

 

Ran AdwCleaner, it deleted some, but not all.  ( I saved the log.)  The adware was still there.

 

Rkill saw no threats.  (I saved the log.)  No improvement.

 

Next ran Hitman Pro for 64-bit, but it found no threats. (Saved that log, too.) The adware is still there. 

 

Thank you for your time.

 

 

 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-
 
2015
Ran by Catherine (administrator) on CATHERINE-HP on 07-02-2015 
 
02:36:05
Running from J:\Computer
Loaded Profiles: Catherine & Michael (Available profiles: Catherine & 
 
Michael)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: 
 
English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: 
 
 
farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will 
 
not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display
 
\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device 
 
Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuardUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars
 
\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars
 
\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 
 
15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower 
 
PowerPanel Personal Edition\ppped.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common
 
\RaCountryRegion.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common
 
\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common
 
\RaRegistry64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared
 
\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared
 
\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart
 
\Calendar\Service\GCalService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 
 
Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service 
 
v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management 
 
Engine Components\LMS\LMS.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer
 
\hpsysdrv.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuard.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\G-series 
 
Software\LGDCore.exe
(Flux Software LLC) C:\Users\Catherine\AppData\Local\FluxSoftware
 
\Flux\flux.exe
() C:\Users\Catherine\AppData\Local\Amazon Music\Amazon Music 
 
Helper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet 
 
Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet 
 
Services\iCloudDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin
 
\AudibleDownloadHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin
 
\hpqtra08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 
 
eXtensible Host Controller Driver\Application\iusb3mon.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon
 
\Monitor\NkMonitor.exe
(Dropbox, Inc.) C:\Users\Catherine\AppData\Roaming\Dropbox\bin
 
\Dropbox.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower 
 
PowerPanel Personal Edition\pppeuser.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update
 
\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart
 
\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple 
 
Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard
 
\Files32\Spamfilter\LittleHook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin
 
\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin
 
\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin
 
\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-
 
Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to 
 
default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM
 
\sttray64.exe [1425408 2012-03-30] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM
 
\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-
 
Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-
 
Packard)
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd
 
\BullGuard\BullGuard.exe [1360208 2015-01-29] (BullGuard Ltd.)
HKLM\...\Run: [BullGuardUpdate2] => c:\program files\bullguard ltd
 
\bullguard\BullGuardUpdate2.exe [2935120 2015-01-29] (BullGuard Ltd.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming 
 
Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Common Files
 
\Logitech\G-series Software\LGDCore.exe [1783296 2006-07-22] 
 
(Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => "C:\Program Files\Common 
 
Files\Logitech\LCD Manager\lcdmon.exe"
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel
 
® USB 3.0 eXtensible Host Controller Driver\Application
 
\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF 
 
Complete\pdfsty.exe [684024 2012-04-04] (PDF Complete Inc)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital 
 
Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Nikon Transfer Monitor] => C:\Program Files 
 
(x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09
 
-15] (Nikon Corporation)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => 
 
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
 
\pppeuser.exe [350144 2012-03-27] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP
 
\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-
 
Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common 
 
Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-
 
10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes
 
\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files 
 
(x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files 
 
(x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line
 
\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Run: 
 
[f.lux] => C:\Users\Catherine\AppData\Local\FluxSoftware\Flux\flux.exe 
 
[1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Run: 
 
[Amazon Music] => C:\Users\Catherine\AppData\Local\Amazon Music
 
\Amazon Music Helper.exe [6277952 2014-12-07] ()
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Run: 
 
[iCloudServices] => C:\Program Files (x86)\Common Files\Apple
 
\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Run: 
 
[iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet 
 
Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Run: 
 
[Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 
 
2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Run: 
 
[GoogleChromeAutoLaunch_299D1954AA0A9120090187A4A4A95B5
 
A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
 
[843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...
 
\MountPoints2: {2b667949-202d-11e3-bb08-806e6f6e6963} - E:
 
\Windows\Setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
 
\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files 
 
(x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
 
\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files 
 
(x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows
 
\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Catherine\AppData\Roaming
 
\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start 
 
Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft 
 
Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-
 
45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd
 
\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-
 
7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd
 
\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-
 
48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd
 
\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
 
==================== Internet (Whitelisted) 
 
====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed 
 
or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer
 
\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer
 
\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\Software
 
\Microsoft\Internet Explorer\Main,Start Page = 
 
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\Software
 
\Microsoft\Internet Explorer\Main,Default_Page_URL = 
 
HKU\S-1-5-21-1097398926-2456850885-1865351773-1001\Software
 
\Microsoft\Internet Explorer\Main,Start Page = 
 
HKU\S-1-5-21-1097398926-2456850885-1865351773-1001\Software
 
\Microsoft\Internet Explorer\Main,Default_Page_URL = 
 
SearchScopes: HKLM -> {487F2C20-3FAF-4BB8-BA5C-3886ED432366} 
 
 
-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {487F2C20-3FAF-4BB8-BA5C-
 
 
ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-
 
keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL 
 
 
&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} 
 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-
 
A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-
 
A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-
 
A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1097398926-2456850885-1865351773-
 
1000 -> {487F2C20-3FAF-4BB8-BA5C-3886ED432366} URL = 
 
 
20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1097398926-2456850885-1865351773-
 
1001 -> {487F2C20-3FAF-4BB8-BA5C-3886ED432366} URL = 
 
 
20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1097398926-2456850885-1865351773-
 
1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 
 
 
&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1097398926-2456850885-1865351773-
 
1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-
 
2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS
 
\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft 
 
Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-
 
8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft 
 
Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4
 
-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars
 
\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-
 
42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS
 
\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL 
 
(Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-
 
42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 
 
15\root\VFS\ProgramFilesX64\Microsoft Office
 
\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-
 
99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support 
 
Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll 
 
(Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-
 
768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart 
 
Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-
 
D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle 
 
Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-
 
8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files
 
\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft 
 
Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-
 
4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars
 
\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-
 
BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root
 
\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74
 
-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll 
 
(Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-
 
99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support 
 
Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll 
 
(Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-
 
0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart 
 
Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:
 
\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL 
 
(Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:
 
\Program Files (x86)\Skype\Toolbars\Internet Explorer 
 
x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - 
 
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer
 
\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed
 
\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass
 
\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files
 
\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows
 
\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files 
 
(x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files 
 
(x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files 
 
(x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files 
 
(x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files 
 
(x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft 
 
Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program 
 
Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft 
 
Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:
 
\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll 
 
(Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:
 
\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll 
 
(Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:
 
\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll 
 
(Google Inc.)
FF Plugin-x32: 
 
@WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:
 
\Program Files (x86)\WildTangent Games\App\BrowserIntegration
 
\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 
 
11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:
 
\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF
 
\antiphishing@bullguard
FF Extension: BullGuard Safe Browsing - C:\Program Files\BullGuard 
 
Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard [2013
 
-11-25]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:
 
\Program Files (x86)\HP\Digital Imaging\Smart Web Printing
 
\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP
 
\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-11-25]
FF HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...
 
\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files 
 
(x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR DefaultSuggestURL: Profile 1 -> http://ssmsp.ask.com/query?
 
sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Catherine\AppData\Local\Google\Chrome\User 
 
Data\Default
CHR Extension: (Google Docs) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\aohghmighlieiainnegkcijnfilokake [2013-11-25]
CHR Extension: (Google Drive) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\apdfllckaahabafndbhieahigkjlhalf [2013-11-25]
CHR Extension: (WOT) - C:\Users\Catherine\AppData\Local\Google
 
\Chrome\User Data\Default\Extensions
 
\bhmmomiinigofkjcapegjjndpbikblnp [2013-11-26]
CHR Extension: (YouTube) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-25]
CHR Extension: (Google Search) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-25]
CHR Extension: (Appalachian Mountains: Sunset (NC)) - C:\Users
 
\Catherine\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\dmojiekdlgmcbkjoigacablpmmhngbll [2013-11-25]
CHR Extension: (AdBlock) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\gighmmpiobklfepjocnamgkkbiglidom [2013-11-25]
CHR Extension: (Google Wallet) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25]
CHR Extension: (Gmail) - C:\Users\Catherine\AppData\Local\Google
 
\Chrome\User Data\Default\Extensions
 
\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-25]
CHR Profile: C:\Users\Catherine\AppData\Local\Google\Chrome\User 
 
Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\apdfllckaahabafndbhieahigkjlhalf [2013-12-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users
 
\Catherine\AppData\Local\Google\Chrome\User Data\Profile 
 
1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (WOT) - C:\Users\Catherine\AppData\Local\Google
 
\Chrome\User Data\Profile 1\Extensions
 
\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-16]
CHR Extension: (YouTube) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-15]
CHR Extension: (Google Search) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-15]
CHR Extension: (AdBlock) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\gighmmpiobklfepjocnamgkkbiglidom [2013-12-16]
CHR Extension: (Hola Better Internet) - C:\Users\Catherine\AppData
 
\Local\Google\Chrome\User Data\Profile 1\Extensions
 
\gkojfkhlekighikafcpjkiklfbnlmeio [2014-02-26]
CHR Extension: (Pin It Button) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-12-19]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Catherine
 
\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions
 
\hdokiejnpimakedhajhdlcegeplioahd [2013-12-19]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Catherine\AppData
 
\Local\Google\Chrome\User Data\Profile 1\Extensions
 
\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-01-24]
CHR Extension: (Loki) - C:\Users\Catherine\AppData\Local\Google
 
\Chrome\User Data\Profile 1\Extensions
 
\jbagbmcllcekhflbnbibibiipbdmfknp [2013-12-16]
CHR Extension: (Hangouts) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\nckgahadagoaajjgafhacjanaoiihapd [2013-12-20]
CHR Extension: (Google Wallet) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-15]
CHR Extension: (Gmail) - C:\Users\Catherine\AppData\Local\Google
 
\Chrome\User Data\Profile 1\Extensions
 
\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] 
 
- C:\Program Files (x86)\Skype\Toolbars\ChromeExtension
 
\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the 
 
registry. The file will not be moved unless listed separately.)
 
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll 
 
[850256 2015-01-29] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuardBhvScanner.exe [601424 2015-01-29] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll 
 
[156496 2015-01-29] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll 
 
[428368 2015-01-29] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [756048 
 
2015-01-29] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy
 
\BsMailProxy.dll [759632 2015-01-29] (BullGuard Ltd.)
R2 BsMain; c:\program files\bullguard ltd\bullguard\bsmain.dll [551248 
 
2015-01-29] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuardScanner.exe [280912 2015-01-29] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuardUpdate.exe [384848 2015-01-29] (BullGuard Ltd.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars
 
\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] 
 
(Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc
 
\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard
 
\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] 
 
(Hewlett-Packard) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 
 
15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft 
 
Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\Cyberlink
 
\PowerDVD10\NavFilter\kmsvc.exe [245264 2012-09-18] (CyberLink)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent 
 
Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] 
 
(WildTangent)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe 
 
[127752 2015-02-07] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard
 
\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-
 
Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin
 
\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin
 
\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Users\Catherine\AppData\Local\Temp\7zS185F
 
\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not 
 
signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver
 
\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) 
 
[File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 
 
2010-08-06] (Hewlett-Packard) [File not signed]
S3 PACSPTISVR-Sound_Organizer; C:\Program Files (x86)\Sony\Sound 
 
Organizer\Sony.Earth\PACSPTISVR.exe [157024 2010-11-19] (Sony 
 
Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe 
 
[1134584 2012-04-04] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 
 
2010-08-06] (Hewlett-Packard) [File not signed]
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal 
 
Edition\ppped.exe [1013696 2012-03-27] (Cyber Power Systems, Inc.)
R2 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common
 
\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.) 
 
[File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common
 
\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not 
 
signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common
 
\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File 
 
not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common
 
\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [311296 2012
 
-03-30] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll 
 
[1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the 
 
registry. The file will not be moved unless listed separately.)
 
R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [41680 2014-09-08] 
 
(Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [469712 
 
2014-09-08] (Agnitum Ltd.)
R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [117184 
 
2014-06-18] (BullGuard Ltd.)
R3 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [34896 2014-
 
04-03] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [67680 2013-11-06] 
 
(BullGuard Ltd.)
S3 hpvision; C:\Windows\System32\drivers\hp64vision.sys [26912 2013
 
-02-08] (Windows ® Codename Longhorn DDK provider)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-
 
04-30] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys 
 
[64280 2013-05-30] (Logitech Inc.)
R3 MBAMSwissArmy; C:\windows\system32\drivers
 
\MBAMSwissArmy.sys [129752 2015-02-07] (Malwarebytes Corporation)
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS
 
\NSKernel.sys [321624 2015-01-29] (BullGuard Ltd.)
R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS
 
\NSNetmon.sys [27544 2015-01-29] (BullGuard Ltd.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [350160 2013-
 
11-06] (BitDefender S.R.L.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. 
 
Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders 
 
========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-07 02:35 - 2015-02-07 02:36 - 00000000 ____D () C:\FRST
2015-02-07 02:26 - 2015-02-07 02:26 - 00001899 _____ () C:\Users
 
\Public\Desktop\HitmanPro.lnk
2015-02-07 02:26 - 2015-02-07 02:26 - 00000000 ____D () C:
 
\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-02-07 02:26 - 2015-02-07 02:26 - 00000000 ____D () C:\Program 
 
Files\HitmanPro
2015-02-07 02:24 - 2015-02-07 02:34 - 00000000 ____D () C:
 
\ProgramData\HitmanPro
2015-02-07 02:02 - 2015-02-07 02:02 - 00002704 _____ () C:\Users
 
\Catherine\Desktop\Rkill.txt
2015-02-07 00:18 - 2015-02-07 00:18 - 00000512 _____ () C:\windows
 
\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2015-02-06 23:24 - 2015-02-07 00:14 - 00000000 ____D () C:
 
\AdwCleaner
2015-02-06 21:51 - 2015-02-06 23:27 - 00006048 _____ () C:\windows
 
\PFRO.log
2015-02-06 08:10 - 2015-02-07 01:22 - 00000392 _____ () C:\windows
 
\setupact.log
2015-02-06 08:10 - 2015-02-06 08:10 - 00000000 _____ () C:\windows
 
\setuperr.log
2015-02-05 21:27 - 2015-02-05 21:27 - 00000000 ____D () C:
 
\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2015-02-05 21:27 - 2015-02-05 21:27 - 00000000 ____D () C:\Program 
 
Files (x86)\AutoHotkey
2015-02-05 16:44 - 2015-02-05 16:44 - 00000000 ____D () C:\Users
 
\Catherine\Documents\My Cheat Tables
2015-02-03 15:01 - 2015-02-03 14:58 - 09718653 _____ () C:\Users
 
\Catherine\Desktop\04 The Hounds.m4a
2015-01-30 17:03 - 2015-01-30 17:03 - 00003012 _____ () C:\windows
 
\System32\Tasks\{A47A5B87-D112-4E73-9AB9-35C3A09A065E}
2015-01-30 15:53 - 2015-01-30 15:53 - 00003012 _____ () C:\windows
 
\System32\Tasks\{4B74C964-8610-4709-860C-207F88DE2FC6}
2015-01-30 14:37 - 2015-01-30 14:37 - 00000000 ____D () C:\Users
 
\Catherine\Documents\Amnesia
2015-01-29 05:14 - 2015-01-29 05:14 - 00153712 _____ (BullGuard Ltd.) 
 
C:\windows\system32\BgGamingMonitor.dll
2015-01-29 05:14 - 2015-01-29 05:14 - 00140280 _____ (BullGuard Ltd.) 
 
C:\windows\SysWOW64\BgGamingMonitor.dll
2015-01-29 05:14 - 2015-01-29 05:14 - 00076624 _____ (BullGuard Ltd.) 
 
C:\windows\system32\BGLsp.dll
2015-01-29 05:14 - 2015-01-29 05:14 - 00064336 _____ (BullGuard Ltd.) 
 
C:\windows\SysWOW64\BGLsp.dll
2015-01-28 03:02 - 2015-01-28 03:02 - 00002960 _____ () C:\Users
 
\Catherine\Desktop\write Susan.txt
2015-01-27 22:38 - 2015-01-27 22:38 - 00001876 _____ () C:\Users
 
\Catherine\Desktop\STEAM game list, January 27, 2015.txt
2015-01-14 16:20 - 2014-12-11 21:35 - 05553592 _____ (Microsoft 
 
Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 16:20 - 2014-12-11 21:31 - 00503808 _____ (Microsoft 
 
Corporation) C:\windows\system32\srcore.dll
2015-01-14 16:20 - 2014-12-11 21:31 - 00296960 _____ (Microsoft 
 
Corporation) C:\windows\system32\rstrui.exe
2015-01-14 16:20 - 2014-12-11 21:31 - 00050176 _____ (Microsoft 
 
Corporation) C:\windows\system32\srclient.dll
2015-01-14 16:20 - 2014-12-11 21:11 - 03971512 _____ (Microsoft 
 
Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:20 - 2014-12-11 21:11 - 03916728 _____ (Microsoft 
 
Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:20 - 2014-12-11 21:07 - 00043008 _____ (Microsoft 
 
Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-13 18:54 - 2014-12-18 19:06 - 00210432 _____ (Microsoft 
 
Corporation) C:\windows\system32\profsvc.dll
2015-01-13 18:54 - 2014-12-18 17:46 - 00141312 _____ (Microsoft 
 
Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 18:54 - 2014-12-11 09:47 - 00087040 _____ (Microsoft 
 
Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-13 18:54 - 2014-12-05 20:17 - 00303616 _____ (Microsoft 
 
Corporation) C:\windows\system32\nlasvc.dll
2015-01-13 18:54 - 2014-12-05 19:50 - 00156672 _____ (Microsoft 
 
Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-13 18:54 - 2014-12-05 19:50 - 00052224 _____ (Microsoft 
 
Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-13 00:55 - 2015-01-13 00:55 - 00000222 _____ () C:\Users
 
\Catherine\Desktop\South Park The Stick of Truth.url
 
==================== One Month Modified Files and Folders 
 
=======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-07 02:34 - 2013-11-25 08:53 - 00000000 ____D () C:
 
\ProgramData\BullGuard
2015-02-07 02:22 - 2013-11-20 11:42 - 00003958 _____ () C:\windows
 
\System32\Tasks\User_Feed_Synchronization-{B80D64BE-C687-4C20-
 
83FC-0F83FF9CA832}
2015-02-07 02:15 - 2013-09-17 22:03 - 00000830 _____ () C:\windows
 
\Tasks\Adobe Flash Player Updater.job
2015-02-07 02:13 - 2013-11-25 16:20 - 00000898 _____ () C:\windows
 
\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 02:06 - 2014-07-01 22:40 - 00129752 _____ (Malwarebytes 
 
Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 01:33 - 2013-11-27 11:47 - 00000000 ____D () C:\Users
 
\Catherine\AppData\Roaming\Skype
2015-02-07 01:23 - 2014-12-07 10:18 - 01937933 _____ () C:\windows
 
\WindowsUpdate.log
2015-02-07 01:23 - 2014-09-23 14:57 - 00000000 ___RD () C:\Users
 
\Catherine\iCloudDrive
2015-02-07 01:23 - 2013-11-26 14:24 - 00000000 ____D () C:\Users
 
\Catherine\AppData\Roaming\Dropbox
2015-02-07 01:23 - 2013-11-25 16:20 - 00000894 _____ () C:\windows
 
\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 00:24 - 2009-07-13 20:45 - 00024608 ____H () C:\windows
 
\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456
 
-A289-439d-8115-601632D005A0
2015-02-07 00:24 - 2009-07-13 20:45 - 00024608 ____H () C:\windows
 
\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456
 
-A289-439d-8115-601632D005A0
2015-02-07 00:21 - 2009-07-13 21:13 - 00006166 _____ () C:\windows
 
\system32\PerfStringBackup.INI
2015-02-07 00:17 - 2013-09-17 22:06 - 00000000 ____D () C:
 
\ProgramData\PDFC
2015-02-07 00:16 - 2013-11-26 09:53 - 00000000 ____D () C:\Program 
 
Files (x86)\CyberPower PowerPanel Personal Edition
2015-02-07 00:16 - 2013-11-25 09:13 - 00000356 _____ () C:\windows
 
\system32\config\afw_hm.conf
2015-02-07 00:16 - 2013-11-25 09:13 - 00000004 _____ () C:\windows
 
\system32\config\afw_db.conf
2015-02-07 00:16 - 2009-07-13 21:08 - 00000006 ____H () C:\windows
 
\Tasks\SA.DAT
2015-02-07 00:07 - 2014-10-28 10:12 - 00000000 ____D () C:\Program 
 
Files (x86)\FileHippo.com
2015-02-06 23:32 - 2014-01-31 19:09 - 00000000 ____D () C:\Users
 
\Catherine\AppData\Local\CrashDumps
2015-02-06 21:08 - 2013-11-25 16:20 - 00003894 _____ () C:\windows
 
\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 21:08 - 2013-11-25 16:20 - 00003642 _____ () C:\windows
 
\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 15:00 - 2013-11-26 07:46 - 00003950 _____ () C:\windows
 
\System32\Tasks\User_Feed_Synchronization-{D946F186-0461-48DA-
 
8A3F-73CB2843DC38}
2015-02-06 13:36 - 2013-11-24 12:48 - 00003210 _____ () C:\windows
 
\System32\Tasks\HPCeeScheduleForCatherine
2015-02-06 13:36 - 2013-11-24 12:48 - 00000348 _____ () C:\windows
 
\Tasks\HPCeeScheduleForCatherine.job
2015-02-05 21:27 - 2010-11-20 23:16 - 00000000 ____D () C:\windows
 
\ShellNew
2015-02-05 16:36 - 2013-12-12 14:33 - 00000000 ____D () C:
 
\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-02-05 16:36 - 2013-12-12 14:33 - 00000000 ____D () C:\Program 
 
Files\Logitech Gaming Software
2015-02-05 16:35 - 2013-12-20 16:17 - 00018960 _____ (Logitech, Inc.) 
 
C:\windows\system32\Drivers\LNonPnP.sys
2015-02-05 13:12 - 2013-09-17 22:03 - 00003768 _____ () C:\windows
 
\System32\Tasks\Adobe Flash Player Updater
2015-02-04 22:45 - 2013-09-17 22:03 - 00701616 _____ (Adobe Systems 
 
Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 22:45 - 2013-09-17 22:03 - 00071344 _____ (Adobe Systems 
 
Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 20:51 - 2014-02-24 14:12 - 00000000 ____D () C:\Program 
 
Files (x86)\Steam
2015-02-04 14:00 - 2013-12-15 14:33 - 00003198 _____ () C:\windows
 
\System32\Tasks\HPCeeScheduleForMichael
2015-02-04 14:00 - 2013-12-15 14:33 - 00000340 _____ () C:\windows
 
\Tasks\HPCeeScheduleForMichael.job
2015-02-03 09:34 - 2013-12-31 10:09 - 00000000 ____D () C:\Users
 
\Michael\AppData\Local\CrashDumps
2015-02-01 13:17 - 2013-12-08 13:48 - 00000000 _____ () C:\windows
 
\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-01 13:17 - 2013-11-24 12:47 - 00000052 _____ () C:\windows
 
\SysWOW64\DOErrors.log
2015-01-29 05:14 - 2014-10-29 07:57 - 00321624 _____ (BullGuard Ltd.) 
 
C:\windows\system32\Drivers\NSKernel.sys
2015-01-29 05:14 - 2014-10-29 07:57 - 00027544 _____ (BullGuard Ltd.) 
 
C:\windows\system32\Drivers\NSNetmon.sys
2015-01-15 17:57 - 2014-10-24 20:27 - 00000000 ____D () C:\Users
 
\Catherine\Documents\My Games
2015-01-15 03:08 - 2013-11-24 15:30 - 00000000 ____D () C:\windows
 
\system32\MRT
2015-01-15 03:00 - 2013-11-24 15:30 - 113365784 _____ (Microsoft 
 
Corporation) C:\windows\system32\MRT.exe
2015-01-13 00:55 - 2013-12-05 16:08 - 00000000 ____D () C:\Users
 
\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu
 
\Programs\Steam
2015-01-08 10:56 - 2015-01-07 12:59 - 00000000 ____D () C:\Users
 
\Catherine\Desktop\DESKTOP CRAP
 
==================== Files in the root of some directories =======
 
2013-11-24 16:03 - 2013-11-25 14:15 - 0001594 _____ () C:
 
\ProgramData\hpzinstall.log
2013-11-26 08:34 - 2013-11-26 08:34 - 0000268 ___RH () C:
 
\ProgramData\Hybrid Synthesizers
2014-04-03 08:21 - 2014-04-06 12:04 - 0000298 _____ () C:
 
\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-11-26 08:34 - 2014-08-10 22:33 - 0000020 ____H () C:
 
\ProgramData\PKP_DLdu.DAT
 
Files to move or delete:
====================
C:\Users\Catherine\Setup.X86.en-
 
US_O365HomePremRetail_812fb051-91c7-4a1f-88e2-
 
bc9825ff76c5_TX_PR_.exe
 
 
Some content of TEMP:
====================
C:\Users\Catherine\AppData\Local\Temp\dropbox_sqlite_ext.
 
{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpghvmyy.dll
C:\Users\Catherine\AppData\Local\Temp\Extract.exe
C:\Users\Catherine\AppData\Local\Temp\Quarantine.exe
C:\Users\Catherine\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check 
 
=================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 13:41
 
==================== End Of Log 
 
============================

 

 

Attached Files


"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 07 February 2015 - 12:55 PM

Hello boocat and Welcome to the BleepingComputer. :welcome:

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

Are you still with us?

 

The adware is still there.

 

which adware is issues and What adware ?

 

--------------------------------------------------------------------

 

Please do the following.

 

Ensure your external and/or USB drives are inserted during the scan

 

Please be sure to run our tools with administrator rights.

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

---------------------------------------------------------------

 

Not: Please Post the contents of Malwarebytes.Log

 

-------------------------------------------------------------

 

Have a nice day.


Edited by olgun52, 07 February 2015 - 01:02 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 boocat

boocat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:08:53 PM

Posted 07 February 2015 - 11:23 PM

Sorry, I thought I said it was the "Positive Finds Adware".  


"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


#4 boocat

boocat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:08:53 PM

Posted 08 February 2015 - 01:11 AM

I forgot that I had "Hitman Pro" set to run on start-up.  When the reboot occurred and ComboFix was making up the log, 'Hitman' started running and I didn't know how to turn it off.  I panicked and hurried in to the Control Panel, and uninstalled the program.  I hope the log was not ruined.  Sorry.

 

ComboFix did not offer to make a "Recovery Console".

 

Thank you for your help.

 

-----------

 

ComboFix 15-02-02.01 - Catherine 02/07/2015  21:47:27.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8149.6078 [GMT -8:00]
Running from: c:\users\Catherine\Desktop\ComboFix.exe
AV: BullGuard Antivirus *Disabled/Outdated* {EDBB5818-2352-E06B-028A-4E6873B92CC5}
FW: BullGuard Firewall *Disabled* {D580D93D-693D-E133-29D5-E75D8D6A6BBE}
SP: BullGuard Antispyware *Disabled/Outdated* {56DAB9FC-0568-EFE5-383A-751A083E6678}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\CATHER~1\AppData\Local\Temp\7zS185F\HPSLPSVC64.DLL
c:\users\Catherine\AppData\Local\Temp\7zS185F\HPSLPSVC64.DLL
J:\mspaint.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-08 to 2015-02-08  )))))))))))))))))))))))))))))))
.
.
2015-02-08 05:52 . 2015-02-08 05:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-07 10:35 . 2015-02-07 10:37 -------- d-----w- C:\FRST
2015-02-07 10:26 . 2015-02-07 10:26 -------- d-----w- c:\program files\HitmanPro
2015-02-07 10:24 . 2015-02-07 10:34 -------- d-----w- c:\programdata\HitmanPro
2015-02-07 07:24 . 2015-02-07 08:14 -------- d-----w- C:\AdwCleaner
2015-02-06 05:27 . 2015-02-06 05:27 -------- d-----w- c:\program files (x86)\AutoHotkey
2015-01-29 13:14 . 2015-01-29 13:14 140280 ----a-w- c:\windows\SysWow64\BgGamingMonitor.dll
2015-01-29 13:14 . 2015-01-29 13:14 153712 ----a-w- c:\windows\system32\BgGamingMonitor.dll
2015-01-29 13:14 . 2015-01-29 13:14 76624 ----a-w- c:\windows\system32\BGLsp.dll
2015-01-29 13:14 . 2015-01-29 13:14 64336 ----a-w- c:\windows\SysWow64\BGLsp.dll
2015-01-15 00:20 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-15 00:20 . 2014-12-12 05:31 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-15 00:20 . 2014-12-12 05:31 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-15 00:20 . 2014-12-12 05:31 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-15 00:20 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-15 00:20 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-15 00:20 . 2014-12-12 05:07 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-14 02:54 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-14 02:54 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-14 02:54 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-14 02:54 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-14 02:54 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-14 02:54 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-08 05:14 . 2014-07-02 06:40 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-06 00:35 . 2013-12-21 00:17 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2015-02-05 06:45 . 2013-09-18 06:03 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 06:45 . 2013-09-18 06:03 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-29 13:14 . 2014-10-29 15:57 27544 ----a-w- c:\windows\system32\drivers\NSNetmon.sys
2015-01-29 13:14 . 2014-10-29 15:57 321624 ----a-w- c:\windows\system32\drivers\NSKernel.sys
2015-01-15 11:00 . 2013-11-24 23:30 113365784 ----a-w- c:\windows\system32\MRT.exe
2014-12-13 05:09 . 2014-12-18 01:54 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 01:54 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-10 04:21 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 04:21 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 04:21 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 04:21 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 04:21 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-10 04:21 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-10 04:21 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 04:21 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-10 04:20 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 04:20 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 04:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 04:20 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 04:20 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 04:20 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 04:20 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 04:20 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 04:20 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 04:20 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 04:20 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 04:20 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 04:20 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 04:20 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 04:20 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 04:20 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 04:20 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 04:20 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 04:20 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 04:20 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 04:20 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 04:20 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 04:20 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 04:20 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 04:20 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 04:20 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 04:20 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 04:20 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 04:20 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 04:20 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 04:20 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 04:20 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 04:20 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 04:20 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 04:20 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 04:20 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 04:20 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 04:20 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 04:20 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 04:20 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-21 14:14 . 2014-07-02 06:40 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 14:14 . 2014-07-02 06:40 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 14:14 . 2013-11-26 00:13 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-11 03:09 . 2014-12-10 04:21 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 13:51 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 13:51 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 04:21 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 13:51 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 13:51 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 04:20 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-12-06 21:26 220632 ----a-w- c:\users\Catherine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-12-06 21:26 220632 ----a-w- c:\users\Catherine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-12-06 21:26 220632 ----a-w- c:\users\Catherine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\users\Catherine\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"Amazon Music"="c:\users\Catherine\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-12-08 6277952]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]
"iCloudDrive"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" [2014-10-21 43816]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22065760]
"GoogleChromeAutoLaunch_299D1954AA0A9120090187A4A4A95B5A"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-02-04 843592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-05 291096]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2012-04-04 684024]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-16 479232]
"PowerPanel Personal Edition User Interaction"="c:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2012-03-27 350144]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-8 39207112]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2014-9-25 195240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/12/31 10:24;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 hpvision;hpvision;c:\windows\system32\drivers\hp64vision.sys;c:\windows\SYSNATIVE\drivers\hp64vision.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe;c:\program files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AFW;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys;c:\windows\SYSNATIVE\DRIVERS\afw.sys [x]
S1 BdAgent;BullGuard Security Agent;c:\windows\system32\DRIVERS\BdAgent.sys;c:\windows\SYSNATIVE\DRIVERS\BdAgent.sys [x]
S1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys;c:\windows\SYSNATIVE\drivers\BdSpy.sys [x]
S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys;c:\windows\SYSNATIVE\DRIVERS\NSKernel.sys [x]
S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys;c:\windows\SYSNATIVE\DRIVERS\NSNetmon.sys [x]
S2 BsBackup;BullGuard backup service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsBhvScan;BullGuard Behavioural Detection;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [x]
S2 BsCache;BullGuard CODS service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [x]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 RalinkCountryRegion;RalinkCountryRegion;c:\program files (x86)\Ralink\Common\RaCountryRegion.exe;c:\program files (x86)\Ralink\Common\RaCountryRegion.exe [x]
S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [x]
S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys;c:\windows\SYSNATIVE\DRIVERS\afwcore.sys [x]
S3 BdNet;BdNet;c:\windows\system32\DRIVERS\BdNet.sys;c:\windows\SYSNATIVE\DRIVERS\BdNet.sys [x]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO37
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-05 18:09 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-18 21:12]
.
2015-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26 00:20]
.
2015-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26 00:20]
.
2015-02-06 c:\windows\Tasks\HPCeeScheduleForCatherine.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2015-02-04 c:\windows\Tasks\HPCeeScheduleForMichael.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-12-06 21:26 244696 ----a-w- c:\users\Catherine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-12-06 21:26 244696 ----a-w- c:\users\Catherine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-12-06 21:26 244696 ----a-w- c:\users\Catherine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 08:07 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 08:07 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 08:07 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlayErr]
@="{8749448C-D907-45BF-A842-4D3898894AC8}"
[HKEY_CLASSES_ROOT\CLSID\{8749448C-D907-45BF-A842-4D3898894AC8}]
2015-01-29 13:14 251728 ----a-w- c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlayInProgress]
@="{3FFBF330-7839-476B-BE14-2C8597CE11B6}"
[HKEY_CLASSES_ROOT\CLSID\{3FFBF330-7839-476B-BE14-2C8597CE11B6}]
2015-01-29 13:14 251728 ----a-w- c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlaySynced]
@="{C62CF4DB-48CB-4B03-BFD0-30A29125FA49}"
[HKEY_CLASSES_ROOT\CLSID\{C62CF4DB-48CB-4B03-BFD0-30A29125FA49}]
2015-01-29 13:14 251728 ----a-w- c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-30 1425408]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2012-03-30 37888]
"HPSYSDRV"="c:\program files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE" [2008-11-20 62768]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2015-01-29 1360208]
"BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe" [2015-01-29 2935120]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-10-14 12697368]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1783296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.254.254
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
HKLM-Run-Launch LCDMon - c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
c:\program files (x86)\Ralink\Common\RaRegistry.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-02-07  21:58:50 - machine was rebooted
ComboFix-quarantined-files.txt  2015-02-08 05:58
.
Pre-Run: 1,834,704,875,520 bytes free
Post-Run: 1,834,407,428,096 bytes free
.
- - End Of File - - 80D11C3FDB9C40B58121412F5CD45773
5FB38429D5D77768867C76DCBDB35194

"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


#5 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 08 February 2015 - 08:09 AM

Hi boocat,
 
Hitman Pro >> it does not matter. later you can reload the hitman pro.
----

Sorry, I thought I said it was the "Positive Finds Adware"

Ok.
-----------------------------------------------------------------------
 
Agnitum >Outpost Firewall >>Do you use ?
 
************************************************************************************************************************************
 
Step 1:
 
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 2:
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Step 3:
 
Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

Have a nice day

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 boocat

boocat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:08:53 PM

Posted 08 February 2015 - 05:41 PM

Forgot to mention that one thing I discovered earlier this morning was that the computer will no longer take screenshot pictures!  Apparently the adware has shut that down.


"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


#7 boocat

boocat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:08:53 PM

Posted 08 February 2015 - 07:38 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by Catherine at 2015-02-08 14:52:42 Run:1
Running from C:\Users\Catherine\Desktop
Loaded Profiles: Catherine (Available profiles: Catherine & Michael)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1097398926-2456850885-1865351773-1000 -> {487F2C20-3FAF-4BB8-BA5C-3886ED432366} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1097398926-2456850885-1865351773-1001 -> {487F2C20-3FAF-4BB8-BA5C-3886ED432366} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1097398926-2456850885-1865351773-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys;c:\windows\SYSNATIVE\DRIVERS\afwcore.sys [x]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
C:\Users\Catherine\AppData\Local\Temp\7zS185F\hpslpsvc64.dll 
C:\ProgramData\PKP_DLdu.DAT
AlternateDataStreams: C:\Users\Catherine\Desktop\A New Life, La Vita Nuova.mobi:uidStream
AlternateDataStreams: C:\Users\Catherine\Desktop\murder soul survivor.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Catherine\Desktop\South Park commands PC.png:com.dropbox.attributes
EmptyTemp:
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{487F2C20-3FAF-4BB8-BA5C-3886ED432366}" => Key deleted successfully.
HKCR\CLSID\{487F2C20-3FAF-4BB8-BA5C-3886ED432366} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{487F2C20-3FAF-4BB8-BA5C-3886ED432366}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{487F2C20-3FAF-4BB8-BA5C-3886ED432366} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{487F2C20-3FAF-4BB8-BA5C-3886ED432366}" => Key deleted successfully.
HKCR\CLSID\{487F2C20-3FAF-4BB8-BA5C-3886ED432366} => Key not found. 
HKU\S-1-5-21-1097398926-2456850885-1865351773-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{487F2C20-3FAF-4BB8-BA5C-3886ED432366} => Key not found. 
HKCR\CLSID\{487F2C20-3FAF-4BB8-BA5C-3886ED432366} => Key not found. 
HKU\S-1-5-21-1097398926-2456850885-1865351773-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found. 
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.71.2" => Key deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2" => Key deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.
hitmanpro37 => Service not found.
afwcore => Unable to stop service
afwcore => Service deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome DefaultSuggestURL not detected.
"C:\Users\Catherine\AppData\Local\Temp\7zS185F\hpslpsvc64.dll" => File/Directory not found.
C:\ProgramData\PKP_DLdu.DAT => Moved successfully.
C:\Users\Catherine\Desktop\A New Life, La Vita Nuova.mobi => ":uidStream" ADS removed successfully.
C:\Users\Catherine\Desktop\murder soul survivor.png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Catherine\Desktop\South Park commands PC.png => ":com.dropbox.attributes" ADS removed successfully.
EmptyTemp: => Removed 890.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:53:07 ====
 
====================================================================
====================================================================
 
NOTE: I think I may have spoiled the results of this AdwCleaner scan.  I first ran AdwCleaner scan two days ago.  Today's log that appeared after I ran AdwCleaner the second time (here, for you) seems to be the same log from the original scan two days ago.  I am not sure why.  Sorry.
 
 
# AdwCleaner v4.110 - Logfile created 06/02/2015 at 23:26:16
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Catherine - CATHERINE-HP
# Running from : J:\Computer\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
Folder Deleted : C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
Folder Deleted : C:\Users\Catherine\AppData\LocalLow\HPAppData
File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : RunAsStdUser Task
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\PositiveFinds
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v40.0.2214.111
 
[C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2517 bytes] - [06/02/2015 23:24:11]
AdwCleaner[S0].txt - [2464 bytes] - [06/02/2015 23:26:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2523  bytes] ##########
 
 
============================================================
============================================================
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Catherine on Sun 02/08/2015 at 16:15:28.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/08/2015 at 16:17:12.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
========================================
 
Thank you for your help.

"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


#8 boocat

boocat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:08:53 PM

Posted 08 February 2015 - 09:16 PM

Figured out where it came in, I believe.  I did not realize that any malware was bundled into the actual "Terms of Service" part, so I never read that.  I thought it was legal talk only, no adware included.  I thought the unwanted browsers, adware, etc., was on a separate page that came up (like for the Ask.com toolbar)  I got it from the Cheat Engine.org, which is touted as virus-free software, freeware (that I discovered is really paid for by bundled-in adware.)

 

I was trying to get some method of dealing with spamming keys fast enough during video games.  I hoped to be able to slow the game a bit.  I never play with others, always alone.  I am too slow to play with other people.  At 61, I cannot advance beyond a key-spamming requirement, if it cannot be bypassed.  I simply am physically incapable of moving fast enough, long enough.  So I cannot play the game I bought any further and have to try another game.  Wish I hadn't bothered and had simply abandoned that game.


"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


#9 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 09 February 2015 - 05:34 AM

Hi,

 

 Running from : J:\Computer\AdwCleaner.exe  ?? ----> Please download AdwCleaner by Xplode and save to your Desktop

 

Please try run Adwcleaner again. And send the log.

 

--------------------------------------------------------------------------

 

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
C:\Users\Catherine\Setup.X86.en-US_O365HomePremRetail_812fb051-91c7-4a1f-88e2-bc9825ff76c5_TX_PR_.exe
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.


Edited by olgun52, 09 February 2015 - 05:41 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 boocat

boocat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:08:53 PM

Posted 09 February 2015 - 07:09 AM

Ran AdwCleaner again, properly this time (I believe):
=================
 
# AdwCleaner v4.110 - Logfile created 09/02/2015 at 04:00:48
# Updated 05/02/2015 by Xplode
# Database : 2015-02-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Catherine - CATHERINE-HP
# Running from : C:\Users\Catherine\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Catherine\AppData\LocalLow\HPAppData
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v40.0.2214.111
 
 
*************************
 
AdwCleaner[R0].txt - [2517 bytes] - [06/02/2015 23:24:11]
AdwCleaner[R1].txt - [859 bytes] - [07/02/2015 00:12:46]
adwcleaner[r2].txt - [1881 bytes] - [08/02/2015 15:22:18]
AdwCleaner[R3].txt - [1109 bytes] - [08/02/2015 16:42:29]
AdwCleaner[R4].txt - [1230 bytes] - [09/02/2015 03:51:58]
AdwCleaner[S0].txt - [2619 bytes] - [06/02/2015 23:26:16]
AdwCleaner[S1].txt - [924 bytes] - [07/02/2015 00:14:36]
adwcleaner[s2].txt - [1961 bytes] - [08/02/2015 15:22:18]
AdwCleaner[S3].txt - [1160 bytes] - [09/02/2015 04:00:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1219  bytes] ##########
 
=================
Will run Virus Total now.

"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


#11 boocat

boocat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:08:53 PM

Posted 09 February 2015 - 07:17 AM

SHA256: ad11d3825f80d25038c5feaa8432845692893d180ba737f94cc878c9fde7bf6c File name: Setup.X86.en-US_O365HomePremRetail_812fb051-91c7-4a1f-88e2-bc9825... Detection ratio: 0 / 57 Analysis date: 2015-02-09 12:12:13 UTC ( 0 minutes ago )

This was what "VirusTotal" showed, if I did it properly.  Thanks for helping me.


"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


#12 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 09 February 2015 - 02:52 PM

Hi boocat,

 

Thanks for the Logs.

 

Step 1:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Have a nice great.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 boocat

boocat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:08:53 PM

Posted 10 February 2015 - 03:50 AM

Ran the Malwarebytes and there was nothing: "Scan completed successfully! No malicious items were detected!"  I believe all the spyware detectors and antivirus software and firewalls have been turned off (but I could be wrong)

 

Should I have turned off the AdBlock and AdBlock Plus?

 

Will now run the Scan with ESET Online Scan...

 

However, the "Computer Scan Settings" does not say (under "Advanced Settings"):

  • "Scan for potentially unwanted applications"... it says "Scan archives" and "Remove found threats" and the two more that I did check off:
  •  "Scan for potentially unsafe applications" and "Enable Anti-Stealth technology".

I realized that above "advanced settings, it says: 

 

"Enable detection of potentially unwanted applications"  and

 

"Disable detection of potentially unwanted applications"

 

I am checking the box for the "Enable detection of potentially unwanted applications"  because I realize this (I believe) is the

 

equivalent of the apparently unavailable:

  • "Scan for potentially unwanted applications".  I hope I am correct in this assessment.

Edited by boocat, 10 February 2015 - 04:15 AM.

"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


#14 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 10 February 2015 - 10:13 AM

Should I have turned off the AdBlock and AdBlock Plus?

 

No i do not

 

Advanced Settings -->OK.

 

"Enable detection of potentially unwanted applications"
"Disable detection of potentially unwanted applications"

 

 

OK

 

"Remove found threats" --->unticked

 

I am checking the box for the "Enable detection of potentially unwanted applications"  because I realize this (I believe) is the equivalent of the apparently unavailable:

 "Scan for potentially unwanted applications".  I hope I am correct in this assessment.

 

correct

 

Let's now run eset online scanner.


Edited by olgun52, 10 February 2015 - 10:14 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 boocat

boocat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:08:53 PM

Posted 10 February 2015 - 02:36 PM

 ESET Online Scan
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.bak.vir a variant of Win32/BrowseFox.AD potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.bak.vir a variant of Win32/BrowseFox.AD potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\Plugin.exe.vir a variant of Win32/BrowseFox.AF potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\Plugin.exe.vir a variant of Win32/BrowseFox.AF potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5bak\Plugin.exe.vir a variant of Win32/BrowseFox.AF potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8\Plugin.exe.vir a variant of Win32/BrowseFox.AF potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8bak\Plugin.exe.vir a variant of Win32/BrowseFox.AF potentially unwanted application
J:\First Computer backup\APPs\DivXInstaller.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
J:\First Computer backup\APPs\JDast_installer.exe Win32/Packed.Autoit.H potentially unwanted application
J:\First Computer backup\Program Files\JDAST\DataSendAdmin.exe Win32/Packed.Autoit.H potentially unwanted application
J:\First Computer backup\Program Files\JDAST\RequestHelp.exe Win32/Packed.Autoit.H potentially unwanted application
J:\First Computer backup\Program Files\JDAST\Upload_child.exe Win32/Packed.Autoit.H potentially unwanted application

"Writing is rewriting.  Everything else is just typing."  -- Truman Capote





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users